skip to main content
European Commission Logo
en English
Newsroom

Overview    News

UK Early Warning service for Cyber Threats

The NCSC helps UK organisations and critical infrastructure owners to detect cyber threats with new free alert service. The Early Warning service helps investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.

Image by Pete Linforth from Pixabay

date:  09/06/2021

See alsoWebsite

A free online service which alerts organisations and CI owners to potential cyber threats affecting their networks has been launched by the National Cyber Security Centre (NCSC) in UK. The new Early Warning service is designed to help businesses defend against cyber attacks by providing timely notifications about possible incidents and security issues.

The service automatically filters through trusted threat intelligence sources to offer specialised alerts for organisations so they can investigate malicious activity and take the necessary steps to protect themselves. Organisations will receive different types of alert, covering possible network compromises; notification of how their assets have been associated with undesirable activity or about their networks running vulnerable services that may need updating.

Organisations will receive the following high level types of alerts:

  • Incident Notifications – This is activity that suggests an active compromise of your system.
  • Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
  • Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.

The EW service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources. Early Warning filters millions of events that the NCSC receives every day and it correlates those which are relevant to the organisation into daily notifications via the Early Warning portal.

There are two types of alerts that will be sent when an alert is detected for a business:

  • Daily Threat Alert - this includes Incident Notifications and Network Abuse Reports
  • Weekly Vulnerability Alert - this includes Vulnerability and Open Port Alerts

The organisation can then use the information passed on by Early Warning to investigate the issue and implement appropriate mitigation solutions where required. The Early Warning service is designed to fit into an organisation’s wider defence strategy and to complement existing cyber security controls by adding another layer of defence.