...
Panel |
---|
Document Name: NCSA Cyber Threat Hunting Program Approved: pending IIB approval |
Purpose
In addition to the use of Qualysguard for vulnerability management of production systems, the NCSA Incident Response and Security Team performs active threat hunting on the entire NCSAnet to detect misconfigurations, system that are not compliant with University policies, and general system weaknesses. The goals of this program are (1) to detect issues more broadly for all networked assets and (2) to investigate more deeply than simple checklists for NCSA's most critical infrastructure.
...
The security team is not the owner of risks, and sometimes neither is the system operator. When problems are identified that are not simple policy compliance, IRST will make recommendations for remediation. For simple issues this may just be a single ticket, and for more complex issues it may require meetings and a remediation plan from the service operator. Significant risks will also be raised to the Security Office when the attention of senior management is appropriate.