Want to know what the SURFsoc/SIEM service includes? Check out the demo.
SURFsoc
Increase your institution's detection capability
SURFsoc monitors cyber threats and possible attacks on the institution's infrastructure, including via a SIEM system. This increases your institution's detection capacity. We share the knowledge we gain within SURFsoc not only with the institutions that purchase this service, but with all institutions connected to the SURF network. That way, together, we increase information security within education and research.
Advantages
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) is the largest component of SURFsoc's service: it monitors your institution's ICT infrastructure and identifies suspicious behaviour.
In collaboration with FoX-IT
SURF provides this service in collaboration with supplier Fox-IT, one of the biggest market players in this field.
Have a question about SURFsoc? Get in touch.
Alexander Wisse
Telefoonnummer
E-mail
About SURFsoc
SURFsoc collects log data from various sources in the institution's infrastructure and analyses it to identify attacks and suspicious behaviour so that you can take targeted action. It also monitors all systems in conjunction: suspicious traffic in one system is therefore more easily recognised in another. In this way, you increase your detection capacity as an institution.
Components SURFsoc
- Security Operating Centre (SOC): in the SOC, security specialists analyse the data of institutions 24/7 to detect cyber threats and attacks and inform customers of SURFsoc in the event of an incident.
- Security Incident and Event Management (SIEM) collects log data from the institution's (cloud) network infrastructure and analyses it automatically.
- Network Detection and Response (NDR) inspects network traffic for suspicious behaviour.
- Endpoint Detection and Response (EDR): alerts can be linked to the SIEM as a log source. Analysis by the SOC on these is currently still limited.
Stronger together
SURFsoc works across institutional boundaries with a central security operations centre, allowing it to detect threats even better. In case of suspicious traffic at one institution, the networks of all other institutions are also analysed for that type of traffic. In addition, the knowledge about cyber threats, possible attacks and intrusions on the ICT infrastructure of member institutions is available not only to the customers of SURFsoc, but also to all institutions connected to the SURF network. This is how we work together to strengthen our position in information security.
Demo SURFsoc/SIEM services
Lees hier praktijkverhalen van gebruikers van SURFsoc
-
Erasmus University Rotterdam (EUR) was one of the first institutions to join SURFsoc in 2021. The immediate reason for this was the hack in late 2019 at Maastricht University. How can we prevent such a thing, was the question immediately asked at the Rotterdam university.
Case study -
During cybersecurity month, SURF publishes a special edition of the Cyber Threat Assessment. It offers educational and research institutions valuable insights from the past ten editions. The report…
News -
Who or what is SURFcert and how does it benefit your institution? Below are the most frequently asked questions and, of course, the corresponding answers.
Article
