Microsoft Advanced Threat Protection boosts NHS cyber security | NHS Digital
Microsoft Advanced Threat Protection is helping NHS trusts improve their cyber security. Stephen Ion, Desktop and Server Infrastructure Manager at the University Hospitals of Morecambe Bay NHS Foundation Trust, says improved cyber security tools have transformed his ability to protect his organisation’s systems.
Find out more: https://digital.nhs.uk/about-nhs-digital/corporate-information-and-documents/nhs-digital-s-annual-reports-and-accounts/annual-report-and-accounts-2018-19/4.-live-services-and-cyber-security
Morecambe Bay was the first trust in the country to implement Windows Defender Advanced Threat Protection (ATP), in May last year.
Continuous monitoring of abnormal activity means Stephen and his team are instantly alerted if systems are at risk.
“ATP is invaluable to us,” Stephen says. “We used to get warnings and malware alerts, but, since we’ve implemented ATP, we are learning things that would never previously have been picked up.
“For example, you can see when a user opened
a suspicious email attachment and you can work back through a timeline to see what the user was doing prior to that. The ATP alert tells you what else the malware has done and where
else it’s tried to talk to, so we can then carry
out remediation.”
ATP also gives NHS Digital’s Data Security Centre a national overview of evolving threats.
“It is not just monitoring our organisation,
it is monitoring the whole NHS,” Stephen says.
“Each trust feeds into the same repository of alerts and malware detections. If we had an alert on a number of PCs, instead of us working independently, NHS Digital gets the bigger picture.
“They can coordinate a response and alert
the whole NHS that this issue is happening nationwide,” he says. “Ultimately this benefits our patients – our clinical systems need to be available so we can treat patients and the confidential data they provide us with
needs to be kept safe.”
Subscribe to the NHS Digital channel: https://www.youtube.com/channel/UCiJsGFOHyf1jeFJztqDNpsg?sub_confirmation=1
Visit our website: https://www.digital.nhs.uk
Follow us on Twitter: https://twitter.com/NHSDigital
Follow us on LinkedIn: https://www.linkedin.com/company/nhs-digital
Like us on Facebook: https://www.facebook.com/NHSDigitalOfficial/
Transcript:
Cyber security for the NHS is very important. We need to make sure our patient systems are available so that we can look after our patients to the best of our abilities. ATP works on Windows 10. It basically sends a lot of additional telemetry to Microsoft. That’s then interpreted by Microsoft’s systems and it alerts you back to when it detects some suspicious activity and sends you an alert to say we’ve seen this suspicious activity, you may want to go and investigate it. It also means that the NHS Digital cyber security teams can also plug into that and pick up anything that may have been missed by an individual organisation. It also tells us how many other machines that this threat has appeared on. It gives you that in the investigation of the alert and you could also get a wider sense of is that threat something a lot bigger that’s happening to other trusts as well. The NHS Digital Data Security Centre received threat intelligence which suggested the UK was being targeted for a large scale spam campaign. Malicious emails are being used to initiate a complex and heavily obfuscated chain to deliver malware to Windows Enterprise desktops. The CSOC used ATP’s custom detection capabilities to alert on the initial payload, the behaviour of the malware and any post-infection network communications that were created as a direct result of the infection. The custom detections allowed affected organisations to respond in an efficient manner and ultimately stop the theft of sensitive data. This is for patient benefit. Our clinical systems need to be available so we can treat patients and also the data that they provide us with needs to be safe and secure. Having this capability in the local organisations allows them to keep track of what’s going on locally, but allows us to see what’s going on at the wider level and ultimately better protect the NHS.
Views : 963
cyber security
