Increase your institution's detection capability

SURFsoc monitors cyber threats and possible attacks on the institution's infrastructure, including via a SIEM system. This increases your institution's detection capacity. We share the knowledge we gain within SURFsoc not only with the institutions that purchase this service, but with all institutions connected to the SURF network. That way, together, we increase information security within education and research.
2 personen luisteren aandachtig


Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) is the largest component of SURFsoc's service: it monitors your institution's ICT infrastructure and identifies suspicious behaviour.

In collaboration with FoX-IT

SURF provides this service in collaboration with supplier Fox-IT, one of the biggest market players in this field.

Have a question about SURFsoc? Get in touch.

portrait of Alexander Wisse

Alexander Wisse


About SURFsoc

SURFsoc collects log data from various sources in the institution's infrastructure and analyses it to identify attacks and suspicious behaviour so that you can take targeted action. It also monitors all systems in conjunction: suspicious traffic in one system is therefore more easily recognised in another. In this way, you increase your detection capacity as an institution.

Components SURFsoc

  • Security Operating Centre (SOC): in the SOC, security specialists analyse the data of institutions 24/7 to detect cyber threats and attacks and inform customers of SURFsoc in the event of an incident.
  • Security Incident and Event Management (SIEM) collects log data from the institution's (cloud) network infrastructure and analyses it automatically.
  • Network Detection and Response (NDR) inspects network traffic for suspicious behaviour.
  • Endpoint Detection and Response (EDR): alerts can be linked to the SIEM as a log source. Analysis by the SOC on these is currently still limited.

Stronger together

SURFsoc works across institutional boundaries with a central security operations centre, allowing it to detect threats even better. In case of suspicious traffic at one institution, the networks of all other institutions are also analysed for that type of traffic. In addition, the knowledge about cyber threats, possible attacks and intrusions on the ICT infrastructure of member institutions is available not only to the customers of SURFsoc, but also to all institutions connected to the SURF network. This is how we work together to strengthen our position in information security.

Demo SURFsoc/SIEM services

Want to know what the SURFsoc/SIEM service includes? Check out the demo.

More information

You can find more (technical) information on the wiki.

To the wiki