Security operations centre

About the service

We are developing the security operations centre (SOC) to meet the sector's need for robust cyber security measures in today’s rapidly evolving digital landscape.

A managed security operations centre is a centralised facility where a team of cybersecurity experts work together to monitor, detect, analyse, and respond to various security incidents within an organisation’s digital infrastructure. The primary objective of a SOC is to minimise the impact of cyberattacks, protect sensitive data, and ensure the confidentiality, integrity, and availability of your organisation’s information assets.

Why choose a managed SOC

With cyberattacks becoming increasingly sophisticated and frequent, a managed SOC adds that essential extra layer of protection for organisations of all sizes through:

• Proactive threat detection: Continuously monitoring networks, systems, and applications to identify potential vulnerabilities and detect any signs of malicious activity.
• Industry-leading technology: Our leading partnerships help us react quickly and seamlessly. Our SOC will collect and analyse data from across your entire IT environment, providing a comprehensive security solution.
• Rapid incident response: As the trusted ISP for the UK’s education and research community, our visibility across the Janet Network means that when a security incident is detected, the SOC team quickly takes action to contain the threat and minimise damage, ultimately reducing the overall impact on your organisation.
• Compliance assurance: By implementing security best practices and industry-standard frameworks, SOCs help your organisation adhere to regulatory requirements and maintain compliance with data protection laws.
• Improved security posture: The combination of advanced technology, skilled personnel, and well-defined processes in a SOC helps your business maintain a strong security posture in the face of evolving threats.
• Trusted partnership: We are your trusted and vital sector partner. Our SOC offers collaborative defence to share intelligence and enhance security across the education and research sector. We will provide you with enhanced control over your security systems, helping you stay one step ahead of cyber threats.

Data access

You do not have to grant Jisc access to all of your your data. Any SOC needs access to your security controls, relevant log files and similar. We do not require (and nor should any SOC provider) access to your sensitive datasets.

Prerequisites

You must have a supported EDR/MDR deployed. Currently, our SOC supports Microsoft Defender and CrowdStrike.

How to prepare for the SOC

Subscribe to the  cyber security threat monitoring service which will be a core part of the security operations centre and a key stepping stone to the new service.

Completing a  cyber security assessment can also help to prepare your organisation for the security operations centre and help ensure you get the most value from it. It is also important to ensure that you are first using all the core services included with your Janet connection.

Containment options during a cyber incident

The approach is broadly broken down into the following areas:

• Full containment - blocking all inbound connections with no exceptions
• Partial containment - blocking all inbound connections with exclusions such as Microsoft services (M365, etc), IP telephony services, EDR communication (CrowdStrike, Sophos, Defender XDR, etc). Partial containment works well as it allows certain business, security, and recovery solutions to continue working and hugely speeds up the recovery process. We also have the flexibility to contain individual systems like remote access solutions during less major incidents.
• Scheduled containment - can combine the above, but on a scheduled basis ie full or partial containment 6pm to 8am only (good for providing staff respite during out of office hours).