Leading education institutions adopt Jisc’s Vulnerability Assessment Service to manage cyberattack risks

Saturday 21st October, 2017

HE and FE institutions deploy the service to identify, resolve and manage vulnerabilities, protecting their environments from cyber threats such as the recent attacks that have hit the headline news.

London, 11th July 2017 – Greenbone, a leading provider of vulnerability management solutions, and Khipu Networks have today announced that leading UK education institutions have adopted the Vulnerability Assessment Service, since the Jisc framework was first made available in April 2016. Institutions including the University of Winchester, University of Reading, Anglia Ruskin University, University of Hull, University of Winchester, Glasgow Kelvin College, Havering College and Hartlepool College of Further Education – are using the service to identify, resolve and manage network vulnerabilities, to help protect their environments from cyberattacks that are continually on the rise and making the headline news. The Jisc Vulnerability Assessment Service framework is designed to enable institutions of all sizes to detect and manage vulnerabilities in their infrastructures including servers, endpoints, network and perimeter security equipment. Jisc first selected Greenbone and Khipu Networks to provide the service in April 2016, following a rigorous competitive (OJEU) tender process. The framework enables institutions to procure the service directly from Khipu Networks, without the requirement of a formal procurement exercise, saving resourcing, time and money. The Vulnerability Assessment Service automates the process of vulnerability identification and management, and provides the necessary reporting to help institutions prioritise and quickly act upon any cyberattack risks.

A recent example is the flaw in versions of the Microsoft Windows operating system that led to the rapid spread of the WannaCry ransomware in May 2017. The Vulnerability Assessment Service first identified the vulnerability in February 2017, and immediately provided recommendations to patch against it being exploited. Education institutions using the service were notified of the vulnerability – and which of their devices would be affected – along with the required remediation information to prevent any future attacks. “Using Jisc’s vulnerability assessment service enables the University to have a pro-active approach to cyber security. By having an automated solution that not only identifies vulnerabilities before they can be exploited, it reports on which systems will be affected and what actions need to be undertaken to protect them. This automated approach is vital in the defense against cyber-attacks including the recent ransomware which made headline news. The service, provided by KHIPU Networks via the Jisc VAS framework, has been an immediate success for the University, with a quick return on investment.”

Rob Spalding, Head of Infrastructure at Anglia Ruskin University

The Greenbone Security Manager solution – which underpins the Vulnerability Assessment Service – provides a daily security update feed with more than 53,000 network vulnerability tests.  “New security vulnerabilities are being discovered and exploited by cybercriminals daily. For education organisations with large and diverse IT networks, it can be hard enough to simply understand their exposure to known vulnerabilities, let alone try to coordinate patching and testing against them. The Vulnerability Assessment Service is designed to relive this pressure, and prevent outbreaks like WannaCry before they happen.”

Steve Kennett, Security Director at Jisc

“Having used the service for over a year, we’ve been able to streamline the way we deal with security vulnerability issues at the University. We can react quickly if we see that there is a critical or very widespread issue on our network that needs fixing. As a result, it’s become a central part of how we handle cybersecurity at the University.”

Sean Ashford, Networks and Systems Manager at the University of Winchester

For further information on the Jisc Cyber Security Services:

  • Jisc Cyber Security Frameworks – What they provide and how to procure: read more
  • Jisc Vulnerability Assessment Service – read more
  • Jisc Simulated Phishing and Associated Awareness Training Services – read more
  • How to automate vulnerability management across your entire institution – University of Winchester case study – read more
  • Identify your vulnerabilities before they are exploited to reduce your risk of ransomware attacks such as WannaCry and Petya – read more

Please contact the KHIPU team for further details on these services and how we can help protect your environment from cyber-attacks and support your cyber security strategy.