Cybersecurity Services

At the IT Regional Security Operations Center (UT-RSOC), we deliver cutting-edge cybersecurity solutions designed to detect, respond to, and mitigate threats in real time. Our state-of-the-art facility operates 24/7, staffed by experienced security professionals and UT-trained student employees, providing enterprise-grade protection to public sector organizations at no cost.

We combine leading commercial platforms with a suite of internally developed tools and automation frameworks, purpose-built to meet the unique needs of Texas entities. From behavioral AI to passive threat intelligence and custom SOAR playbooks, our technology is built to integrate seamlessly with your existing environment. 

Our services fall into two categories:

  • Lightweight, low-friction services that provide fast, actionable insight with minimal lift.
  • Integrated, infrastructure aware services for deeper visibility and hands-on collaboration.

Whether you're preparing for compliance, defending against attacks, or building long-term cyber maturity, UT-RSOC meets you where you are.

Request Services

rsoc@utexas.edu

Technology Capabilities

  • Splunk SIEM - Log aggregation, correlation, and real-time threat detection
  • Panopticon SOAR - Custom-built automation for alert triage and response workflows
  • Flexible EDR Integration - Works with existing tools (Defender, SentinelOne, Crowdstrike, etc.)
  • Behavioral NDR - Traffic analytics to detect lateral movement and stealthy threats
  • Automated Vulnerability Scanning - Prioritized findings across apps and infrastructure
  • Threat Intelligence Feeds - Curated commercial, open-source, and internal threat data
  • Scalable Cloud Architecture - Built for rapid onboarding and continuous delivery

We meet organizations where they are, no rip-and-replace required!

Dorkbot

Dorkbot 

  • Uses cached public crawl data to detect common web vulnerabilities
  • No active crawling, low friction, zero impact on live services
  • Verified results only, no false positives, no noise

Credmaster

CredMaster
  • Scans dark web for stolen credentials tied to your domain
  • Verifies if exposed credentials are still active before alerting
  • Provides immediate alerts and reports upon confirmed exposure

Gastronaut

Gastronaut
  • Actively crawls sites and application flows to uncover hard-to-find vulnerabilities
  • Leverages an expanded, modern rule set built for real-world application environments
  • Delivers verified, actionable findings through monthly reporting

Scavenger

Scavenger
  • Identifies and alerts on external facing assets vulnerable to exploitation
  • Provides a comprehensive view of exposure to cyber threats
  • Enables proactive risk mitigation and security hardening

Abnormal Security

Abnormal
  • Detects phishing, BEC, and spoofing via behavioral AI
  • Stops advanced email threats missed by traditional filters
  • Integrates directly with Splunk for unified threat visibility 

Integrated/Advanced Services

More involved, highly tailored, and infrastructure-aware.

Endpoint Detection and Response (EDR)

  • We integrate with most commercially available EDR platforms to deliver endpoint visibility, threat detection, and containment

Network Detection and Response (NDR)

  • Passive monitoring via fiber taps; gear provided and case-by-case deployment scenarios

Armis Integration

  • Real-time visibility into IoT, OT and medical devices to detect lateral movement, C2 and early ransomware behavior

Vulnerability Management & Cybersecurity Assessments

  • Ongoing scanning and risk-based prioritization, plus optional cybersecurity training and assessment support aligned with TX-RAMP and other frameworks.

Penetration Testing*

  • Custom engagements based on client need. Currently offered on a limited basis and may involve associated costs.

Cybersecurity Services FAQs

What is the UT-RSOC, and who is eligible for its services? 

The UT Regional Security Operations Center (UT-RSOC) is a university-led cybersecurity team funded by the State of Texas and supported by the Department of Information Resources (DIR). Our services are available at no cost to public sector organizations in Texas — including ISDs, municipalities, councils of government, public universities, and qualifying nonprofits. 

 

I am not located in a region served by the RSOC. Can I still receive services? 

Yes! While our name includes “Regional,” we serve eligible public sector entities across the entire state of Texas. As long as your organization is based in Texas and meets eligibility criteria — like being a school district, municipality, higher ed institution, or nonprofit — we can support you. 

 

What if I’m being served by another RSOC? Can I take advantage of your services also? 

Possibly. We encourage you to reach out to your current RSOC contact and share what you’re looking for. We work closely with other RSOC teams to ensure there’s no overlap and to help every organization access the right tools and support. 

 

What kinds of threats does the UT-RSOC detect and respond to? 

We monitor for phishing, credential compromise, exposed or misconfigured services, suspicious email behavior, lateral movement, command-and-control (C2) activity, and external attack surface risks — all verified before escalation and notification. 

 

What’s the difference between low-friction services and integrated offerings? 

Low-friction services (like Dorkbot, CredMaster, Scavenger, and Gastronaut) require no contract or installation — they’re passive, fast to deploy, and designed to deliver quick wins. Integrated services like NDR, EDR correlation, and Abnormal Security involve deeper deployment, log analysis, or automation and require a little more coordination (and sometimes a contract). 

 

Is there any cost for using RSOC services? 

No. All RSOC services are offered at no cost to eligible Texas public sector organizations, thanks to our partnership with DIR. 

 

Are your services customizable, or do we have to use everything? 

Our services are completely a la carte. You can start with one or two tools — like credential monitoring or email security — and expand over time based on your needs. There’s no one-size-fits-all path. 

 

How do we get started? 

If you’re a Texas public entity, there’s a good chance we’re already supporting you with some of our low-friction services. Send us an email at rsoc@utexas.edu so we can get going! We begin by verifying your Point of Contact (POC), domain name(s), and IP ranges. From there, we make sure alerts are going to the right people and walk you through additional service options that align with your organization’s goals. 

 

Do we need to install anything to use Dorkbot, Scavenger, or CredMaster? 

Nope. These services are completely passive and based on publicly available data — meaning there’s nothing to install or configure on your systems. 

 

What is the Interlocal Contract (ILC), and when is it needed? 

The ILC is a no-cost agreement through the Texas DIR that allows us to provide more advanced services — like NDR, EDR alert correlation, or integration with telemetry from your environment. It’s not required for passive tools but does unlock our full support and deeper visibility offerings. 

 

Can we still use RSOC services if we already have an MSP or MSSP? 

Yes — and in many cases, we complement them. Our goal is to fill gaps, verify alerts, and help reduce your false positives. Whether you’re using Defender, SentinelOne, or a third-party SOC, we’ll meet you where you are. 

 

Do you integrate with EDR tools like Microsoft Defender, CrowdStrike, or SentinelOne? 

Yes. We integrate with a wide range of EDR tools already used across Texas public sector environments. Our services are most mature with widely deployed platforms such as Microsoft Defender, Crowdstrike, SentinelOne, and many others. we continue to expand our capabilities for other EDR solutions as we onboard more partners. If you're using a less common EDR, we're happy to assess compatibility and work with you to determine the best integration path.

 

Will you contact us directly if you see something suspicious? 

Yes. All alerts are reviewed by our team before we reach out, and we only contact you when something is confirmed and actionable. We’ll work with you to establish the right escalation path. 

 

Do you provide reports or dashboards? 

Yes — we can provide monthly reports, summaries of major findings, or ad hoc notifications. 

 

Can we set preferences for alerting and response? 

Definitely. During onboarding, we’ll confirm how you want alerts delivered, who should be notified, and when/how escalation should occur. We can route alerts by district, contact tier, or service. 

 

What’s the difference between Dorkbot and Gastronaut? 

Dorkbot is our passive vulnerability scanner that uses open-source intelligence to find issues in public-facing websites — it’s fast, safe, and verified. Gastronaut is our deeper, active scanner that crawls and tests websites for a wider range of vulnerabilities using advanced crawling and signature matching. 

 

What’s the difference between EDR and NDR? 

EDR (Endpoint Detection & Response) tracks what’s happening on individual devices like laptops and servers. NDR (Network Detection & Response) watches the traffic flowing through your network to detect hidden or lateral threats — even from unmanaged systems. 

 

How is Abnormal Security different from traditional email filtering? 

Abnormal Security uses behavioral AI to detect phishing, spoofing, impersonation, vendor fraud, and linkless email threats. It doesn’t rely on traditional blocklists or keyword filters — and integrates directly with Microsoft 365 or Google Workspace in just 30 minutes. No MX record changes are needed. 

 

Can we see a sample report before signing up? 

Yes. We can share redacted examples of our security findings report, including credential exposures, web vulnerability summaries, attack surface findings, and verified alerts. These samples will give you a clear picture of the format, level of detail, and communication style you can expect from UT-RSOC.

 

Can you help us prepare for TX-RAMP or cybersecurity audits? 

Yes. Our GRC team can support you with policy alignment, audit prep, control mapping, and simulation exercises aligned with TX-RAMP, TAC 202, and the Texas Cybersecurity Framework.