The GÉANT SOC team provide the CERT function to secure the logical and physical infrastructure of the GÉANT network and all data crossing the network, responding to network security incidents and mitigating breaches, weaknesses and risks. Specifically, this relates to the prevention, detection, reporting, and mitigation of incidents targeting the GÉANT network infrastructure.
Of the potential hundreds of events detected each month, a percentage requires the GÉANT SOC team to work with CERTs (also known as CSIRTs) from among the national research and education networking (NREN) organisations, and in certain cases, international teams. This work covers investigating the incident, recommending and supporting the network integrity.
GÉANT SOC’s role includes monitoring systems for malicious events and taking proactive measures to ensure systems are not compromised. The GÉANT SOC team also assists NRENs and their associated CSIRTs to mitigate or to recover from incidents affecting the GÉANT network and/or targeting or originating from NRENs. GÉANT SOC is actively engaged in the European and international CSIRT community, which shares data and experiences, and is a member of TF-CSIRT, Trusted Introducer, and FIRST.