A partnership for the health sector between Cloud21 and Qualys has resulted in a new specialist solution being developed to help NHS IT teams with vulnerability management and reporting against NHS Cyber Alerts
The Cloud21 Vulnerability Management Solution is built on the Qualys VMDR platform. To meet NHS requirements Cloud21 has developed an add-on module that supports NHS IT teams to manage and report on NHS Cyber Alerts. As a whole, it provides a scalable solution to help dramatically improve trusts security posture and provide means of protecting infrastructure from existing and potential threats and vulnerabilities. Automation of operational, compliance and board level reporting is an enabler for more proactive cyber security management.
Commenting on the need for such a solution, Director of Technical Services Mark Bishop said, “Traditional endpoint solutions don’t interface well with each other, creating integration headaches, false positives, and delays. Ultimately, devices are left unidentified, critical assets are misclassified, vulnerabilities are poorly prioritised, and patches don’t get fully applied.
“Working with our NHS clients, our vulnerability management services team could see a need for an uncomplicated, trustworthy solution, that brings none of the hindrances of the traditional solutions, but one that also serves the needs of the NHS.”
Qualys VMDR is a cloud solution for vulnerability management, detection, and response prioritisation, and provides evidence for elements of DSPT. It has been built and refined over more than two decades to achieve 6-Sigma scanning accuracy and leverages Qualys Cloud Agents and sensors to collect data from different digital environments.
To provide a complete workflow for the NHS, Cloud21 has developed a module that helps trusts answer the question, ‘what is vulnerable and what is subject to NHS cyber alerts on my estate?’ Bespoke interactive dashboards support the management and reporting of both historical alerts and newly issued critical and high severity alerts. These alerts are added to the Cloud21 knowledge base within four hours of the notification by NHS Digital.
Bishop continues, “If you’re starting from zero, then the free asset manager from Qualys is an ideal starting point. NHS IT teams can download this tool and be safe knowing that the platform has all the capabilities they need via straight forward upgrades and the Cloud21 NHS Cyber Alert module. And they also have our team on hand to support them.”
Cloud21 offers a Vulnerability Management Suite as a standalone managed service, to bolster NHS IT team resources to ensure the successful and continuous roll out of patches within appropriate and planned change windows.
Bishop explains, “It can be quite unnerving when installing such solutions because it is very likely it will highlight more vulnerabilities than expected. In the NHS when there’s a resource imbalance in IT, it’s not always feasible for small teams to patch everything made visible to them. The detection and visibility part is only one half of the job.
“We have built a Vulnerability Management Suite of services in response to clients finding themselves in this position so they can feel completely assured and we can reduce the burden on their team.”