Solutions that improve the visibility, control and security of endpoint ecosystems
Companies are facing a wide variety of new and complex security challenges: growing attack surfaces, sophisticated attacks, explosive data growth and a pervasive lack of integration between security solutions, among others.
Despite all the efforts and resources that organizations invest in traditional information security approaches, they still fall prey to cyber threats, or they find that they are unprepared to manage the rapidly blurring boundaries of the enterprise’s perimeter. With the broad acceptance of portable devices, the old notion of a “moat” around a company’s perimeter is gone. The endpoint is the new perimeter and is the target of every attack.
Integrated Endpoint Security Architecture Framework
WWT’s Integrated Endpoint Security Architecture (IESA) mission is to provide our customers with solutions to improve the visibility, control and security of their endpoint ecosystems with speed and scale, all while driving operational efficiencies. Our framework consists of five pillars that help focus discussion in critical areas that, when explored, creates a more granular security strategy.
Endpoint Protection (EP). Organizations are beginning to ask if they can replace traditional antivirus (AV) solutions with their EP new counterparts: next-generation AV (NGAV), IR/Forensics, and operational management. These solutions extend beyond malware detection and prevention – offering protection by using threat intelligence, machine learning and white/black listing.
Management Platform. The ability to manage and execute functions from a central platform has become critically important as most large-scale organizations struggle with different technologies and processes. A unified management console is pivotal in any endpoint security architecture, allowing for effective execution of processes such as inventorying assets, identifying online users, validating configurations, executing change actions and much more.
Data Correlation & Security Analytics. Today’s networks generate incredible amounts of useful data. Organizations need better ways to leverage the use of network and security data to inform decision making. We focus on going beyond centralized event management by using security analytics to correlate data and draw inferences on real or potential incidents. This not only includes traditional data sets (ex. Firewall logs), but extends into user behavior, physical security and a host of other data points.
Security Automation and Orchestration. With challenges increasing in complexity and a shortage of security professionals, incorporating the process of automating actions before or during an attack reduces the overall impact. Security automation is quickly becoming a best practice to improve time to detection and subsequently, time to response within industry-leading Security Operations Centers.
Presentation. Knowing the operational status of an enterprise architecture is perhaps the most important of the pillars. The ultimate goal is a status report displaying the appropriate amount of information for decision makers. The ability to have multiple dashboards containing “drill-down” capability with more granular information can help decision makers constrained by time and resources.