Cyber security threat monitoring
Providing the visibility you need to understand your infrastructure, spot emerging threats early, and make informed security decisions.
Comprehensive infrastructure visibility for UK education and research
Cyber security threat monitoring (CSTM) is an enhanced managed security information and event management (SIEM) service giving education and research institutions comprehensive visibility into their IT infrastructure. Unlike generic commercial SIEM offerings, CSTM is specifically designed to understand the unique patterns, threats, and challenges of the education and research sector.
How it works
- 24/7 monitoring: your systems feed security logs into the CSTM platform and are managed by Jisc on Splunk Cloud
- Intelligent analysis: analytics tuned to threats targeting education and research
- Expert triage: analysts investigate alerts and cut false positives during office hours (8am–6pm)
- Timely alerts: high confidence critical issues trigger out of hours phone alerts
- Actionable insight: clear context, explanation, and practical guidance.
Benefits
Built for education and research
Designed to detect sector-specific threats
Understands your operational rhythms
Clearing, admissions, exams, research cycles—our analytics account for them
Relevant, useful alerts
Context aligned to your environment with guidance your teams can act on
Works with your team
Enhances capability without requiring full‑time analyst expertise
Mission-driven
We support UK education and research not shareholders
The Jisc–Splunk partnership
CSTM combines sector insight from Jisc with Splunk’s industry-leading SIEM technology. It provides enterprise grade analytics and scalable cloud performance, configured and run by Jisc, using more than 35 years of experience and unique Janet Network visibility. You get an enterprise class solution, optimised for your needs, at lower cost.
The Janet advantage
The Janet Network provides threat visibility that commercial vendors can’t match. By monitoring at network level and correlating intelligence from across the sector, CSTM reveals threats hidden elsewhere.
Janet enables:
- Early threat detection before attacks reach your infrastructure
- Faster sector-wide defence deployment
- Cross-institutional intelligence to spot attacker patterns
- Meaningful context, grounded in how education traffic behaves
Tailored for education and research
- Purpose-built for education and research
- Developed with Splunk and sector members
- Addresses sector-specific security challenges
Seamless and scalable security management
- Cloud-based SIEM solution for scalable threat monitoring
- Continuous service improvement based on user feedback
- Adaptable to emerging threats and evolving sector needs
- Works with existing security tools (antivirus, endpoint detection)
- Single dashboard for all security logs with prioritised event highlighting
- Filterable detection rules to reduce noise and improve efficiency
I highly recommend Jisc for their proactive and reliable support. We benefitted from 24/7 expert monitoring, knowing that any critical security issues will be swiftly managed.
Service eligibility
Designed for education and research institutions looking to enhance their security posture with a comprehensive and scalable SIEM solution to bolster the security services and benefits included with their Janet connection.
Pre-requisites include a Janet IP connection. An EDR solution is highly recommended but not mandatory.
Cyber security threat monitoring vs security operations centre (SOC)
Cyber security threat monitoring (CSTM), in combination with the services included with your Janet connection, provides continuous expert monitoring, triage, and alerting of potential malicious activity across your IT environment, and support via Jisc CSIRT should you require it— empowering your internal team to respond faster and with more peace of mind.
If you would prefer an end-to-end managed service, where threats are not only detected but also contained and mitigated on your behalf in accordance with pre-defined criteria, the Jisc security operations centre (SOC) would better suit your needs and further reduce the burden on your internal operations.
Jisc is an approved supplier on the Government Commercial Agency G-Cloud framework and Cyber Security 3 dynamic purchasing system (DPS).
Visit the Government Commercial Agency website for more information and guidance on how to purchase G-Cloud 14 and Cyber Security Services 3.
Service levels
Hours of service
Working hours: 8:00-18:00, Monday to Friday (excluding public holidays)
Non-working hours: automated alerting is provided outside of working hours
Response times by urgency level
Critical urgency
- Contact method: phone call and email
- Response time:
- During working hours: one hour response via email
- Outside working hours: two hour response with one phone call and email
High urgency
- Contact method: email
- Response time:
- During working hours: one hour response
- Outside working hours: automated notification only
Medium urgency
- Contact method: email
- Response time:
- During working hours: two hour response
- Outside working hours: triaged next working day
Low urgency
- Contact method: email
- Response time:
- During working hours: scheduled report notification
- Outside working hours: scheduled report notification
Out-of-hours (OOH) protocol
- OOH alerts are processed by automation
- Alerts are escalated to designated OOH contacts within the defined SLA timeframes
- A follow-up phone call for high-confidence critical alerts is made for immediate awareness
- All OOH alerts are reviewed by an analyst on the next working day for thorough analysis and validation
Hours of service
Working hours: 8:00-18:00, Monday to Friday (excluding public holidays)
Non-working hours: automated alerting is provided outside of working hours
Response times by urgency level
Critical urgency
- Contact method: phone call and email
- Response time:
- During working hours: one hour response via email
- Outside working hours: two hour response with one phone call and email
High urgency
- Contact method: email
- Response time:
- During working hours: one hour response
- Outside working hours: automated notification only
Medium urgency
- Contact method: email
- Response time:
- During working hours: two hour response
- Outside working hours: triaged next working day
Low urgency
- Contact method: email
- Response time:
- During working hours: scheduled report notification
- Outside working hours: scheduled report notification
Out-of-hours (OOH) protocol
- OOH alerts are processed by automation
- Alerts are escalated to designated OOH contacts within the defined SLA timeframes
- A follow-up phone call for high-confidence critical alerts is made for immediate awareness
- All OOH alerts are reviewed by an analyst on the next working day for thorough analysis and validation
Cyber security hub
Gain access to the tools and insights of our cyber security threat monitoring service via our cyber security hub. Your dashboard provides advanced threat intelligence through current traffic analysis and early threat detection, along with timely, expert-led alerts. Log in or request access to our cyber security hub.
Our project partners
ISO certification
This service is included within the scope of our ISO9001 and ISO27001 certificates.
