Cyber security threat monitoring

Two men chatting to each other in an office.

Monitor and respond to security anomalies through a single dashboard to protect your organisation from security-related attacks.

Cyber security threat monitoring complements and enhances your existing cyber security toolkit by integrating with existing investments such as antivirus and endpoint detection services to improve your security posture.

How it works

The service provides a single pane of glass, alerting you to signs of potential concern that your organisation could be at risk from attack, by monitoring key security controls that you have implemented.

The service gathers logs from your existing utilities into a single dashboard, highlighting the most significant and helping you prioritise resources. By correlating events that would otherwise go unnoticed, it helps you highlight risks from multiple sources.

You will receive timely alerts of activities and changes that could indicate unauthorised access to your systems, for example, tracking the number of failed login attempts to high privilege accounts from unusual or unexpected geographic locations. Additionally, the same user appearing to authenticate from multiple locations simultaneously could indicate a compromised account.

Alerts are categorised by their potential level of severity. Critical alerts are sent to the Jisc CSIRT team, who will provide advice, guidance and remedial actions to mitigate potential threats. 

Benefits of the service

The service is fine-tuned to meet your requirements, adjusting detection thresholds and rules as necessary to separate suspicious activity from business-as-usual activity.  

Our analysts triage any alerts, assessing the threat severity and providing recommendations to you about how to resolve the issue. This reduces your own team’s workload so they can focus on the most significant issues. You have the assurance that you will be advised of critical alerts on your infrastructure 24/7, 365 days a year.

Cyber security threat monitoring:

  • Is designed to overcome the sector-specific challenges of looking for a security monitoring solution
  • Frees staff from monitoring your network and analysing log outputs
  • Quickly provides clear information on vulnerabilities and threats so you can act fast to protect your systems
  • Assists with and demonstrates your organisation’s compliance with sector body requirements on cyber security
  • Is a market leading value solution from your trusted partner to strengthen your security posture

Co-designed with members

To develop a service that works for you, Jisc worked with members to identify use cases including:

  • Same user logging in from multiple geographical locations at the same time
  • Brute force detection
  • Unauthorised or unexpected remote desktop session
  • Privileged group changes

Together, the service was designed around these requirements. Jisc worked with industry leader Splunk to build a bespoke cloud platform based around the requirements of the education and research sectors - this approach has helped create a service that does what’s needed.

When you become a service user, you’ll be able to feed into our continuous improvement processes to help us develop the service so it can meet changing needs and adapt to emerging threats.

Crown Commercial Service Supplier logo

Jisc is an approved supplier on the Crown Commercial Services G-Cloud framework and Cyber Security 3 dynamic purchasing system (DPS).

Visit the Crown Commercial Services website for more information and guidance on how to purchase G-Cloud 14 and Cyber Security Services 3.

Service levels

Hours of service

  • Working hours: 8:00-18:00, Monday to Friday excluding public holidays
  • Automated alerting outside these hours

Service level agreement

Critical urgency

  • Contact method: phone call and email
  • Service level agreement:
    • During working hours: one-hour response time, one phone call and email
    • Outside working hours: two-hour response time, one phone call and email

High urgency

  • Contact method: email
  • Service level agreement:
    • During working hours: one-hour response time
    • Outside working hours: automated notification

Medium urgency

  • Contact method: email
  • Service level agreement:
    • During working hours: two-hour response time
    • Outside working hours: automated notification

Low urgency

  • Contact method: email
  • Service level agreement:
    • During working hours: scheduled report notification
    • Outside working hours: scheduled report notification

ISO certification

This service is included within the scope of our ISO9001 and ISO27001 certificates.

Read more about International Organisation for Standardisation (ISO) standards and view Jisc certificates.

ISO 9001-2015 UKAS logo

ISO/IEC 27001 logo