Security operations centre (SOC)
The ultimate defence for education and research
Why a SOC as a service?
Our security operations centre (SOC) relieves the pressure on your internal teams, by offering round-the-clock protection, proactive threat detection, and rapid incident response capabilities. Through state-of-the-art technology and specialist expertise, it acts as your organisation’s security command centre, providing expert protection and peace of mind.
The Janet Network advantage
Our unique visibility of the Janet Network means that we can detect and contain threats faster, minimising impact on your systems and data and the disruption to learning and research.
The ultimate defence
Our security operations centre is reinforcing the collective defence of the UK education and research sectors. Together we can build a more secure future.
Key benefits
When it comes to cyber security, not all SOCs are the same. Jisc's SOC is uniquely designed for the education and research sector.
Designed for the sector

Our experts understand the unique threats in education and research. Our SOC offers advanced threat detection and rapid incident response to protect your institution.
Cost-effective protection

Avoid the high costs of building an internal SOC. We provide top-tier security without the added overheads, protecting against costly ransomware attacks and reputational damage.
Rapid threat containment

As the only provider who can contain Janet connections during cyber incidents, we efficiently block unnecessary internet traffic without disconnecting, tailoring the response to each situation.
Key features of the Jisc SOC
- Continuous monitoring and advanced threat protection: Early threat identification and mitigation 24/7, 365 days a year
- Enhanced ISP level detection: Utilises our unique Janet network visibility for effective threat identification, gathering data from live traffic analysis and other systems
- Managed detect and respond (MDR): Proactive monitoring and rapid response to security incidents, including Extended Detection and Response (XDR)
- Upgraded CSIRT service: Round-the-clock response to automated SOC alerts from our NCSC accredited CSIRT team to help you detect, contain, and recover from cyber incidents as quickly as possible
- Advanced threat intelligence: Continuous live traffic analysis, dark web monitoring, and deep sector-specific insights to stay ahead of emerging threats
- Enhanced DDoS mitigation: Janet DDoS mitigation service is upgraded to foundation plus, providing round-the-clock automated protection against volumetric and state exhaustion DDoS attacks
- Cloud-based SIEM: Provides centralised monitoring and analysis of security events, enhancing threat detection and response
- Flexible containment options: Full, partial and scheduled containment options to ensure a tailored response to each situation, speeding up recovery and maintaining critical operations
David Batho, director of security, Jisc
“This is more than just a service; it’s a commitment to a safer digital future. By providing advanced threat detection and response capabilities, we’re empowering our community to innovate with confidence.”
The pillars of the Jisc SOC

Alt text for pillars of the Jisc SOC
Protect
- Dark web monitoring
- Vulnerability reporting
- DDoS protection
- Malicious website/content protection
Detect
- Continuous monitoring and advanced threat protection (SIEM solution)
- Enhanced ISP level detection
- Education and industry threat intelligence
- Managed Detect and Response (MDR)
- Threat hunting
Respond
- CIR (level two) accredited CSIRT response
- Enhanced ISP level containment
Recover
- Digital forensics
- Root cause analysis
- Eradication and remediation of threats
Prepare
- Proactive threat intelligence
- Cyber community
- Secure posture assessment
- Training, advice and guidance
Protect
- Dark web monitoring
- Vulnerability reporting
- DDoS protection
- Malicious website/content protection
Detect
- Continuous monitoring and advanced threat protection (SIEM solution)
- Enhanced ISP level detection
- Education and industry threat intelligence
- Managed Detect and Response (MDR)
- Threat hunting
Respond
- CIR (level two) accredited CSIRT response
- Enhanced ISP level containment
Recover
- Digital forensics
- Root cause analysis
- Eradication and remediation of threats
Prepare
- Proactive threat intelligence
- Cyber community
- Secure posture assessment
- Training, advice and guidance
Industry-leading technology




We work with leading security providers – Splunk, Microsoft Defender and CrowdStrike – to bring you the best tools for monitoring, detection and threat response.
Secure your organisation
Contact your relationship manager now to learn more and get started.
Service eligibility
Further education, higher education and research member organisations and research customers.
A Janet IP connection and having a compatible XDR in place (Microsoft Defender A5 or Crowdstrike) is a pre-requisite for the service.
Crown Commercial Service Supplier

Jisc is an approved supplier on the Crown Commercial Services G-Cloud framework and Cyber Security 3 dynamic purchasing system (DPS).
Visit the Crown Commercial Services website for more information and guidance on how to purchase G-Cloud 14 and Cyber Security Services 3.
ISO accreditation
This service is included within the scope of our ISO9001 and ISO27001 certificates. Read more about International Organisation for Standardisation (ISO) standards and view Jisc certificates.

