Nuffield Health

Trend Micro Keeps Nuffield Health Safe from Threats Amidst Digital Expansion


Healthcare organisations are an increasingly lucrative target for financially motivated cyber-criminals. Over the course of the pandemic, hospitals around the world have been hit with surging ransomware levels as highly organised groups use APT-style tactics to take life-saving services offline. Elsewhere, patient and employee data remains highly sought-after. Cybersecurity professionals working in the industry warn that breaches could triple over the course of 2021.

Nuffield Health’s Head of Enabling IT, Ed Moss, knows these risks only too well. His role demands oversight of a large, distributed estate that covers over 300 sites, including: 32 hospitals, 112 fitness & wellbeing centres, seven clinics and multiple corporate locations. That means securing not only servers, storage and networks but also end-user computing and unified comms for 14,500 employees and 20,000 consultants and instructors.

Starting off

Nuffield Health’s relationship with Trend Micro dates back to 2007, when the firm bought Trend customer Cannons Health & Fitness. A decision was made early on to centralise endpoint security onto a single unified tool, and OfficeScan was chosen as IT managers deemed it a more streamlined product which nevertheless offered powerful protection. The organisation has since upgraded to Trend Micro Apex One for all endpoints.

Having seen the benefits that Trend Micro technology could bring to the organisation, Nuffield Health subsequently invested in Deep Security for server protection and Deep Discovery Inspector (DDI) for network-layer threat prevention. Ed says the requirement on the server side was for a product which could help to shield legacy systems from known and unknown threats, without impacting performance.

Trend Micro end-to-end

Over the years, Nuffield Health has committed to Trend Micro across multiple layers of IT infrastructure. These include:

Apex One for endpoint security. It offers:

  • Comprehensive protection: from device control, web reputation and URL filtering to predictive and runtime machine learning, behavioural analysis and DLP
  • Centralised visibility and control for consistent security management, visibility, and reporting
  • Support for a broad range of devices, applications, and file types
  • Automated threat detection and response

Deep Security for runtime protection of workloads, delivering:

  • Unified security from a single agent across physical, virtual, cloud and container environments
  • Protection against vulnerabilities with virtual patching
  • Seamless integration with DevOps via automated deployment and policy management, and tie-ins with orchestration tools such as Chef, Puppet, and Ansible

Deep Discovery Inspector (DDI) for protection against advanced targeted threats via:

  • Monitoring of all network ports and 105+ protocols
  • Custom sandboxing, which is difficult for attackers to evade
  • A Managed XDR (MDR) option where Trend Micro experts monitor, investigate and respond to serious threats at the network layer

Vision One with managed detection and response service (Managed XDR) which enables:

  • Smart correlation of threats across multiple layers of defence (servers, networks, endpoints, email, cloud workloads)
  • Increased risk visibility and faster response times
  • Simple integration into Trend Micro and third-party tools like SIEM/SOAR
  • Managed XDR service for Trend managed 24/7 alert monitoring and prioritization, with expert threat identification and investigation

Cloud App Security
for advanced threat and data protection of Office 365, Google Workspace and other cloud services. It offers:

  • Protection from millions of threats annually that native Microsoft/Google filters fail to spot
  • Detection of incoming and internal phishing attempts
  • Close integration with Trend Micro Vision One for XDR

Visibility and control

Deep Security has provided enhanced protection for Nuffield Health without sacrificing performance, says Ed.

“Having a large number of hospitals to manage means plenty of legacy systems and applications which are difficult to remove,” he says. “This is where Deep Security’s virtual patching has been a huge win for us.”

Virtual patching is a multi-layered intrusion prevention solution which shields vulnerable software and operating systems from both known and unknown threats. As such it can buy customers time until a vendor patch is released, or protect legacy systems for which patches are no longer available.

Adding Managed XDR capabilities to the mix has also helped Nuffield work more productively, by “cutting out a lot of noise” and ensuring they only deal with the most critical alerts, he adds.

“We know Trend Micro has it covered and if anything critical comes in we get alerted,” Ed continues. “It’s definitely allowed us to run a leaner operations team. We don’t have a dedicated SOC or security resource, so we can focus our time in better way.”

Most recently, Nuffield Health switched on Cloud App Security integration with XDR, for enhanced visibility and control all the way from critical services running on hospital desktops to traffic flowing across cloud applications.

“Everything we’re seeing from an Apex One and Cloud App Security point of view, is joined up and automated now, which allows us to remove false positives and focus on what needs to be done,” says Ed.

Going digital

Over the past 18 months, Nuffield Health has sought to digitally transform many of its IT services to improve cost efficiencies, productivity and the customer experience. The pandemic has forced it, like many organisations, to accelerate these efforts with things like digital GP services, and online exercise classes. Trend Micro has been able to support these efforts with seamless integration into cloud platforms like Azure and a SaaS delivery model. During this time, the relationship has continued to mature.

“I’ve worked with Trend Micro for 14 years in various roles and the thing I’ve noticed most is the progression and development of its account management and customer service,” concludes Ed.

“We’re now really involved in direct discussions on the product sets and have a technical resource aligned to the account manager who gives us detailed advice, as well as Premium Support. We feel confident that our next digital steps will be taken on a really secure foundation.”