Subscribe to our free fortnightly newsletter and stay ahead with the latest news in edtech

Jisc's Vulnerability Assessment manages cyber attack risks

Some of the UK's leading HE and FE institutions are using the service to identify, resolve, and manage vulnerabilities

Posted by Charley Rogers | August 01, 2017 | E-safety

Greenbone, a leading provider of vulnerability management solutions, and Khipu Networks have today announced that leading UK education institutions have adopted the Vulnerability Assessment Service, since the Jisc framework was first made available in April 2016. Institutions including the University of Winchester, University of Reading, Anglia Ruskin University, University of Hull, University of Winchester, Glasgow Kelvin College and Hartlepool College of Further Education are using the service to identify, resolve, and manage network vulnerabilities, to help protect their environments from cyber attacks that are continually on the rise and making the headline news.

The Jisc Vulnerability Assessment Service framework is designed to enable institutions of all sizes to detect and manage vulnerabilities in their infrastructures including servers, endpoints, and network and perimeter security equipment. Jisc first selected Greenbone and Khipu Networks to provide the service in April 2016, following a rigorous competitive (OJEU) tender process. The framework enables institutions to procure the service directly from Khipu Networks, without the requirement of a formal procurement exercise, saving resourcing, time and money. 

The Vulnerability Assessment Service automates the process of vulnerability identification and management, and provides the necessary reporting to help institutions prioritise and quickly act upon any cyber attack risks. A recent example is the flaw in versions of the Microsoft Windows operating system that led to the rapid spread of the WannaCry ransomware in May 2017. The Vulnerability Assessment Service first identified the vulnerability in February 2017, and immediately provided recommendations to patch against it being exploited. Education institutions using the service were notified of the vulnerability – and which of their devices would be affected – along with the required remediation information to prevent any future attacks.

New security vulnerabilities are being discovered and exploited by cybercriminals daily. For education organisations with large and diverse IT networks, it can be hard enough to simply understand their exposure to known vulnerabilities, let alone try to coordinate patching and testing against them.

“Using Jisc’s vulnerability assessment service enables the university to have a pro-active approach to cyber security,” said Rob Spalding, Head of Infrastructure at Anglia Ruskin University. “By having an automated solution that not only identifies vulnerabilities before they can be exploited, it reports on which systems will be affected and what actions need to be undertaken to protect them. This automated approach is vital in the defense against cyber attacks including the recent ransomware that made headline news. The service, provided by KHIPU Networks via the Jisc VAS framework, has been an immediate success for the university, with a quick return on investment.”

The Greenbone Security Manager solution which underpins the Vulnerability Assessment Service provides a daily security update feed with more than 53,000 network vulnerability tests.

“New security vulnerabilities are being discovered and exploited by cybercriminals daily,” said Steve Kennett, Security Director at Jisc. “For education organisations with large and diverse IT networks, it can be hard enough to simply understand their exposure to known vulnerabilities, let alone try to coordinate patching and testing against them. The Vulnerability Assessment Service is designed to relieve this pressure, and prevent outbreaks like WannaCry before they happen.”

“Having used the service for over a year, we’ve been able to streamline the way we deal with security vulnerability issues at the university,” said Sean Ashford, Networks and Systems Manager at the University of Winchester. “We can react quickly if we see that there is a critical or very widespread issue on our network that needs fixing. As a result, it’s become a central part of how we handle cybersecurity at the university.”

Subscribe to our free fortnightly newsletter and stay ahead with the latest news in edtech

Related stories

UB September issue out now!

The smart home reloaded - welcome to the intelligent campus

The Future of Security

Halting the rise of university drop-out rates

Talk Straight is awarded UK's Best Security ISP

Pioneering Cyber Schools programme launched by DCMS

The 4-pronged approach to tackling cybercrime in education

Making BYOD safe for universities

Schools crowdfunding for edech with Rocket Fund

How can ransomware and the WannaCry virus hurt HE?

Market place - view all

Saville

We are Saville Audio Visual - AV with a Difference
Saville is...

ULCC

Established in 1968 following recommendations of the Flower report,...

Listen technologies

Listen Technologies brings power and clarity to the sounds that enr...

Monitor IT

The cashless campus is becoming more of a reality. Universities and...

Schools Broadband

Schools Broadband is one of the UK's largest specialist providers o...

Ellucian

The leader in higher education technology. Ellucian delivers the s...