A collection device is activated on the customer network. This device has an embedded intrusion detection system that creates security alerts and traffic metadata (packet headers: source and destination addresses, port, protocol, time stamp).

No, the collector hardware is provided at no cost.

Yes, customers must have infrastructure—specifically an edge switch or router—that allows port mirroring or “spanning.” This process is copying all traffic on the device's ports and concentrating it on a single monitoring port. The collector plugs into the span port. Ideally, rack space will be provided During provisioning, certain information must be collected regarding internal addressing, wire speed, and details of the internet connection.

The collector is pre-configured using information collected in a scoping conversation and sent to your location. Once you have received it, the collector should be plugged into the edge switch or port with copied (spanned) traffic, and data flow is confirmed. Instructions for connection are provided. If needed our cyber engineer will talk you through the process.

Intrusion detection system alerts (very similar to anti-virus alerts) and packet headers (metadata). No content (e-mail, web pages, financial transactions) is accessed. A summary is provided that includes source address, destination address, port, protocol, flags, time stamp, and directionality information (inbound versus outbound traffic).

Malware delivered to organizational assets that have evaded preventive controls is the target of the analyst investigations. Suspicious behavior such as internal network scanning, cryptocurrency mining, organized crime command and control communications, all designed to identify compromised assets and/or information exploitation from your network.

At the time of provisioning, a communication escalation tree is developed. PISCES will notify the affected jurisdiction using this escalation process with as much information as possible to guide the remediation of an asset that may have become compromised.

We can offer limited assistance. We can also connect you to your state Cyber Security Analyst or other state assets that can assist you at no cost.

No. No content, such as e-mail, is available to students, instructors, or PISCES staff. Only metadata is copied and sent to our Cyber Range for analysis. Students only have access to data on the systems at the Cyber Range and cannot reach back to the device on your premises.

Students are required to sign a non-disclosure agreement, but no background check is required. Because students are handling metadata only, likely subject to public disclosure, there is negligible risk to personally identifiable or regulated information. In addition, the collectors are one-way so data can only flow to the Cyber Range for analysis. Students cannot reach back to the community sharing data.

International students are members of these classes and subject to the same requirements. It is important to note that our approach teaches detection and protection. No students, international or domestic, learn how to attack networks through this program.

Metadata and intrusion detection system alerts are stored for approximately 90 days. The Cyber Range maintain security standards for physical security of the facility, network-level access control, time-limited access authorization for students, and data center security monitoring.

Typically, for jurisdictions with fewer than 150 employees, no-cost agreements are for 3-year terms. If the organization has not grown over the limit, the agreement may be renewed for another 3-year term.

Organizations with greater than 150 employees may have a 1-2 year agreement with the expectation that the time will be leveraged to budget for a commercial equivalent. If a community can afford to pay for commercial cybersecurity protections we strongly encourage them to do so.

We do not respond to public disclosure requests and refer any requestors back to the originating jurisdiction.

Intrusion detection system alerts and metadata are retained for approximately 90 days, in the event they are needed for forensic examination. With the agreement of the data sharing partner, PISCES will hold data for longer periods to support research by the academic institutions.

Students will not have access to sensitive information. Students will be working with header data. Only. Additionally, students will primarily work on university-secured computers or with computers that meet university-secured and PISCES-secured requirements. Students must sign a nondisclosure agreement ensuring they will maintain confidentiality.

Several lines of checks to accuracy from students. Students are trained to detect anomalies in header data. Upon detecting something anomalous, they verify that this is, in fact, a credible threat. Upon determining a credible threat is present, students report to the professor for review and validation. PISCES also provides a professional cyber analyst who reviews all student findings to validate them and as needed report them to the data sharing partner with recommendation for mitigative actions.

Simply hit the Contact Us tab and provide your information. We will typically respond to you in 24 hours or less.