AHECS SERVICE COORDINATION

INFORMATION SHARING ANALYSIS (ISAC)

The AusCERT provided CAUDIT ISAC provides a Cyber Threat Intelligence service via MISP (Malware Information Sharing Platform). The MISP service may feed information into the AARNet provided SOC.This CAUDIT ISAC initiative is a dedicated threat intelligence sharing group for universities. Members benefit from experienced AusCERT analysts who compile indicators of compromise such as subject headings, attachment names, IP addresses and DNS information regarding known bad actors and activities and provide these to members to mitigate threats in their environment; hence saving time and resources.
Delivered by AusCERT

MONITORING & ALERTING MANAGED SERVICE

Custom MSINs for each members’ organisation, based on member’s IPs and domains. Member Security Incident Notifications (MSINs) are relevant and customised security reports containing notifications for organisations’ domains and IP ranges.
Delivered by AusCERT

DDOS DETECTION

Denial of Service (DDoS) Detection helps defend the AARNet network and connected institutions from malicious cyber attacks. The AARNet Operations Centre is alerted within minutes of a suspected DDoS attack, 24×7. Impacted customers are advised and unwanted traffic is filtered out before it reaches the AARNet network and connected institutions.
Delivered by AARNet

EARLY WARNING SERVICES

1. Availability – early notification of issues affecting ‘public facing’ critical services nominated by the university, such as public websites and learning management systems to be monitored 24×7 by the EWS system. The AARNet Network Operations Centre is alerted when a nominated service at a customer site is not responding or meeting expected performance metrics, allowing teams to respond quickly to DDoS threats and other incidents impacting network availability (provided by AARNet)
Critical security threats – early warning notifications assist in managing security threats to your network. AusCERT monitors malicious activity online and the Early Warning Service provides SMS notifications of any immediate and serious threats relevant to your industry
Delivered by AARNet

MANAGED ACCESS AND EDGE

REANNZ managed edge devices are engineered and configured for high performance, and where required high availability, to meet the specialist needs of the research community when transferring large volumes of data. This offering is called Managed Access and Edge (MAE).
Delivered by REANNZ

MANAGED FIREWALL SERVICE

The REANNZ managed firewall service is designed to meet the specialist performance, protection, visibility and information requirements of members, and the wider research and education community.
Delivered by REANNZ

SCIENCE DMZ

Science DMZ provides a friction-free on-ramp and path across REANNZ and the international research and education network, to facilitate the transfer of large volumes of data, from multi-gigabyte to petabytes and terabytes, all while retaining the integrity of the data.
Delivered by REANNZ

NETWORK SECURITY CONSULTING & ENGINEERING SERVICES

Provision of cost-effective professional advice, reviews, designs and hands on change management for network border edge projects and network security devices. Services follow a defined methodology to review and harden the security posture of the customer’s enterprise, data centre and cloud networks.
Delivered by REANNZ and AARNet

SECURITY OPERATIONS CENTRE (SOC) – IN DEVELOPMENT

Security Operations Centre (SOC) services. Assists universities (and other customers) by providing services which monitor the local environment (network) at an institution for activity based logs and events and incidents, and is able to assist with a range of services including monitoring and alerting, triage and incident response, vulnerability scanning, patch management, and can provide a level of threat intelligence services.
Delivered by AARNet

INCIDENT MANAGEMENT

Proactive and reactive incident response assistance, sourcing relevant information, providing data relevant to member and incident.
Delivered by AusCERT

SECURITY BULLETINS

Consistently formatted feed of bulletins across major platforms and vendors. Members receive exclusive new and relevant security bulletins through email, SMS or RSS alerts along with additional advice. Administrators can tailor Bulletin Feeds to suit members needs, filtering information to specific platforms.
(Two of the Australian Signals Directorate Essential Eight cover vulnerability management.)
Delivered by AusCERT

CERTIFICATE SERVICES

SSL and EV SSL certificates; Personal (S/MIME) certificates; Code signing certificates; IGTF accredited grid certificates for servers and end users; QV Advanced Plus certificates suitable for signing PDF documents.
Delivered by AusCERT

PHISHING TAKE-DOWN

Malware, phishing, spear phishing and whaling incident take down services. Local specialist support through all stages of the incident lifecycle; Analysis of the attack and documentation of artifacts; Automated systems for analyzing and tracking phishing.
Delivered by AusCERT

FEDERATED IDENTITY MANAGEMENT

The Federation is software that provides subscribers with a national single sign-on authentication service. By using the Federation, it enables users to easily access services for collaboration with Australian education and research organisations.
Delivered by AAF

TUAKIRI – TRUST & IDENTITY

Tuakiri provides trusted and secure federated identity and access management services for students, academics, researchers and staff from New Zealand’s research, science, innovation and education sectors to online content.
Delivered by REANNZ