McCormickCo Security Integrates Armis with NHS England Defender for Endpoint to Deliver End to End Visibility

Overview

NHS organisations operate highly complex digital environments that support essential services and functions. Ensuring cyber security across such estates requires more than isolated tooling; it requires clear, continuous visibility and the ability to translate technical insight into meaningful assurance to enable informed decisions. McCormickCo Security has developed an integration with Armis allowing NHS England Microsoft Defender for Endpoint data alongside Armis agentless scanning to bringing cyber visibility across the NHS and Integrated Care Boards.  This increased understanding of cyber security posture facilitates risk identification and management across the organisation, network, and asset disciplines. The Armis complete environment reporting and audit logs provide clear evidence of compliance through the Data Security and Protection Toolkit as well as the Cyber Assessment Framework.

By consolidating endpoint telemetry and asset intelligence into a single, central platform through Armis, organisations gain a coherent, trusted view of cyber risk that supports effective governance, prioritisation, and decision-making across NHS and Integrated Care Board estates.  

Addressing Asset Visibility as a Foundation of Cyber Assurance

A consistent challenge across NHS cyber assurance is maintaining confidence in asset management. NHS environments frequently contain systems that cannot support traditional endpoint agents, including medical devices, diagnostic platforms, operational technology, and supplier-managed solutions. These assets often represent higher operational or patient safety risk while simultaneously being the least visible.

Armis provides continuous, agentless discovery of assets across NHS networks, identifying devices as they appear and monitoring their behaviour over time. Microsoft Defender for Endpoint provides deep telemetry, protection status, and threat detection for managed endpoints such as servers and workstations.

Armis integrates these data sources to create a unified view of the NHS estate. This approach removes blind spots, reduces reliance on static asset registers, and enables NHS organisations to demonstrate confidence in the scope and composition of their digital environment.

Turning Technical Data into DSPT CAF Evidence

Data Security and Protection Toolkit requires organisations to demonstrate not only that controls exist, but that risks are understood, monitored, and actively managed. Raw security alerts or disconnected dashboards are not sufficient to meet this expectation.

Through this integration, asset and endpoint data is contextualised to support DSPT CAF evidence requirements. NHS organisations can demonstrate visibility of systems processing NHS data, identify unmanaged or unsupported assets, and show how risks are prioritised and addressed.

This supports clearer narratives around risk ownership, remediation planning, and residual risk, strengthening DSPT submissions and reducing last-minute evidence gathering.

‍
Alignment with the Cyber Assessment Framework

The integration of Armis with NHS England Defender for Endpoint directly supports multiple CAF objectives and outcomes.

Managing Security Risk

Unified asset and endpoint visibility enables NHS organisations to demonstrate an accurate understanding of their environment. Risks are identified based on real-time asset intelligence rather than assumptions, supporting informed decision-making and more robust risk registers.  

Protecting Against Cyber Attack

Defender for Endpoint provides evidence of endpoint protection, configuration, and attack surface reduction on supported systems. Armis complements this by identifying assets that cannot be protected in the same way and highlighting where compensating controls or additional mitigations are required. This supports a proportionate, risk-based protection strategy.

Detecting Cyber Security Events

Continuous monitoring across both managed and unmanaged assets improves detection capability. Defender for Endpoint provides high-confidence detections on endpoints, while Armis identifies anomalous behaviour across wider networked assets, including medical and operational technologies.

This combined approach strengthens confidence that security events will be detected promptly across the full estate.  

Minimising the Impact of Cyber Incidents

During an incident, visibility of assets, connections, and criticality is essential. The integration enables faster triage and containment decisions, helping NHS organisations respond in a way that considers both cyber risk and clinical impact. This supports CAF outcomes related to resilience, response readiness, and recovery.

Evidencing Continuous Assurance, Not Point in Time Compliance

A key benefit of this integration is its support for continuous assurance. Asset and endpoint visibility is maintained year-round, enabling NHS organisations to identify emerging risks early, track improvements over time, and demonstrate maturity rather than point-in-time compliance.

This approach aligns with NHS England expectations for sustained cyber resilience and reduces reliance on manual data collection during assurance cycles.

An NHS Aligned Delivery Model

McCormickCo Security delivers this integration with a clear understanding of NHS operational and clinical priorities. Implementation is designed to be safe, non-disruptive, and aligned with existing architectures, governance models, and clinical constraints.

The focus is on enabling collaboration between cyber security, IT operations, information governance, and clinical stakeholders, ensuring asset intelligence supports shared understanding and effective decision-making.

Strengthening Cyber Resilience Across NHS Estates

As NHS cyber environments continue to grow in scale and complexity, asset intelligence and endpoint visibility remain foundational capabilities. Integrating Armis with NHS England Defender for Endpoint provides a practical, scalable way to achieve this across diverse NHS estates.

McCormickCo Security supports NHS organisations in turning asset and endpoint data into meaningful assurance, strengthening DSPT submissions, supporting CAF outcomes, and ultimately contributing to the safe and resilient delivery of patient care.

Contact | McCormickCo Security

For more information on the Armis and Microsoft Defender for Endpoint integration, or to discuss how this approach can support your organisation’s DSPT submission, CAF outcomes, and wider cyber assurance objectives, please contact McCormickCo Security.

Our team can provide further detail on the technical architecture, assurance mapping, and NHS-aligned delivery approach, and support organisations in assessing how this integration can be safely and effectively implemented within their environment.

‍

‍