Cyber security
A UK University case study: success with BT Managed Security Services
Discover how a UK university partnered with BT Managed Security Services to create a proactive approach to cyber security.
September 20, 2023
5 minutes
Cyber security
A UK University case study: success with BT Managed Security Services
Discover how a UK university partnered with BT Managed Security Services to create a proactive approach to cyber security.
September 20, 2023
5 minutes
The university needed the capacity to provide 24/7 risk monitoring and proactive monitoring of its IT landscape.
Implementing a Security Incident and Event Management Tool (SIEM) provided insight into the university IT environment, enabling protection from potential cyber security-threats.
The university was able to free up IT staff resources with the use of a proactive monitoring service.
After an increase in cyber attacks within the public sector, including higher education, our client understood the need to bolster its cyber security measures. It was vital they adapted to protect the information technology services supporting its students and members of staff.
Identifying the issues
The adoption of cloud-based services has changed ways of working and the evolving threat landscape for cyber attacks, so the university needed to ensure that cyber security was built into the core of its services, processes and culture.
As part of the response, the university’s IT security team identified a need to proactively monitor the technology environment on a 24/7 basis. They needed to capture suspicious activity as it happened, investigate it thoroughly and take immediate action to protect its systems and services.
After considering its options for the implementation of the new monitoring service, the university decided to partner with a private sector body to provide this additional capacity.
Doing this also enabled the university to leverage the pool of skilled resources and threat intelligence information, that would be delivered by the Managed Security Services Provider.
Implementing the solution
Following a market testing process, we were selected as the preferred provider for the proactive management service. The chosen solution was based on the utilisation of Microsoft’s Sentinel Security Information and Event Management (SIEM) tool – a cloud-based tool that enables the collection of data across all users, devices, apps and infrastructure, including on-premise equipment and multiple cloud environments.
Data is analysed against the latest threat intelligence information and alerts are generated to our Security Operations Centre (SOC) analysts for investigation and potential remediation activity. We were able to implement this solution in just three months from mobilisation to going live.
The Microsoft Sentinel solution managed by our SOC agents enables the monitoring of activity within the Azure tenant, to capture potential security threats. All while uncovering vulnerabilities in the overall digital environment supporting the university’s users.
Analysing the results
The proactive management of the Microsoft Sentinel solution by our SOC meant that the university’s IT security staff could focus on strategic priorities, while we monitored risks around the clock. They would only be required to act if a threat was detected by one of our SOC agents.
This solution ensured that the university could be proactive, rather than reactive, to potential cyber security-threats, while protecting itself from financial and reputational loss.
This new service has provided the university with a significant improvement in the visibility of activity in its environment. With our cyber security team continually fine-tuning the Sentinel tool to alert on the data of most security value, both the university and our teams can focus on the most concerning activity and threats, reducing the time taken to respond to security incidents and performing the necessary remediation actions.
Resolving the challenges
The university needed a partner who had the skills and capability to provide a proactive monitoring service. We successfully provided this via the implementation of the core SOC SIEM Managed Service.
The university has now taken up the option to extend the service from one year to three years and will be extending the scope of the monitored environment.
The Security Operations Centre provided by BT has given the university the assurance of a highly skilled SOC analyst team providing a 24/7/365 triaging and escalation service.
