Local Implementation
- Can locations add rules for their location?
- Does our local security staff have access to the threat detection and identification system?
- Do location analysts have access to all components at that location (sensor, collector and command post)?
- My location already has a TDI system installed and it has been proven to work. Isn’t the new systemwide technology duplicative and unnecessary?
- I’ve heard that the new system may actually harm my campus’s security posture, not help. Is this true?
- Will the knowledge and experience of our local security staff be used?
Can locations add rules for their location?
Yes. Authorized analysts can work with the vendor to add additional rules to help protect their location.
Does our local security staff have access to the threat detection and identification system?
Yes. Security analysts at each location are authorized to access metadata and alerts for that location.
In addition, those analysts help other locations by helping to feed intelligence and tune alert processes to maximize UC’s total benefit.
Location security staff also have access to the vendor and to UC systemwide security analysts.
Do location analysts have access to all components at their respective locations (sensor, collector and command post)?
Location analysts have access to all three components based on assigned roles.
The threat detection and identification system uses role based access control. This allows analysts to see only those items that are needed to perform their respective assigned jobs.
My location already has a TDI system installed and it has been proven to work. Isn’t the new systemwide technology duplicative and unnecessary?
No. While it is true that the new system provides some of the same functionality as that currently deployed at some locations, it offers important new capabilities, including:
- A systemwide view of the threat landscape and related metrics. Metrics are important for informing governance, prioritization, and investment.
- Enhanced speed for systemwide detection of and response to externally identified threats, and increased opportunity to thwart attacks.
- Increased probability that UC spots attacks that affect more than one location.
- The ability to quickly implement systemwide detection based on the expertise and threat intelligence from one UC location. The intelligence then immediately feeds into TDI and benefits all locations. Access across the system to threat intelligence from multiple national and international sources, including law enforcement, integrated through a single platform.
TDI also contributes to a sound defense in depth strategy. Defense in depth is important in modern cyber defense because of the asymmetric advantage afforded to attackers (attackers need only one way in, defenders must protect all entrance points.)
Ultimately we are all part of the University of California. Because of UC’s increasing reliance on technology, the vital role technology plays in collaboration, and our continuing obligation to protect personal and other sensitive information against unauthorized access and disclosure, we have a shared interest in protecting our cyber resources. The impact of cyberattacks and other major security incidents is felt not only at the locations where they occur but across the entire UC system. Failure to implement appropriate safeguards can result in harm to individual faculty members, staff, students, and others. It can also impact our ability to secure grants and other awards from federal and industry sponsors, result in regulatory enforcement and significant financial penalties, and damage the University’s reputation.
I’ve heard that the new system may actually harm my campus’s security posture, not help. Is this true?
Some individuals have argued that by storing logs and other data, the security system itself will enable hackers or others to access private information. However, this is not the case. Security tools and data are part of managing information security risk. Just like any technology, TDI requires a secure and correct deployment. The implementation of TDI takes this into account. When correctly used, security tools benefit, rather than harm, security posture.
Will the knowledge and experience of our local security staff be used?
Yes. One of the many advantages of a systemwide approach is that local expertise can be leveraged across all locations.
The technical capabilities of UC’s security professionals are exceptional and TDI will help leverage these capabilities for systemwide benefit.