SURF Security Operations Centre takes off

SURF launches the SURF Security Operations Centre (SURFsoc). This will enable SURF to further expand its services in the field of information security. The universities have taken the initiative.
ondertekening surfsoc

Michiel Borgers (UM - chairman steering group), Christian Prickaerts (Fox-IT) en Hans Louwhoff (SURF)

The aim of SURFsoc is to improve security against cyber threats and to prevent possible attacks on the IT infrastructure of all the institutions connected to the SURF network.


IT is increasingly part of primary processes within educational and research institutions and a disruption in availability or reliability has a major impact. The expertise to properly secure these processes is scarce and is becoming increasingly specialised, and the cyber threat is constantly increasing. Partly as a result of the serious ransomware attack on Maastricht University during Christmas of 2019, the urgency arose to expand services.

Question bundling

SURF, the IT cooperative for education and research, provides the SURFsoc service. Education and research work closely together in the Netherlands and have brought together many IT services within SURF. "As a cooperative, we steer on demand. We bundle the wishes of the entire education and research sector, then explore the possibilities and develop a service that is relevant to all members. SURFsoc is a wonderful example of this," says Hans Louwhoff, COO SURF.

Working together and sharing knowledge

SURFsoc is the central contact point for all educational and research institutions affiliated to SURF that wish to make use of SURF's cyber security services. Michiel Borgers, CIO of Maastricht University and chairman of the steering group on behalf of the research universities and the universities of applied sciences: "Cooperation and knowledge sharing are important pillars in all areas of education and research. Also in the field of cyber security. These two pillars are therefore firmly anchored in SURFsoc. We are proud that we were able to realise this a year after the incident at Maastricht University."

New services: Security Incident and Event Management (SIEM)

SIEM is an important part of SURFsoc and provides 24/7 monitoring of institutions' IT infrastructure, identifies threats, and advises institutions in the event of infringements on actions to mitigate the risks. SIEM then shares this information on a sector-wide basis, which means that other institutions are also quickly informed of threats that arise. This helps institutions to strengthen their information security. SIEM was awarded to Fox-IT after a tender procedure.

Inge Bryan, managing director for Fox-IT (part of the NCC Group in Europe): “SURFsoc is a forward-thinking example of how industry-wide bodies, individual institutions and security teams can work together to improve the resilience of entire sectors and we are proud to be providing our expert services in support of this mission. “This combination of ongoing knowledge-sharing and 24/7 threat intelligence-gathering is a model that will not only increase the resilience of individual educational institutions, but will be at the forefront of educational security around the world in the years to come.” 

Expansion of existing services SURFcert

The existing services of SURFcert will also be expanded within SURFsoc. SURFcert will provide additional services in the area of knowledge sharing and vulnerability scanning.

More information about SURFsoc, please visit: