Security operations centre

Male working at a laptop.

A dedicated service to defend against cyber attacks, protect sensitive data, and ensure informational assets maintain their integrity, confidentiality, and availability.

This service is currently in beta and therefore some of the specifics on this page may change. We will be launching the security operations centre for general availability in early 2025.

About the service

We are developing the security operations centre (SOC) to meet the sector's need for robust cyber security measures in today’s rapidly evolving digital landscape.

A managed security operations centre is a centralised facility where a team of cybersecurity experts work together to monitor, detect, analyse, and respond to various security incidents within an organisation’s digital infrastructure. The primary objective of a SOC is to minimise the impact of cyberattacks, protect sensitive data, and ensure the confidentiality, integrity, and availability of your organisation’s information assets.

“This is more than just a service; it’s a commitment to a safer digital future. By providing advanced threat detection and response capabilities, we’re empowering our community to innovate with confidence.”

David Batho, director of security, Jisc

Why choose a managed SOC

With cyberattacks becoming increasingly sophisticated and frequent, a managed SOC adds that essential extra layer of protection for organisations of all sizes through:

  • Proactive threat detection: Continuously monitoring networks, systems, and applications to identify potential vulnerabilities and detect any signs of malicious activity.
  • Industry-leading technology: Our leading partnerships help us react quickly and seamlessly. Our SOC will collect and analyse data from across your entire IT environment, providing a comprehensive security solution.
  • Rapid incident response: As the trusted ISP for the UK’s education and research community, our visibility across the Janet Network means that when a security incident is detected, the SOC team quickly takes action to contain the threat and minimise damage, ultimately reducing the overall impact on your organisation.
  • Compliance assurance: By implementing security best practices and industry-standard frameworks, SOCs help your organisation adhere to regulatory requirements and maintain compliance with data protection laws.
  • Improved security posture: The combination of advanced technology, skilled personnel, and well-defined processes in a SOC helps your business maintain a strong security posture in the face of evolving threats.
  • Trusted partnership: We are your trusted and vital sector partner. Our SOC offers collaborative defence to share intelligence and enhance security across the education and research sector. We will provide you with enhanced control over your security systems, helping you stay one step ahead of cyber threats.

SOC graphic

Alt text for SOC graphic

Protect

  • Dark web monitoring
  • Vulnerability reporting
  • DDoS protection
  • Malicious website/content protection

Detect

  • Continuous monitoring and advanced threat protection (SIEM solution)
  • Enhanced ISP level detection
  • Education and industry threat intelligence
  • Managed Detect and Response (MDR)
  • Threat hunting

Respond

  • CIR (level two) accredited CSIRT response
  • Enhanced ISP level containment

Recover

  • Digital forensics
  • Root cause analysis
  • Eradication and remediation of threats

Prepare

  • Proactive threat intelligence
  • Cyber community
  • Secure posture assessment
  • Training, advice and guidance

Data access

You do not have to grant Jisc access to all of your your data. Any SOC needs access to your security controls, relevant log files and similar. We do not require (and nor should any SOC provider) access to your sensitive datasets.

Prerequisites

You must have a supported EDR/MDR deployed. Currently, our SOC supports Microsoft Defender and CrowdStrike.

How to prepare for the SOC

Subscribe to the  cyber security threat monitoring service which will be a core part of the security operations centre and a key stepping stone to the new service.

Completing a  cyber security assessment can also help to prepare your organisation for the security operations centre and help ensure you get the most value from it. It is also important to ensure that you are first using all the core services included with your Janet connection.

Containment options during a cyber incident

The approach is broadly broken down into the following areas:

  • Full containment - blocking all inbound connections with no exceptions
  • Partial containment - blocking all inbound connections with exclusions such as Microsoft services (M365, etc), IP telephony services, EDR communication (CrowdStrike, Sophos, Defender XDR, etc). Partial containment works well as it allows certain business, security, and recovery solutions to continue working and hugely speeds up the recovery process. We also have the flexibility to contain individual systems like remote access solutions during less major incidents.
  • Scheduled containment - can combine the above, but on a scheduled basis ie full or partial containment 6pm to 8am only (good for providing staff respite during out of office hours).

Crown Commercial Service Supplier logo

Jisc is an approved supplier on the Crown Commercial Services G-Cloud framework and Cyber Security 3 dynamic purchasing system (DPS).

Visit the Crown Commercial Services website for more information and guidance on how to purchase G-Cloud 14 and Cyber Security Services 3.

ISO certification

This service is included within the scope of our ISO9001 and ISO27001 certificates. Read more about International Organisation for Standardisation (ISO) standards and view Jisc certificates.

ISO 9001-2015 UKAS logo

ISO/IEC 27001 UKAS logo