Jisc’s Vulnerability Assessment manages cyber attack risks

Some of the UK’s leading HE and FE institutions are using the service to identify, resolve, and manage vulnerabilities

Greenbone, a leading provider of vulnerability management solutions, and Khipu Networks have today announced that leading UK education institutions have adopted the Vulnerability Assessment Service, since the Jisc framework was first made available in April 2016. Institutions including the University of Winchester, University of Reading, Anglia Ruskin University, University of Hull, University of Winchester, Glasgow Kelvin College and Hartlepool College of Further Education are using the service to identify, resolve, and manage network vulnerabilities, to help protect their environments from cyber attacks that are continually on the rise and making the headline news.

The Jisc Vulnerability Assessment Service framework is designed to enable institutions of all sizes to detect and manage vulnerabilities in their infrastructures including servers, endpoints, and network and perimeter security equipment. Jisc first selected Greenbone and Khipu Networks to provide the service in April 2016, following a rigorous competitive (OJEU) tender process. The framework enables institutions to procure the service directly from Khipu Networks, without the requirement of a formal procurement exercise, saving resourcing, time and money. 

The Vulnerability Assessment Service automates the process of vulnerability identification and management, and provides the necessary reporting to help institutions prioritise and quickly act upon any cyber attack risks. A recent example is the flaw in versions of the Microsoft Windows operating system that led to the rapid spread of the WannaCry ransomware in May 2017. The Vulnerability Assessment Service first identified the vulnerability in February 2017, and immediately provided recommendations to patch against it being exploited. Education institutions using the service were notified of the vulnerability – and which of their devices would be affected – along with the required remediation information to prevent any future attacks.

New security vulnerabilities are being discovered and exploited by cybercriminals daily. For education organisations with large and diverse IT networks, it can be hard enough to simply understand their exposure to known vulnerabilities, let alone try to coordinate patching and testing against them.

“Using Jisc’s vulnerability assessment service enables the university to have a pro-active approach to cyber security,” said Rob Spalding, Head of Infrastructure at Anglia Ruskin University. “By having an automated solution that not only identifies vulnerabilities before they can be exploited, it reports on which systems will be affected and what actions need to be undertaken to protect them. This automated approach is vital in the defense against cyber attacks including the recent ransomware that made headline news. The service, provided by KHIPU Networks via the Jisc VAS framework, has been an immediate success for the university, with a quick return on investment.”

The Greenbone Security Manager solution which underpins the Vulnerability Assessment Service provides a daily security update feed with more than 53,000 network vulnerability tests.

“New security vulnerabilities are being discovered and exploited by cybercriminals daily,” said Steve Kennett, Security Director at Jisc. “For education organisations with large and diverse IT networks, it can be hard enough to simply understand their exposure to known vulnerabilities, let alone try to coordinate patching and testing against them. The Vulnerability Assessment Service is designed to relieve this pressure, and prevent outbreaks like WannaCry before they happen.”

“Having used the service for over a year, we’ve been able to streamline the way we deal with security vulnerability issues at the university,” said Sean Ashford, Networks and Systems Manager at the University of Winchester. “We can react quickly if we see that there is a critical or very widespread issue on our network that needs fixing. As a result, it’s become a central part of how we handle cybersecurity at the university.”