Network Security Monitoring, Alerting, and Analysis
Network Security Monitoring, Alerting, and Analysis Services are core security Services designed to monitor the State networks for intrusions and Cyber attacks, as well as alert the proper State authorities so that countermeasures can be taken. The Security Information Event Management (SIEM) system applications and associated hardware and licenses currently provide Customers network security monitoring for all external facing network and security devices (e.g., firewalls and Intrusion Detection Systems).
As part of the comprehensive network security monitoring Services, DIR provides an incident response capability to protect the DIR NSOC, ESecS, and other related security services infrastructure. DIR also provides comprehensive Security Incident event management analysis, subject matter expertise, practices, and capabilities in accordance with the appropriate 1 TAC Chapter 202 and NIST guidelines. DIR also provides processes, procedures, tools, resources, and other capabilities, as necessary, to detect, respond, and report security incidents/breaches related to contracted Services.
These Services are offered by DIR to its Customers and are intended to meet the protection of State networks as mandated by TGC 2059. DIR retains authority and primary responsibility for Customer interface and scheduling and receives, approves, and forwards all formal Deliverables (e.g., format, content, periodicity, and delivery medium) to its Customers.
The cost of this service is covered by the fees customers pay for TEXAN services. However, the customer must request this service which is then covered by a no cost Inter Agency Contract between the customer and DIR.
When monitoring outward-facing (public) security devices only event/syslog information is utilized and no agency data monitored or transmitted, nor are any devices managed by DIR.
A typical customer set up looks like the following:
Once a customer is set up they will be covered 24x7 and provided a customer specific access to their SIEM portal. Additionally, automated reports are delivered by e-mail as well as daily and monthly summaries. Also, dedicated security analysts will provide phone and e-mail alerts and aid in mitigating security incidents.
For more information, please contact SIEM@dir.texas.gov.