IT Security Banner and Tagline 
Skip Navigation LinksFrequently Asked Questions > Security FAQs > Network Monitoring

Network Monitoring FAQs 

1. What is Network Security Monitoring?
2. How does it work?
3. Who can participate in the program?
4. How does the monitoring occur?
5. Is there contact with these analysts?
6. Would DIR be "punching" a hole into my primary defense in order to do the monitoring?
7. Does DIR look at client data during this monitoring?
8. Does the monitoring of data take up much bandwidth?
9. Are there report generation capabilities?
10. Is there a cost for this service?

1. What is Network Security Monitoring?

It is a core security service designed to monitor the network for cyber attacks and suspected intrusions, as well as alert the appropriate responsible authorities so that countermeasures can be taken.

2. How does it work?

It works by using a Security Information Management (SIM) system application that monitors for all external-facing network and security devices (e.g., firewalls and Intrusion Prevention Systems) that are currently provided to subscribing Customers.

3. Who can participate in the program?

All state agencies and eligible DIR Customers as defined by TGC 2059.

Other DIR eligible Customers are defined as:
(a), a "special district" meaning:
(1) a school district;
(2) a hospital district;
(3) a water district; or
(4) a district or special water authority, as defined by Section 49.001, Water Code.
(b) In addition to the department's duty to provide network security services to state agencies under this chapter, the department by agreement may provide network security to:
(1) each house of the legislature;
(2) an agency that is not a state agency, including a legislative agency;
(3) a political subdivision of this state, including a county, municipality, or special district; and
(4) an independent organization, as defined by Section 39.151, Utilities Code.

4. How does the monitoring occur?

A connection is made from your agency firewall/IPS device that would allow security information (such as via syslog) to be sent to DIR where two full time analysts monitor and analyze the information.

5. Is there contact with these analysts?

The analysts will only notify you if any anomalous activity indicates your network is under attack or if you request assistance in analyzing or documenting security events.

6. Would DIR be “punching” a hole into my primary defense in order to do the monitoring?

No. DIR would not be “punching” a hole into a primary defense. The only connection is the one made from your firewall/IPS device(s) that allows for syslog information to be monitored.

7. Does DIR look at client data during this monitoring?

No. DIR does not look at client data during the analyzing and only monitors the external network. The client is responsible for monitoring their internal network.

8. Does the monitoring of data take up much bandwidth?

Very little bandwidth is used. A client should notice very little, if any, change in the bandwidth being used.

9. Are there report generation capabilities?

Reports can be provided daily, weekly and monthly to provide timely, historical insight to the amount and types of activity on your external network.

10. Is there a cost for this service?

There is no cost for using the service at this time.