Providing members with access to prioritised security information and alerts relevant to their hardware and software estate.
What we're doing
Many of our member organisations have recognised the potential value of a security incident and event management (SIEM) analytics platform which – among other use cases – helps you to get a clearer overview of your IT environment and identify security threats and vulnerabilities.
SIEMs can generate large amounts of data that can be hard to process and prioritise. For some, this can feel overwhelming. To address this, we're piloting a managed SIEM service with members who don't have, or do not wish to use, human and technical resources to run their own SIEM.
Our managed SIEM service aims to give participants peace of mind that security threats and issues are being captured and highlighted in real time whilst also allowing resources to be positioned towards other strategic areas of importance without compromising your institution’s security.
Why does this matter?
A SIEM can turn large amounts of machine data into useful insights that help you manage your organisation more effectively by highlighting security issues within the IT estate in an efficient manner.
Organisations will benefit from Jisc’s expertise in cyber security and incident handling, providing them with prioritised and actionable information ensuring their available resources are focused on the key issues.
The pilot will build upon our investment in the Splunk Enterprise solution, which we offer on a competitive license-only basis for members who want to run their own SIEM platform.
The pilot will run for six months and will help us to understand the requirements of the sector and the feasibility of offering a managed SIEM service on a formal footing.