Threat Detection & Identification
Threat Detection and Identification (TDI) allows the UCLA IT Security Office to receive alerts regarding malicious traffic observed within the following networks across campus. These alerts are the product of FireEye Network, Email, and Host Security detection appliances. The alerts generated by the appliances are then investigated and triaged by the FireEye and UCLA IT Security team and is then dispositioned to the relevant campus unit for remediation.
Using automated technology, the service focuses on threat identification and looks for signs that a system may have been compromised. Upon threat detection, the ecosystem provides an alert including relevant data about the attack. This evidence includes a limited amount of detail related to the attack to help investigate the threat.
Reporting – Each alert is investigated by FireEye, and is then provided to the UCLA IT Security Office as an Incident report. The IT Security Office validates the alert and notifies the relevant campus IT unit for remediation.
Remediation Guidance – The IT Security Office will assist units in interpreting the security alert and providing best practices for remediating the affected system.
This service is provided at no cost to campus.
- Scanning via network-based authenticated and non-authenticated scanning
- Virtual private scanners can be deployed to scan non-public IP space
- Qualys Cloud Agent can be deployed on systems for additional efficacy in vulnerability assessment and easier tracking
All Campus Units automatically receive the benefits of TDI.
Questions about TDI can be directed to [email protected]