Several UK education institutions have adopted a Vulnerability Assessment Service, since the Jisc framework was first made available in April 2016. Institutions including the University of Winchester, University of Reading, Anglia Ruskin University, University of Hull, University of Winchester, Glasgow Kelvin College and Hartlepool College of Further Education – are using the service to identify, resolve and manage network vulnerabilities, against cyberattacks.
The Jisc Vulnerability Assessment Service framework is designed to enable institutions of all sizes to detect and manage vulnerabilities in their infrastructures including servers, endpoints, network and perimeter security equipment. Jisc first selected Greenbone and Khipu Networks to provide the service in April 2016, after a competitive (OJEU) tender process. The framework enables institutions to procure the service directly from Khipu Networks, without the time and money of a formal procurement exercise.
The service automates the process of vulnerability identification and management, and provides the necessary reporting to help institutions prioritise and act upon cyberattack risks. A recent example is the flaw in versions of the Microsoft Windows operating system that led to the spread of the WannaCry ransomware in May 2017, that led to high-profile trouble among NHS hospitals. The service first identified the vulnerability in February 2017, and immediately provided recommendations to patch against it being exploited. Institutions using the service were notified of the vulnerability – and which of their devices would be affected – along with the required remediation information to prevent any attacks.
Rob Spalding, Head of Infrastructure at Anglia Ruskin, said: “Using Jisc’s vulnerability assessment service enables the university to have a pro-active approach to cyber security. By having an automated solution that not only identifies vulnerabilities before they can be exploited, it reports on which systems will be affected and what actions need to be undertaken to protect them. This automated approach is vital in the defense against cyber-attacks including the recent ransomware which made headline news. The service, provided by Khipu Networks via the Jisc VAS framework, has been an immediate success for the university, with a quick return on investment.”
