ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more

A Stirling approach to threat protection in the higher education sector

How a leading UK university amplified its threat detection and response through a partnership with ThirdSpace and the power of Microsoft Sentinel.

The University of Stirling, an ambitious and forward-thinking institution, sought to further enhance the protection of its sensitive data and strengthen its defence against cyber attacks.

It enhanced security visibility, threat monitoring and incident response through a partnership with ThirdSpace, a Microsoft Gold Security Partner.


  • Improved and fully managed security established in just three months.
  • Maximised ROI of existing Microsoft 365 licensing and solutions.
  • A unified approach to threat detection and response through Microsoft Sentinel.
  • Complete visibility and continuous monitoring across the client's estate.
  • Reduced false positives and alert 'noise' to focus on the real threats.

Security challenges for an ambitious university

The higher education (HE) sector is a prime target for cyber attacks – subjected to over a thousand attacks per year in the UK.

Cyber attacks are also growing more sophisticated, with criminal organisations seeking valuable research information and large databases packed full of personal data.

Coupled with this threat of attack, HE providers also regularly face challenges for ensuring compliance with a number of stringent regulations such as GDPR, the Data Protection Act and aspects of the Scottish Government Cyber Resilience Framework.

The University of Stirling has big ambitions for the future, revolving around research excellence and collaborative learning delivery.

“Stirling needed to incorporate and protect a diverse range of systems on-premises and in the Cloud, without an existing SOC/SIEM capability.”

The university recognised that as its reputation as a leader in research grew, and as the complexity of its cloud infrastructure and the resulting growth in potential threat vectors became bigger, improved security was a priority to address.

Maintaining a high degree of protection against cyber threats is no easy task. As with all universities, Stirling needed to incorporate and protect a diverse range of systems on-premises and in the Cloud, without an existing SOC/SIEM capability.

Even though the perimeter was locked down with a strong firewall, it was recognised that improved visibility of threats and centralised monitoring of independent systems was required for enhanced protection.

As part of its Microsoft licencing, the University of Stirling had access to a wealth of Microsoft 365 security tools, and it wanted to ensure these tools were utilised to maximum effect with the resources available.

Stirling’s IT security team had a broad remit and was integral to a multitude of diverse projects. As a result, the team could not solely focus on threat monitoring and incident response, so leveraging the available solutions to their full capabilities was vital.

“We believed a partnership approach with a security specialist would be a key enabler and a great addition to our team, helping improve security visibility and increasing the efficiency and effectiveness in the way we spot and respond to threats.”

Victoria Szymanska – Cyber Security Specialist, University of Stirling

Lastly, when COVID-19 hit, the rapid rise in cyber threats, the huge demand for remote working needs and a requirement for secure remote access, massively upped the ante – compelling the university to accelerate improvements to its security posture.

To address these challenges, the university was keen to secure the services of a Microsoft partner that could help protect the organisation and make the most of its Microsoft technology investments.

SOC Capability Assessment - Free online tool

SOC Capability Assessment - Free online tool

Take your SOC Capability Assessment and zero in on your biggest security risks and priorities in minutes. Pick up your free report and we'll help you:

  • Understand what's needed to build a SOC inhouse vs. outsourcing it
  • Compare typical SOC costs based on your organisation's size
  • Uncover the hidden risks that can make or break a SOC
Take my assessment

Building a first-class security partnership

The University of Stirling was put in touch with ThirdSpace via our partner Phoenix, a specialist in IT services for the public sector and higher education. Stirling’s research and continual analysis and review of its security position confirmed its belief that Microsoft Sentinel would be a great fit.

As a SIEM platform, Microsoft Sentinel would bring together all of Stirling’s Microsoft solutions for a holistic security setup and drive improvements to ROI – but the university knew it would require assistance with set-up and continuous monitoring.

ThirdSpace were the perfect fit, as a Gold Microsoft partner in security, with intimate knowledge of the Microsoft 365 security suite.

The University of Stirling had identified a number of security areas where it wanted to provide industry-leading protection, namely:

  • Improved (and continuous) visibility across the threat landscape.
  • The ability to quickly identify security threats and incidents, including new and emerging threats within the industry.
  • The ability to mitigate, remediate and minimise further events and limit the impact on the organisation.
  • The capability to provide actionable intelligence at an operational, tactical and strategic level to ensure that, from the board down, risk can be proactively managed.

ThirdSpace and the University of Stirling agreed to a tailored approach to supply Security Managed Services, focused on improving security posture.

“Partnering in such a way enables the sharing of knowledge and expertise and facilitates knowledge transfer to the University of Stirling’s teams, enhancing our expertise and capability.”

David Telford – Executive Director for Information Services, University of Stirling

A personal approach to onboarding

The first stage of the journey, as with any managed security partner, was to carry out a client Readiness Assessment and personal onboarding process.

The Readiness Assessment exercise included a detailed review of critical assets, IT strategy, IT infrastructure and regulatory requirements. Upon completion of the assessment, several improvement opportunities were identified for the ThirdSpace and University of Stirling teams to work on together, including:

  • Fine-tuning Microsoft Threat Protection tools to improve visibility and prevention of attacks against endpoints, identity, email, and applications.
  • Improving processes for external access for trusted third parties, such as researchers, business partners and supporting organisations.
  • Consolidation of identity management processes across the university’s cloud and on-premises solutions.

Up and running in no time

From initial discussions, through to managed threat monitoring services in Stirling’s environment took three months. The Readiness Assessment and personal hands-on onboarding formed a critical part of the process, whereby our security experts worked closely with Stirling to understand its needs and how to set up the service in an optimal manner.

Throughout the onboarding process, ThirdSpace worked closely with Stirling to set-up the SIEM platform and handle the initial configuration of log sources and connectors, as well as elements of fine-tuning.

The ThirdSpace SOC team then took responsibility for handling the day-to-day monitoring of critical assets, collation of threats, incidents and events. We also took care of operational, tactical and strategic reporting, bringing our experienced insight to the fold to help stay ahead of new and emerging threats.

The onboarding process started with the connection of Microsoft log sources, giving visibility into some of the challenges that Stirling was facing. High numbers of anomalous sign-in incidents were quickly identified as a result of the university’s student population being widely dispersed around the globe.

The ThirdSpace team helped Stirling reduce the noise in these alerts and focus on the most important ones.

Smart solutions for the education sector

The threat monitoring tool that underpins ThirdSpace’s Managed Security Services is Microsoft Sentinel, Microsoft’s newest cloud-native SIEM.

Sentinel uses scalable machine learning algorithms based on decades of data from the Microsoft security team and can find, investigate and respond to threats in record time.

These built-in models correlate millions of low-fidelity anomalies and connect the dots to help you cut through the ‘noise’ of false-positive threat alerts and find the high-fidelity security incidents that matter.

Microsoft Sentinel provides the University of Stirling with built-in automation and orchestration tools with the ability to build custom playbooks to enable threat response automation, eliminating repetitive tasks, freeing up resources and allowing quicker threat response.

A+ results and a promising future

With the managed security service now in place, Stirling’s IT team has a clearer view across its estate and a newfound peace of mind that the ThirdSpace security experts are pro-actively monitoring its most critical assets.

“Using a managed security services partner helps to bring clarity to what is a complex operating model and allows us to identify noise and or potential threats much quicker.”

David Telford – Executive Director for Information Services, University of Stirling

The integration of Microsoft Sentinel, alongside the wider suite of Microsoft services, has also helped to drive improved value from its existing Microsoft licencing.

Next steps

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Subscribe to the ThirdSpace mailing list and get your free buyer’s guide to Microsoft Enterprise Security

Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.

You may also like...


Choosing your managed security services partner (MSSP)


A buyer’s guide to Microsoft Enterprise Security – including free licensing infographic and partner checklist!


The University of Stirling ranks in the top 20 UK universities for overall student satisfaction according to the National Student Survey (NSS) 2020.

Stirling is committed to providing education with a purpose and carrying out research that has a positive impact on communities across the globe.

The University’s scenic central Scotland campus is home to more than 14,000 students and 1500 staff representing around 120 nationalities.

Visit website

What’s the ROI of Microsoft Sentinel? – Free report!

Take the SOC Capability Assessment and discover the cost-saving potential.

Get my report

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.