Members have told us they want a SIEM to help with proactively managing cyber security threats. Managed SIEM meets this need and removes the difficulties education and research organisations often face when they want to implement, manage and maintain a SIEM solution.
A SIEM solution makes it easier for an organisation to spot security-related anomalies on their network because it aggregates data from their various systems and turns data logs into actionable insights.
SIEM solutions are widely used by commercial bodies to safeguard their business and protect their reputation, but education and research organisations can find it hard to commit the necessary resources and staff time.
Managed SIEM takes data from network infrastructure sources such as firewall logs, domain name system (DNS) records and event logs and aggregates it into a central system via Splunk.
Benefits of a managed SIEM service
The service is tailored to meet your requirements, adjusting detection thresholds and rules as necessary to separate suspicious activity from business as usual activity.
Analysts triage any alerts, assessing the threat severity and providing recommendations to you about how to resolve the issue. This reduces your own team’s workload so they can focus on the most significant issues.
Is designed to overcome the sector-specific challenges of education and research organisations looking for a SIEM solution
Frees staff from monitoring your network and analysing SIEM outputs
Quickly provides clear information on vulnerabilities and threats so you can act fast to protect your systems
Assists with and demonstrates your organisation’s compliance with sector body requirements on cyber security
Is a cost-effective alternative to commercial solutions
Co-designed with members
To develop a service that works for you, Jisc worked with members to identify use cases including:
Same user logging in from multiple geographical locations at the same time
Detecting network scanning and beaconing
Comparing firewall and domain name system (DNS) logs against threat lists
Detecting unexpected software on your critical infrastructure
Together, the service was designed around these requirements - this approach has helped create a service that does what you say you need. When you become a service user, you’ll be able to feed into our continuous improvement processes to help us develop the service so it can meet changing needs and adapt to emerging threats.
Managed SIEM and Splunk
As Splunk’s only managed service provider for education and research in the UK, Jisc already offers a cost-effective managed Splunk licence service and we will be providing this service alongside our managed SIEM service agreement.
The dashboards you’ll see as a managed SIEM service user highlight the most recent findings from the Splunk platform.
You’ll also receive reports providing further information and prior data to save you time on monitoring and interpreting Splunk outputs.
The managed service works in tandem with our portfolio of cyber security services so, where it identifies something that calls for a fast response, our CSIRT team will triage the incident and contact you with their recommendations. They’ll also support you to resolve it if required.
How to get started
Tell us your data sources and server types and we’ll arrange a call or meeting to explain the technical setup you need to get data flowing from your network into our Splunk platform.
Technical onboarding guides can help you complete initial set up, with help available to your technical lead if needed. We know organisations can be put off implementing a SIEM solution by complicated setup processes, so we’re here to support you.