Frequently Asked Questions - ISO Services

Common questions about The Information Security Office service offerings

Who Can Access EDR Data?

Only authorized Information Security Office (ISO) and EDR vendor analysts can review security alerts. Data access follows strict campus policies and privacy guidelines.

What’s the simple version of how EDR Data Collection Works?

The software collects system activity data, primarily keeping it on your computer. Data is sent for analysis only if a security issue is detected and all handling follows strict privacy policies. Any security-related data is reported to Berkeley’s Privacy Office, and false alarms result in immediate data deletion.

Normal Process:

The software continuously documents recent system activity, like websites visited, names of files opened, and network connections. Data is stored on your computer for about 10 minutes, constantly updating as new activity replaces old...

What Data Does EDR Collect?

EDR monitors system activity, such as running processes, network connections, and security alerts. It does not track personal browsing habits, private files, or non-work-related activity. When a security alert is triggered, EDR captures info on:

Applications running

Web sites visited

File activity, such as downloads

Processes running on the machine

How does EDR work?

EDR runs seamlessly in the background while you do your regular work. It uses real-time information and machine learning to detect, contain, and respond to threats quickly to stop further damage.

Who do I contact for help with Endpoint Detection & Response (EDR)?

For questions or issues with this installation, email endpoint-security@security.berkeley.edu

How do I request a security exception for RHEL7 EOL?

Exceptions will only be approved if there is a valid reason why the system cannot be upgraded and remediation steps such as obtaining extended support, EDR clients, and network firewalls have been put in place (these are just examples and not an exhaustive list). Submit a security exception as early as possible, to allow time to implement mitigations needed before End of Life. More information on exception requests here

What should I do to prepare for Red Hat Enterprise Linux 7 end of life?

Upgrade to a supported operating system. Red Hat Enterprise Linux (RHEL) subscriptions are available for departments who have a large number of systems and wish to migrate to RHEL8 or RHEL9 and manage their own RHN organization instance. Software download location and links to installation instructions will be provided with delivery of access keys. Contact unix-tickets@berkeley.edu(link sends e-mail)(link sends e-mail) to request access.

Remove or...

How do I register P4 workstations as Protected Data Applications in Socreg?

Please see Instructions for Registering P4 Workstations in Socreg for step-by-step instructions.

How does the rVPN monitoring differ from that of the normal VPN?

The normal VPN has only minimal traffic monitoring beyond information about logins. In comparison, the Restricted VPN monitors all traffic as it exits the VPN and employs the vulnerability, anti-spyware, AV, file monitoring, and threat detection and blocking features of the Palo Alto firewalls.

What can I do to prepare for an OS upgrade?

Begin by backing up your files. You can do this to a local device or move your data from the computer to servers or cloud-based platforms. Please note that location is dependent on the protection level of the data you have: UC P1 and UC P2/P3 data can be stored on Google Drive and Box. UC P4 data may only be stored on Calshare Confirm that any software (outside of the standard MS Office, Chrome, Adobe Acrobat) is...