Overview
This Routine Network Monitoring Transparency Report records instances of monitoring and/or inspection of electronic communications that falls outside of the Information Security Office’s published Routine Network Monitoring Practices. When deviations are discovered, the Information Security Office immediately works to remedy the issue, notifies the Privacy Office and the IT Policy Manager, and works in accordance with regulations, policies, and procedures for notification.
With respect to deviations associated with UC’s Threat Detection and Identification (TDI) monitoring platform, all data monitored by the TDI is reviewed and handled in accordance with industry certifications and compliance requirements. Trellix (formerly known as FireEye) is dedicated to ensuring its security products and technologies meet or exceed critical industry certifications and compliance requirements, and is compliant with the UC Electronic Communications Policy. For more information on TDI see: Purposes of a Systemwide TDI Approach | Certifications and Compliance
Routine Monitoring Deviations
Date |
Description |
Data Elements or Traffic Type |
Impacted Resource(s) |
Monitoring Type |
Root Cause |
Resolution |
| 10/20/18 - 02/02/21 |
A small fraction (1-2 seconds per hour) of the unencrypted outbound traffic from the campus network to the Internet is incorrectly being sent to high-security monitoring, resulting in additional monitoring and inspection
|
Unencrypted network traffic |
Random segments of the campus network |
Automated review, plus manual review by (formerly known as FireEye) analysts if a security event is triggered
|
We have traced the root cause to an automated process that runs once an hour to update the monitoring program
|
Implementation of a fix to only run this process when there are changes and not hourly, greatly reducing the volume and frequency of the additional monitoring
|