Uninett supplies a sensor/server that is physically placed with the customer. This contains a continuously updated ruleset – so-called signatures. This solution analyzes incoming and outgoing traffic. Traffic that matches signatures will send out alarms to Uninett’s Log Analysis system. Matching of signatures can indicate unwanted security incidents. All other «normal» traffic that doesn’t provide a matching signature will not be logged.
The customer itself has access to all alarms and logs generated by the system and decides who else should have access via Uninett’s Log Analysis system. The customer also has full access to the applicable ruleset.
Uninett has a cooperation agreement with Mnemonic. The agreement specifies that Mnemonic shall share its updated ruleset in exchange for receiving anonymized data from Uninett.
NorCERT has a similar system for such sensors (VDI), and Uninett is examining a variety of options for cooperating with NorCERT. The goal is to incorporate rules developed by NorCERT on Uninett’s sensors, and ensure that hits on NorCERT’s rules are logged. NorCERT is Norway’s national center for dealing with serious data attacks against socially critical infrastructure and information. Cooperation with NorCERT will better enable the college and university sector to discover such attacks.
Security Analysis is available to all of Uninett’s customers. Those that do not alrerady use the quality measurement service (measuring pole) should expect a somewhat longer delivery time.
The service has a fixed maintenance window every Tuesday between 10:00 and 11:00. The window will mainly be used if there is a need for upgrades or reboots as a result of security updates and which can cause noticeable operational disruptions. Such changes will be made in this window without further notice. The service can be experienced as unstable during this period.
Dialogue with the university and college sector and prioritization of work around the service will be taken care of by joint prioritization councils for networks and online services.
For state-run universities and colleges, this service is an integral part of the basic services. Other customers are billed with a start-up cost and an annual fee for operations and further development.
The price for this service is specified
The price for this service is specified in advance as mentioned in the framework agreement.
Get Security Analysis
Security Analysis makes use of Uninett’s Log Analysis service for storing and analyzing logs. This does not generate any cost in the Log Analysis.
This service requires being connected to the research network – that is, your company must use Uninett as its Internett service provider.
Security Analysis also requires being logged into Feide.
The service is monitored 24/7. The service enclosure represents an Operational
Level Agreement (OLA) between Uninett and your company.
Uninett provides technical support for the company’s IT department.