Cyber security threat monitoring
Monitor and respond to security anomalies through a single dashboard to protect your organisation from security-related attacks.
Cyber security threat monitoring complements and enhances your existing cyber security toolkit by integrating with existing investments such as antivirus and endpoint detection services to improve your security posture.
How it works
The service provides a single pane of glass, alerting you to signs of potential concern that your organisation could be at risk from attack, by monitoring key security controls that you have implemented.
The service gathers logs from your existing utilities into a single dashboard, highlighting the most significant and helping you prioritise resources. By correlating events that would otherwise go unnoticed, it helps you highlight risks from multiple sources.
You will receive timely alerts of activities and changes that could indicate unauthorised access to your systems, for example, tracking the number of failed login attempts to high privilege accounts from unusual or unexpected geographic locations. Additionally, the same user appearing to authenticate from multiple locations simultaneously could indicate a compromised account.
Alerts are categorised by their potential level of severity. Critical alerts are sent to the Jisc CSIRT team, who will provide advice, guidance and remedial actions to mitigate potential threats.
Benefits of the service
The service is fine-tuned to meet your requirements, adjusting detection thresholds and rules as necessary to separate suspicious activity from business-as-usual activity.
Our analysts triage any alerts, assessing the threat severity and providing recommendations to you about how to resolve the issue. This reduces your own team’s workload so they can focus on the most significant issues. You have the assurance that you will be advised of critical alerts on your infrastructure 24/7, 365 days a year.
Cyber security threat monitoring:
- Is designed to overcome the sector-specific challenges of looking for a security monitoring solution
- Frees staff from monitoring your network and analysing log outputs
- Quickly provides clear information on vulnerabilities and threats so you can act fast to protect your systems
- Assists with and demonstrates your organisation’s compliance with sector body requirements on cyber security
- Is a market leading value solution from your trusted partner to strengthen your security posture
Co-designed with members
To develop a service that works for you, Jisc worked with members to identify use cases including:
- Same user logging in from multiple geographical locations at the same time
- Brute force detection
- Unauthorised or unexpected remote desktop session
- Privileged group changes
Together, the service was designed around these requirements. Jisc worked with industry leader Splunk to build a bespoke cloud platform based around the requirements of the education and research sectors - this approach has helped create a service that does what’s needed.
When you become a service user, you’ll be able to feed into our continuous improvement processes to help us develop the service so it can meet changing needs and adapt to emerging threats.
Jisc has been appointed as an approved supplier on the Crown Commercial Services dynamic purchasing system (DPS). The benefit for our members in purchasing through the DPS is that it allows public sector buyers to procure an extensive variety of cyber security services from a range of pre-qualified suppliers.
Visit the Crown Commercial Service (CCS) website for more information. The ‘how to buy’ section gives full details for registering as a buyer and navigating through the process.
The CCS run regular webinars for customers explaining what and how to buy from the new cyber security DPS. See upcoming webinar sessions.
Service levels
Hours of service
- Working hours: 8:00-18:00, Monday to Friday
- On-call hours: 18:00-08:00, Monday to Friday; 00:00-00:00, Saturday to Sunday
Service level agreement
Critical severity
- Jisc CSIRT response: investigation
- Contact method: phone call and email
- Service level agreement:
- During working hours: one-hour response time, one phone call and email
- During on-call hours: two-hour response time, one phone call and email
High severity
- Jisc CSIRT response: investigation
- Contact method: email
- Service level agreement:
- During working hours: one-hour response time
- During on-call hours: automated notification
Medium severity
- Jisc CSIRT response: incident checked and resolved
- Contact method: email
- Service level agreement:
- During working hours: two-hour response time
- During on-call hours: automated notification
Low severity
- Jisc CSIRT response: none
- Contact method: email
- Service level agreement:
- During working hours: scheduled report notification
- During on-call hours: scheduled report notification
Hours of service
- Working hours: 8:00-18:00, Monday to Friday
- On-call hours: 18:00-08:00, Monday to Friday; 00:00-00:00, Saturday to Sunday
Service level agreement
Critical severity
- Jisc CSIRT response: investigation
- Contact method: phone call and email
- Service level agreement:
- During working hours: one-hour response time, one phone call and email
- During on-call hours: two-hour response time, one phone call and email
High severity
- Jisc CSIRT response: investigation
- Contact method: email
- Service level agreement:
- During working hours: one-hour response time
- During on-call hours: automated notification
Medium severity
- Jisc CSIRT response: incident checked and resolved
- Contact method: email
- Service level agreement:
- During working hours: two-hour response time
- During on-call hours: automated notification
Low severity
- Jisc CSIRT response: none
- Contact method: email
- Service level agreement:
- During working hours: scheduled report notification
- During on-call hours: scheduled report notification
ISO certification
This service is included within the scope of our ISO9001 and ISO27001 certificates.
