What are you looking for?

Improved accessibility mode

SURF strives for a website that is accessible to everyone. We are working on a full accessibility mode.

SURFsoc

Increase your institution's detection capability

SURFsoc monitors, among other things via a SIEM system, cyber threats and possible attacks on the institution's infrastructure. This increases your institution’s detection capacity. The knowledge we gain within SURFsoc is shared with all institutions on the SURF network, to jointly strengthen information security in education and research.
View SURFsoc's technical information
2 personen luisteren aandachtig

Advantages

Proactive and advanced security approach

It combines endpoint detection, network monitoring and threat intelligence with the expertise of security specialists.

Managed Detection & Response

The service consists of a SIEM (Security Information and Event Management) system – providing 24/7 monitoring of your IT infrastructure – and a SOC (Security Operations Center). Together, these form the Managed Detection & Response service.

Automatic response to cyber incidents

Where possible and desired, automatic mitigation can take place, allowing proactive intervention in the event of a cyber incident.

In collaboration with DTX - DEFION Security

SURF provides this service in collaboration with DTX - DEFION Security.

Have a question about SURFsoc? Get in touch.

portrait of Alexander Wisse

Alexander Wisse

n.v.t.
alexander.wisse@surf.nl

About SURFsoc

SURFsoc collects log data from various sources in the institution's infrastructure and analyses it to identify attacks and suspicious behaviour so that you can take targeted action. It also monitors all systems in conjunction: suspicious traffic in one system is therefore more easily recognised in another. In this way, you increase your detection capacity as an institution.

Components SURFsoc

  • Security Operating Centre (SOC): in the SOC, security specialists analyse the data of institutions 24/7 to detect cyber threats and attacks and inform customers of SURFsoc in the event of an incident.
  • Security Incident and Event Management (SIEM) collects log data from the institution's (cloud) network infrastructure and analyses it automatically.
  • Network Detection and Response (NDR) inspects network traffic for suspicious behaviour.
  • Endpoint Detection and Response (EDR): alerts can be linked to the SIEM as a log source. 

Stronger together

SURFsoc works across institutional boundaries with a central security operations centre, allowing it to detect threats even better. In case of suspicious traffic at one institution, the networks of all other institutions are also analysed for that type of traffic. In addition, the knowledge about cyber threats, possible attacks and intrusions on the ICT infrastructure of member institutions is available not only to the customers of SURFsoc, but also to all institutions connected to the SURF network. This is how we work together to strengthen our position in information security.

More information

You can find more (technical) information on the wiki.

To the wiki

Read more about SURFsoc