Cyber threat intelligence

The cyber threat intelligence team identifies, analyses and disseminates the intelligence that underpins all of our cyber security activities. In addition, the team works closely with our incident response and defensive services teams, responsible for DDoS mitigation and defence of the Janet Network.

Using in-house expertise and commercial and open-source services, threats and vulnerabilities impacting education and research are monitored and tracked. We work closely with institutions, national agencies and international partners to share actionable threat intelligence to help protect the Janet Network and connected organisations.

What the team does

Using our years of experience running the Janet Network, our team of expert analysts combines technical data with third-party threat feeds. Intelligence received from partner organisations and links with suppliers enable us to understand threat actor’s motives, behaviours and to provide solutions to protect members.

We operate a threat intelligence sharing group, automating the distribution of sector-specfiic threat intelligence to participating eligible organisations. This also enables participating organisations to share cyber threat intelligence with Jisc, for the benefit of the education and research community.

Benefits to you

To support you, the cyber threat intelligence team:

• Publishes monthly threat reports to the education and research sector providing a regular update on recent advisories and alerts and a summary of threat actor activity affecting the sector
• Identifies and investigates threats targeting the education and research sector
• Scans the Janet Network for vulnerabilities that could be exploited by threat actors and notify members when we find anything they need to address
• Monitors various sources, including the dark web, for targeted indicators and leaked or sold credentials
• Gathers threat intelligence, receiving information from other sources and working closely with the National Cyber Security Centre for you
• Operates the Jisc cyber threat intel sharing group to automate the sharing of cyber threat information and intelligence
• Founded a global threat intelligence sharing partnership with education and research sector security and technology bodies in the US, Canada and Australia
• Supports internal projects to ensure that future Jisc security services can be intelligence-driven
• Introduced geo-IP filtering as standard for Janet-connected members. This offers greater protection against ransomware attacks by restricting access to RDP (TCP port 3389 only) using geographic IP location blocking. If you would like to opt out of this service, please contact irt@jisc.ac.uk and specify the range of IPs you wish to exclude.