At the IT Regional Security Operations Center (UT-RSOC), we deliver cutting-edge cybersecurity solutions designed to detect, respond to, and mitigate threats in real time. Our state-of-the-art facility operates 24/7, staffed by experienced security professionals and UT-trained student employees, providing enterprise-grade protection to public sector organizations at no cost.
We combine leading commercial platforms with a suite of internally developed tools and automation frameworks, purpose-built to meet the unique needs of Texas entities. From behavioral AI to passive threat intelligence and custom SOAR playbooks, our technology is built to integrate seamlessly with your existing environment.
Our services fall into two categories:
- Lightweight, low-friction services that provide fast, actionable insight with minimal lift.
- Integrated, infrastructure aware services for deeper visibility and hands-on collaboration.
Whether you're preparing for compliance, defending against attacks, or building long-term cyber maturity, UT-RSOC meets you where you are.
Request Services
Technology Capabilities
- Splunk SIEM - Log aggregation, correlation, and real-time threat detection
- Panopticon SOAR - Custom-built automation for alert triage and response workflows
- Flexible EDR Integration - Works with existing tools (Defender, SentinelOne, Crowdstrike, etc.)
- Behavioral NDR - Traffic analytics to detect lateral movement and stealthy threats
- Automated Vulnerability Scanning - Prioritized findings across apps and infrastructure
- Threat Intelligence Feeds - Curated commercial, open-source, and internal threat data
- Scalable Cloud Architecture - Built for rapid onboarding and continuous delivery
We meet organizations where they are, no rip-and-replace required!
Lightweight/Low-Friction Services
No hardware required. Fast setup, minimal IT lift, immediate insights!
Dorkbot
- Uses cached public crawl data to detect common web vulnerabilities
- No active crawling, low friction, zero impact on live services
- Verified results only, no false positives, no noise
Credmaster
- Scans dark web for stolen credentials tied to your domain
- Verifies if exposed credentials are still active before alerting
- Provides immediate alerts and reports upon confirmed exposure
Gastronaut
- Actively crawls sites and application flows to uncover hard-to-find vulnerabilities
- Leverages an expanded, modern rule set built for real-world application environments
- Delivers verified, actionable findings through monthly reporting
Scavenger
- Identifies and alerts on external facing assets vulnerable to exploitation
- Provides a comprehensive view of exposure to cyber threats
- Enables proactive risk mitigation and security hardening
Abnormal Security
- Detects phishing, BEC, and spoofing via behavioral AI
- Stops advanced email threats missed by traditional filters
- Integrates directly with Splunk for unified threat visibility
Integrated/Advanced Services
More involved, highly tailored, and infrastructure-aware.
Endpoint Detection and Response (EDR)
- We integrate with most commercially available EDR platforms to deliver endpoint visibility, threat detection, and containment
Network Detection and Response (NDR)
- Passive monitoring via fiber taps; gear provided and case-by-case deployment scenarios
Armis Integration
- Real-time visibility into IoT, OT and medical devices to detect lateral movement, C2 and early ransomware behavior
Vulnerability Management & Cybersecurity Assessments
- Ongoing scanning and risk-based prioritization, plus optional cybersecurity training and assessment support aligned with TX-RAMP and other frameworks.
Penetration Testing*
- Custom engagements based on client need. Currently offered on a limited basis and may involve associated costs.