How a leading UK university amplified its threat detection and response through a partnership with ThirdSpace and the power of Azure Sentinel.
The University of Stirling, an ambitious and forward-thinking institution, sought to further enhance the protection of its sensitive data and strengthen its defence against cyber attacks.
It enhanced security visibility, threat monitoring and incident response through a partnership with ThirdSpace, a Microsoft Gold Security Partner.
The higher education (HE) sector is a prime target for cyber attacks – subjected to over a thousand attacks per year in the UK.
Cyber attacks are also growing more sophisticated, with criminal organisations seeking valuable research information and large databases packed full of personal data.
Coupled with this threat of attack, HE providers also regularly face challenges for ensuring compliance with a number of stringent regulations such as GDPR, the Data Protection Act and aspects of the Scottish Government Cyber Resilience Framework.
The University of Stirling has big ambitions for the future, revolving around research excellence and collaborative learning delivery.
“Stirling needed to incorporate and protect a diverse range of systems on-premises and in the Cloud, without an existing SOC/SIEM capability.”
The university recognised that as its reputation as a leader in research grew, and as the complexity of its cloud infrastructure and the resulting growth in potential threat vectors became bigger, improved security was a priority to address.
Maintaining a high degree of protection against cyber threats is no easy task. As with all universities, Stirling needed to incorporate and protect a diverse range of systems on-premises and in the Cloud, without an existing SOC/SIEM capability.
Even though the perimeter was locked down with a strong firewall, it was recognised that improved visibility of threats and centralised monitoring of independent systems was required for enhanced protection.
As part of its Microsoft licencing, the University of Stirling had access to a wealth of Microsoft 365 security tools, and it wanted to ensure these tools were utilised to maximum effect with the resources available.
Stirling’s IT security team had a broad remit and was integral to a multitude of diverse projects. As a result, the team could not solely focus on threat monitoring and incident response, so leveraging the available solutions to their full capabilities was vital.
“We believed a partnership approach with a security specialist would be a key enabler and a great addition to our team, helping improve security visibility and increasing the efficiency and effectiveness in the way we spot and respond to threats.”Victoria Szymanska – Cyber Security Specialist, University of Stirling
Lastly, when COVID-19 hit, the rapid rise in cyber threats, the huge demand for remote working needs and a requirement for secure remote access, massively upped the ante – compelling the university to accelerate improvements to its security posture.
To address these challenges, the university was keen to secure the services of a Microsoft partner that could help protect the organisation and make the most of its Microsoft technology investments.
Take your SOC Capability Assessment and zero in on your biggest security risks and priorities in minutes. Pick up your free report and we'll help you:
The University of Stirling was put in touch with ThirdSpace via our partner Phoenix, a specialist in IT services for the public sector and higher education. Stirling’s research and continual analysis and review of its security position confirmed its belief that Microsoft’s Azure Sentinel would be a great fit.
As a SIEM platform, Azure Sentinel would bring together all of Stirling’s Microsoft solutions for a holistic security setup and drive improvements to ROI – but the university knew it would require assistance with set-up and continuous monitoring.
ThirdSpace were the perfect fit, as a Gold Microsoft partner in security, with intimate knowledge of the Microsoft 365 security suite.
The University of Stirling had identified a number of security areas where it wanted to provide industry-leading protection, namely:
ThirdSpace and the University of Stirling agreed to a tailored approach to supply Security Managed Services, focused on improving security posture.
“Partnering in such a way enables the sharing of knowledge and expertise and facilitates knowledge transfer to the University of Stirling’s teams, enhancing our expertise and capability.”David Telford – Executive Director for Information Services, University of Stirling
The first stage of the journey, as with any managed security partner, was to carry out a client Readiness Assessment and personal onboarding process.
The Readiness Assessment exercise included a detailed review of critical assets, IT strategy, IT infrastructure and regulatory requirements. Upon completion of the assessment, several improvement opportunities were identified for the ThirdSpace and University of Stirling teams to work on together, including:
From initial discussions, through to managed threat monitoring services in Stirling’s environment took three months. The Readiness Assessment and personal hands-on onboarding formed a critical part of the process, whereby our security experts worked closely with Stirling to understand its needs and how to set up the service in an optimal manner.
Throughout the onboarding process, ThirdSpace worked closely with Stirling to set-up the SIEM platform and handle the initial configuration of log sources and connectors, as well as elements of fine-tuning.
The ThirdSpace SOC team then took responsibility for handling the day-to-day monitoring of critical assets, collation of threats, incidents and events. We also took care of operational, tactical and strategic reporting, bringing our experienced insight to the fold to help stay ahead of new and emerging threats.
The onboarding process started with the connection of Microsoft log sources, giving visibility into some of the challenges that Stirling was facing. High numbers of anomalous sign-in incidents were quickly identified as a result of the university’s student population being widely dispersed around the globe.
The ThirdSpace team helped Stirling reduce the noise in these alerts and focus on the most important ones.
The threat monitoring tool that underpins ThirdSpace’s Managed Security Services is Azure Sentinel, Microsoft’s newest cloud-native SIEM.
Sentinel uses scalable machine learning algorithms based on decades of data from the Microsoft security team and can find, investigate and respond to threats in record time.
These built-in models correlate millions of low-fidelity anomalies and connect the dots to help you cut through the ‘noise’ of false-positive threat alerts and find the high-fidelity security incidents that matter.
Azure Sentinel provides the University of Stirling with built-in automation and orchestration tools with the ability to build custom playbooks to enable threat response automation, eliminating repetitive tasks, freeing up resource and allowing quicker threat response.
With the managed security service now in place, Stirling’s IT team has a clearer view across its estate and a newfound peace of mind that the ThirdSpace security experts are pro-actively monitoring its most critical assets.
“Using a managed security services partner helps to bring clarity to what is a complex operating model and allows us to identify noise and or potential threats much quicker.”David Telford – Executive Director for Information Services, University of Stirling
The integration of Azure Sentinel, alongside the wider suite of Microsoft services, has also helped to drive improved value from its existing Microsoft licencing.
The University of Stirling ranks in the top 20 UK universities for overall student satisfaction according to the National Student Survey (NSS) 2020.
Stirling is committed to providing education with a purpose and carrying out research that has a positive impact on communities across the globe.
The University’s scenic central Scotland campus is home to more than 14,000 students and 1500 staff representing around 120 nationalities.
Get the e-Guide – includes a free checklist to help you assess a security partner’s credentials.Get free e-Guide
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.