Avida Medical

TwentyFour IT Services Ltd migrated Avida Medical’s infrastructure to a secure, UK-based data centre. This included virtualising legacy servers, consolidating workloads for efficiency, implementing high-availability and backup systems, and ensuring compliance with MHRA and NHS Digital standards. This migration significantly improved uptime, scalability, and disaster recovery readiness.

A seamless transition to Microsoft 365 was executed to modernise collaboration and communication, enable secure access to email and files from any location, introduce conditional access and MFA policies, and minimise disruption to operations during the transition.

Endpoint Detection and Response (EDR) was deployed to provide 24/7 SOC capabilities, enabling continuous monitoring of endpoint activity, detection of malware, ransomware, and suspicious behaviour, automated alerting and triage by security analysts, and integration with active monitoring for rapid remediation.

Remote monitoring and management (RMM) was implemented to manage and patch endpoints, automate threat response actions triggered Endpoint Detection and Response, enforce security policies across all devices, and provide asset visibility and compliance reporting.

Security Information and Event Management (SEIM) was introduced to centralise and analyse logs from firewalls, servers, endpoint devices, cloud applications, and Microsoft 365. Threat intelligence feeds and correlation rules enabled proactive detection of complex attack patterns and insider threats.

To secure Avida’s cloud environment and intellectual property, Cloud Application Monitoring was deployed to monitor Microsoft 365 user activity, detect suspicious logins, privilege escalations, and OAuth abuse, identify potential data leakage events including unauthorised file sharing or downloads, and provide real-time alerts and compliance dashboards.

To enforce least privilege and application control, Zero Trust tool and policies were implemented with application whitelisting to block unauthorised software, ringfencing to isolate applications from sensitive data, USB control and device lockdown, and real-time audit trails for compliance and incident response.

Following a security incident involving an NTLM relay attack attempt, TwentyFour IT Services Ltd identified and contained the threat, decommissioned vulnerable servers, hardened domain controllers and endpoint configurations, and implemented proactive monitoring and alerting.

A comprehensive disaster recovery plan was developed and shared with Avida’s leadership and legal teams. This included off-site backups with defined retention policies, recovery time objectives (RTO) and recovery point objectives (RPO), and documentation for legal and compliance audits.