How does Network Security Monitoring work?
The network traffic is monitored and analyzed in two primary ways:
- DIR's full-time staff of security analysts monitor network traffic utilizing a suite of security tools to identify anomalous traffic.
- DIR utilizes a Security Information Management (SIM) system application to monitor the same suite of security tools.
How do I sign up for Network Security Monitoring?
All current customers of DIR Internet services receive network security monitoring services.
What are Network Security Alerts?
DIR network security analysts provide timely and actionable alerts if any suspicious traffic is identified using our in-house monitoring tools or via an outside intelligence source. Network security alerts are sent to your Information Security Officer (ISO) and any other team members so designated by our ISO. If you would like additional staff to receive these alerts, please have your ISO or designee contact the
NSOC Help Desk.
Are Network Security Alerts entered into the new system of record, Archer?
Yes, any security alert sent to you by DIR will be pre-populated with the Indicators of Compromise (IOC) that were identified in creating the alert.
How do I get in touch with Network Security Analysts?
Contact the NSOC Help Desk at 1-512-633-6050 or toll-free at 1-888-839-6762 or via
email.
Are there additional Network Security Services?
Network security monitoring services can also be configured to receive feeds from any customer's external-facing network or security device (e.g., firewalls, intrusion prevention systems). If you are interested in signing up for this free service contact the
NSOC Help Desk.
What organizations are eligible to receive DIR's Network Security Services?
Agencies and entities, as defined by
TGC 2059, that are eligible to subscribe to DIR's Internet service also receive DIR network security monitoring services. TGC 2059 also defines the following "special districts" as eligible customers:
- School districts,
- Hospital districts,
- Water districts, or a
- District or special water authority, as defined by
Section 49.001, Water Code.
In addition to DIR's duty under TGC 2059 to provide network security services to state agencies, DIR may, by agreement, provide these services to
- Each house of the legislature;
- An agency that is not a state agency, including a legislative agency;
- A political subdivision of this state, including a county, municipality, or special district; and
- An independent organization, as defined by
Section 39.151, Utilities Code.
How does the Network Security Monitoring occur?
A connection is made from your agency firewall/IPS device that allows security information (such as via syslog) to be sent to DIR, where a team of full-time security analysts monitor and analyze the information.
How do I receive Network Security Alerts?
DIR will notify you via email if any anomalous activity indicates your network is under attack or if you request assistance in analyzing or documenting security events.
Would DIR have to "punch" a hole into my network's primary defense in order to perform Network Security Monitoring?
No. The only connection made is from your firewall/IPS device(s), which allows DIR to monitor syslog information.
Does DIR look at client data during Network Security Monitoring?
No, DIR only examines the organization's external network during monitoring and does not look at client data. The client (the agency customer) is responsible for monitoring its internal network.
Does Network Security Monitoring consume much of my network's bandwidth?
Very little bandwidth is used during network security monitoring. You should notice very little change, if any, in the bandwidth being used.
Are there report generation capabilities through the service?
Reports can be generated daily, weekly, and monthly to provide timely, historical insight to the amount and types of activity on your external network.
Is there a cost for the Network Security Monitoring service?
There is no cost for using the service at this time; it is provided to you as a customer of the state network .