Cyber threat intelligence

The cyber threat intelligence team identifies, analyses and disseminates the intelligence that underpins all of Jisc’s cyber security activities. In addition, the team works closely with Jisc’s incident response and defensive services teams, responsible for DDoS mitigation and defence of the Janet Network.

Using in-house expertise and commercial and open-source services, threats and vulnerabilities impacting education and research are monitored and tracked. We work closely with institutions, national agencies and international partners to share actionable threat intelligence to help protect the Janet Network and connected organisations.

What the team does

Using Jisc’s years of experience running the Janet Network, the team of expert analysts combine technical data with third-party threat feeds. Intelligence received from partner organisations and links with suppliers enable us to understand threat actor’s motives, behaviours and to provide solutions to protect members.

Benefits to you

To support you, the cyber threat intelligence team:

• Publish quarterly threat reports to the education and research sector providing a regular update on recent advisories and alerts and a summary of threat actor activity affecting the sector
• Identify and investigate threats targeting the education and research sector
• Scan the Janet Network for vulnerabilities that could be exploited by threat actors and notify members when we find anything they need to address
• Monitor various sources, including the dark web, for targeted indicators and leaked or sold credentials
• Gather threat intelligence, receiving information from other sources and working closely with the National Cyber Security Centre for you
• Established the Jisc cyber threat intel sharing group which uses the Malware Information Sharing Platform (MISP) to share cyber threat information and intelligence
• Founded a global threat intelligence sharing partnership with education and research sector security and technology bodies in the US, Canada and Australia
• Manage and contribute content to the Academia group on NCSC’s cyber security information sharing partnership and sponsor members to join CiSP
• Support internal projects to ensure that future Jisc security services can be intelligence-driven
• Introduced geo-IP filtering as standard for Janet-connected members. This offers greater protection against ransomware attacks by restricting access to RDP (TCP port 3389 only) using geographic IP location blocking. If you would like to opt out of this service, please contact irt@jisc.ac.uk and specify the range of IPs you wish to exclude.