...
In addition to the use of Qualysguard for vulnerability management of production systems, the NCSA Incident Response and Security Team performs active threat hunting on the entire NCSAnet to detect misconfigurations, system that are not compliant with University policies, and general system weaknesses. The goal goals of this program are (1) to detect issues more broadly than just on for all networked assets and (2) to investigate more deeply than simple checklists for NCSA's most critical infrastructure.
...
We all have a shared responsibility to protect the systems and data we are responsible for and to follow NCSA and University policies and standards. Recognizing that hunting against systems may sometimes be disruptive, NCSA IRST take IRST takes extra precautions when hunting from privileged positions from inside the NCSAnet (such as limiting scan rates and carefully monitoring for disruptions). Furthermore, NCSA IRST will inform system owners before any directed or manual penetration testing to help avoid tests at during a critical operational window, though such testing will not generally perform any actions that a malicious threat on the Internet could not do at any time. And if one of the automated scans is causing disruptions IRST will work with service operator to mitigate the effects and prevent future problems.
It is also everyone's responsibility to report security incidents. If you believe your system is being attacked please follow NCSA Incident policiesprocedures, regardless if you think it might be a NCSA IRST system scanning or attacking. https://wiki.ncsa.illinois.edu/x/l5BgAQ Even if it turns out not to be a real attacker, it demonstrates organizational responsiveness.
...