Police CyberAlarm

Helping member organisations monitor and report the malicious activity they face from the Internet


Police CyberAlarm Monitoring Tool Goes Live in London with Major Upgrade

Businesses and organisations in London can now get access to an enhanced version of Police CyberAlarm, an award-winning free tool funded by the Home Office and delivered by police forces in the region.

The enhanced version of Police CyberAlarm works alongside an organisation’s current cyber security products, such as the firewall, Network Intrusion Detection System (IDS) and Intrusion Protection System (IPS), Anti-Spam and Network Anti-Virus to help members better understand the cyber threats they face.

Data received by the Police CyberAlarm Server is then used to create regular reports on potential malicious activity seen by individual members as well as reports containing threat trends seen across the member network. Members can then use this reported intelligence to update their defences to better protect themselves from cyber threats.

Vulnerability Scanning can be added and used to scan an organisations website and external IP addresses, providing regular reports of all known vulnerabilities.

Since launch, Police CyberAlarm has identified over a billion potential suspicious events resulting in reports and advice being given to members, enabling them to take action to prevent a successful attack.

In one case Police CyberAlarm detected a UDP amplification attack, a very potent attack method that turns an organisation’s own equipment against it, causing the member organisation infrastructure to attack itself.  Working with the Police CyberAlarm team, the member was able to mitigate the effects of the attack stopping it from having any effect on its network.

In another case a company, which was not a Police CyberAlarm member, fell victim to a ransomware attack which forced it to shut down business critical systems. After contacting the police, Police CyberAlarm was installed immediately by the company, which was able to identify the method of the attack, which was communicated to the company to allow it to close the vulnerabilities that existed. The company’s next Police CyberAlarm report indicated that almost 1.3 million attempts to gain access had been made in the week after the attack.

As well as the data collected by Police CyberAlarm helping members to better protect themselves, the information gathered also helps regional and force cybercrime teams to build a much better understanding of the scale, types and clusters of cyber threats being aimed at members across England and Wales. Policing has been able to use the information collected to enable the local and regional cybercrime teams to proactively warn members of new emerging, recent and zero-day threats.

To coincide with the launch of the enhanced version of Police CyberAlarm, a new website has also been unveiled to make it easier for potential member organisations to get further information about the benefits of becoming a member and sign up for free. https://cyberalarm.police.uk/

Back To Top

What is Police CyberAlarm?

As a member, Police CyberAlarm is a free tool to help you understand and monitor malicious cyber activity against your network. This service is made up of two parts: monitoring and vulnerability scanning.

Police CyberAlarm will detect and provide regular reports of suspicious cyber activity, enabling your business or What is Police CyberAlarm? organisation to identify and take steps to minimise your vulnerabilities.

The data collected by the system only contains summary information (meta data and header information) about communications your business or organisation receives from the internet. The system is designed to protect personal data, trade secrets and intellectual property.

How Does Police CyberAlarm Work?

As a member, Police CyberAlarm is a free tool to help you understand and monitor malicious cyber activity against your network. This service is made up of two parts: monitoring and vulnerability scanning.

Police CyberAlarm will detect and provide regular reports of suspicious cyber activity, enabling your business or organisation to identify and take steps to minimise your vulnerabilities.

The data collected by the system only contains summary information (meta data and header information) about communications your business or organisation receives from the internet. The system is designed to protect personal data, trade secrets and intellectual property.

Once you become a Police CyberAlarm member you install a virtual or physical ‘Police CyberAlarm Collector’ on your network, which will be used to collect and process traffic logs to enable the identification of suspicious and malicious activity from your firewall/internet gateway, Network Intrusion Detection/Prevention system (IDS/IPS), Network Anti-Virus and Anti-Spam filters.

Police CyberAlarm is a monitoring system and does not interfere with normal network operations. There are two ways to install the data collector, and both are easy to do.

What information does Police CyberAlarm collect and how is it used once collected?

The Police CyberAlarm Data Collector installed on your site first identifies suspicious data and by doing so automatically filters out any internal traffic and data from known trusted sources.

The remaining data is then encrypted and transmitted to the Police CyberAlarm servers where it is collated, verified, analysed and shared between police forces allowing them to identify new trends, patterns, and cyber-attacks.

It is also then possible to identify whether there are repeated trends or patterns on particular services, products, or devices. This information can be used to inform advice and guidance to member organisations and others, as well as to enable the police to take enforcement action.

Each member organisation will benefit from their own report which will include the identification of the new trends and attacks allowing them to better defend themselves against such attacks.

What are the benefits to my business?

Police CyberAlarm benefits both member organisations and UK Policing.

Members benefit from regular intelligence reporting, through their ‘Member Summary Threat Report’, summarising suspicious activity detected in the external traffic logs sent to their Police CyberAlarm collector.

In addition to this report, members who opt in for vulnerability scanning will also receive a ‘Vulnerability Assessment Report’. This report details any known potential vulnerabilities and the CVE codes for those vulnerabilities to help better protect the organisation.

Where do I sign up?

If you would like to become part of Police CyberAlarm or find out more about receiving regular security updates and reports to help you gain a better understanding of current threats, register at https://cyberalarm.police.uk/


Police CyberAlarm is a police system and all data collected is collected by the police and not the Cyber Resilience Centre.

Back To Top

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation.
The intention of The Cyber Resilience Centre for London is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.
Articles on the website cannot by their nature be comprehensive and may not reflect the most recent legislation, practice, or application to your circumstances.

Stay Connected

For specific questions please contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..

Twitter: @London_CRC
LinkedIn: Cyber Resilience Centre for London
YouTube: Cyber Resilience Centre for London