Jisc is launching an education-specific security information and event management (SIEM) service to help colleges and universities respond quickly to cyber security issues.
Developed in partnership with member organisations, the SIEM solution will detect security-related anomalies on networks by collating information from various systems, including firewall logs, domain name system (DNS) records and other event logs.
The data is then aggregated into a central system via the popular data management system, Splunk. As Splunk’s only managed service provider for education and research in the UK, Jisc already offers a cost-effective managed Splunk license service, which is included as part of the managed SIEM service.
Jisc’s team of analysts will tailor the SIEM solution to individual requirements, separating suspicious activity from business-as-usual activity. The team will also triage alerts, assess the threat severity, contact members if they spot a situation that requires urgent attention and advise on how best to resolve the problem.
Among the education providers trialing the managed SIEM is University of Bath. Their IT security officer, Neil Toyne, says:
“As we see the service move towards a production-ready system, we can already see the value that the tool can bring to the established CSIRT at Bath. It’s bringing meaningful and considered alerts to the cyber security team that could otherwise be background noise.”
Jisc’s cyber security product manager, Mark Tysom, says:
“SIEM solutions are widely used by commercial companies to safeguard their business and protect their reputation, but education and research organisations have been slower to implement these services.
“Many members have told us they are interested in a SIEM, but there are blockers: a lack of time and money is a factor and they are also put off by complicated on-boarding processes. To help, our experts will work with colleges and universities to explain the technical setup they’ll need to get data flowing from their network into the Splunk platform.”
For more information about the managed SIEM service, contact your account manager.
To hear more about cyber security in the HE, FE and research sectors, sign up for the Jisc security conference, running online 3-5 November 2020 - free for staff at member organisations.