Routine Monitoring Transparency Report


This Routine Network Monitoring Transparency Report records instances of monitoring and/or inspection of electronic communications that falls outside of the Information Security Office’s published Routine Network Monitoring Practices. When deviations are discovered, the Information Security Office immediately works to remedy the issue, notifies the Privacy Office and the IT Policy Manager, and works in accordance with regulations, policies, and procedures for notification. 

With respect to deviations associated with UC’s Threat Detection and Identification (TDI) monitoring platform, all data monitored by the TDI is reviewed and handled in accordance with industry certifications and compliance requirements. Trellix (formerly known as FireEye) is dedicated to ensuring its security products and technologies meet or exceed critical industry certifications and compliance requirements, and is compliant with the UC Electronic Communications Policy. For more information on TDI see: Purposes of a Systemwide TDI Approach | Certifications and Compliance

Routine Monitoring Deviations



Data Elements or Traffic Type

Impacted Resource(s)

Monitoring Type

Root Cause


10/20/18 - 02/02/21
A small fraction (1-2 seconds per hour) of the unencrypted outbound traffic from the campus network to the Internet is incorrectly being sent to high-security monitoring, resulting in additional monitoring and inspection
Unencrypted network traffic

Random segments of the campus network

Automated review, plus manual review by (formerly known as FireEye) analysts if a security event is triggered
We have traced the root cause to an automated process that runs once an hour to update the monitoring program
Implementation of a fix to only run this process when there are changes and not hourly, greatly reducing the volume and frequency of the additional monitoring