University of Stirling

Elevating cyber security: University of Stirling’s successful partnership with Phoenix Software

University of Stirling

The University of Stirling is committed to providing education with a purpose and carrying out research which has a positive impact on communities across the globe – addressing real issues, providing solutions, and helping to shape society.

The university has more than 18,500 students globally and employs 1,800 staff, with more than 140 nationalities represented at its scenic central Scotland campus. With a commitment to leveraging technology wherever it can and enabling its staff and students to do so with confidence, the university required a reliable and proactive security solution to safeguard its digital infrastructure and protect its reputation as a safe place to learn.

This case study explores the collaboration between the University of Stirling and Phoenix Software, focusing on the successful implementation of Phoenix’s Security Information and Event Management (SIEM) solution, Sentinel Essentials, all delivered by Phoenix’s highly skilled and experienced 24/7 security operations centre (SOC).

Key facts

Staff and students:

20,000

IT Team:

30 members

Security Team:

Three

Implementation timeline:

transitioned to Phoenix in September 2023, with the Threat Containment module added by December 2023

Alert response:

issues that had lingered for over a year were resolved within six weeks

Threat isolation:

compromised devices now isolated within three minutes

“As soon as we heard Phoenix was launching its Sentinel security service, we were keen to know more. Having worked with Phoenix for a number of years already, we knew that they approached challenges in a very methodical, proactive, and solutions-focused way. This gave us the confidence that they would approach SIEM in the same way.”

James Blair, Director of Development and Operations, University of Stirling

Challenge

As a large university with approximately 1,800 staff members and a diverse range of devices, across both university-owned and bring your own device (BYOD), the University of Stirling needed to enhance its security infrastructure and activity monitoring. While its IT Team consists of 30+ full-time members of staff, they are spread across a multitude of disciplines, from product development to operations and desktop management.

At the time of engaging with Phoenix, the university had only one person dedicated to security full-time, who would often be overwhelmed by the sheer volume of security alerts being generated by the existing SIEM platform. The team has now increased significantly, however they faced several other challenges at the time:

  • Lack of proactive security measures: the incumbent security solution was mostly reactive, leaving the university vulnerable to potential threats
  • Insufficient skillset: With the SIEM being so cutting-edge, the internal team did not have the expertise or capacity needed to maximise the effectiveness of the previous security service at that time
  • Persistent security alerts: the high volume of alerts generated by the existing SIEM solution overwhelmed the university’s small Security Team. Many alerts were triggered by benign activities, such as students logging in from unusual locations or using a VPN, leading to numerous unresolved alerts. This made it challenging to distinguish genuine threats from harmless activities, posing a constant risk to the university’s security
  • Longstanding issues left unresolved: specific security issues had remained unresolved for extended periods, undermining the university’s IT Teams’ confidence in their current SEIM security infrastructure

“Whatever you do with Phoenix, take the Sentinel Service. It’s been one of those services that just worked for us. We are now more confident that any issue will be addressed promptly and effectively than ever before.”

James Blair, Director of Development and Operations, University of Stirling

Solution

The University of Stirling needed a trusted security partner that could offer a comprehensive, proactive security monitoring service. It also needed a partner that could be authorised to undertake specific remedial action against security threats on the university’s behalf to further lighten the load of its IT Team.

The University of Stirling turned to Phoenix Software, which was already a long-standing partner of theirs for Microsoft licensing and services, and an Azure migration project. Phoenix proposed the implementation of its Phoenix Protect managed service, which consisted of the following solutions:

Orange tick icon

Microsoft Sentinel SIEM: a Security Information and Event Management system providing 24/ 7 monitoring and management of security alerts 

Orange tick icon

Phoenix SOC Managed Service: a dedicated team working closely with the university’s IT Team to monitor, analyse, and respond to security threats in real time

Orange tick icon

Threat Containment Module: this add-on enables Phoenix to take immediate action on identified threats on the university’s behalf, such as isolating compromised devices within minutes 

“One issue that had been outstanding for a year was fixed within six weeks of partnering with Phoenix. Their ability to filter out false alerts and focus on genuine threats has been a game-changer for us.”

Lesley Gibson, Cyber Security Manager, University of Stirling

Benefits

The partnership with Phoenix brought numerous benefits to the University of Stirling:

Orange tick icon

Proactive security management: the transition to Phoenix’s managed service allowed for proactive monitoring and resolution of security threats, significantly reducing the university’s exposure to risks

Orange tick icon

Enhanced expertise and support: with the Phoenix Security Operations (SOC) Team’s expertise, the university could leverage advanced security measures without needing extensive in-house skills

Orange tick icon

Streamlined alerts and responses: Phoenix’s ability to filter out unnecessary alerts and focus on genuine threats improved the efficiency and effectiveness of the university’s security operations

Orange tick icon

Quick resolution of issues: long-standing security issues, such as those related to unusual login locations, were resolved within weeks, enhancing overall security

Orange tick icon

Confidence and peace of mind: the university gained confidence in its security posture, knowing that any potential threats would be swiftly identified and mitigated

“Phoenix’s 24/ 7 monitoring of our security alerts by their SOC Team is a perfect example of how a proactive monitoring service should work. It is not unusual for the SOC Team to spot a potential problem before we’re even aware of it, at which point they’re already addressing it. They are genuine experts in their field.”

Lesley Gibson, Cyber Security Manager, University of Stirling

Conclusion

The University of Stirling’s collaboration with Phoenix has significantly enhanced its cyber security capabilities. By implementing Microsoft Sentinel SIEM and leveraging Phoenix’s managed service, the university transitioned from a reactive to a proactive security posture.

This partnership has not only resolved long-standing security issues but also provided the university with the expertise and confidence needed to protect its digital assets, staff, and students effectively.

Our specialists are here to help solve your challenges

Contact our specialists now to explore the tech solutions available for you.

Alternatively, email us at [email protected] or call 01904 562200 and one of our specialists will be in touch to discuss your requirements.