Text Only Version

Security Operations Center

The Security Operations Center, or SOC, is the nucleus of the UGA intranet and Internet security operations, providing continuous protection, detection and response capabilities against threats, remotely exploitable vulnerabilities and real-time incidents on the UGA network.

The SOC, managed by the Office of Information Security, monitors UGA's security systems, services and devices and the core infrastructure of the UGA network, expertly analyzing critical events as they happen.

With centrally managed anti-virus software, intrusion-prevention systems (IPS), and firewalls, the SOC combines all the fundamental components of an excellent security system into a productive, real-time analysis center. The output? A logical picture of the security health of the network and instant response to critical issues and vulnerabilities.

The SOC integrates security and network event information, giving security and operations staff necessary critical data to make informed decisions within a zero-day response window.

Overview

The UGA Security Operations Center (SOC):

  • Performs real-time monitoring and management of firewalls, intrusion detection systems, intrusion prevention systems, virtual private networks, patch management, asset management and other security products
  • Enhances the institution's information security posture through continuous monitoring and management, expert analysis of log data, and immediate response to potential security threats
  • Provides rapid resolution of security problems from the security operations center
  • Offers the institution a real-time view of the enterprise security posture
  • Ensures optimal protection of mission-critical assets by providing analysis and commentary needed to adjust defenses against emerging attacks
  • Protects existing UGA technology investments

Functions:

  • Risk Management
  • Security Information Management System (SIMS)
  • Vulnerability Scanning (tactical scanning, targeted scanning and differential scanning)
  • Sniffing/Data Forensics
  • Command Console (Intrusion Prevention System, Intrusion Detection System, IT-Sec Dashboard)
  • Top-Talkers Reporting and Response
  • Centrally Managed AV/FW/IDS
  • Patch Management
  • Asset Tracking and Recovery