PRACTICE VALUE REPORTTable of Contents
01 Cyber Threat Overview02 Protection Landscape03 Enterprise IT Security
Approach04 WWT Security Domains and
Architecture05 WWT Team Background06 WWT Team Detail
A Principled Approach to Achieving Holistic Security Posture
SECURITYPRACTICE
Astounding: the complexity of today’s cyber threat matrix.
Insider Threats related to unsecured peer-to-peer access, Mobile Threats including SMS fraud and mobile malware and the rise of Advanced Persistent Threats (APTs) form a complex threat landscape operating across many levels.
Malicious and non-malicious breaches both cause significant damage, including loss of brand value and reputation, customer credit card information disclosure and actual financial losses, as well as breakdowns in operational activity that drain productivity.
MULTI-LEVEL THREATS
HIGH DAMAGE POTENTIAL
Threat Evolution The landscape of cyber security threats has evolved with the growth of networked connectivity, from viruses in the 90s to worms, malware and phishing attacks in the 2000s, and now, cyber attack missions utilizing APTs or military leaders defining the rules of engagement for cyber-war.
Reactive Response StanceProtecting against massive, coordinated cyber attacks and addressing vulnerabilities derived from app stores and insecure mobile browsers is beyond the tactical capabilities of most enterprise IT security programs. A strategic response stance is required.
Strategic Response StanceThe future of IT security requires an approach that assumes those who want to get in will get in, and implements strategies to identify intruders, protect data and use intelligent analytics and dynamic processes to capture information regarding intrusions or signs of data extraction.
BREACH READINESS
01
D I F F E R E N T O R G A N I Z A T I O N S • D I F F E R E N T V U L N E R A B I L I T I E S
Strategic Principle #1: A holistic security posture focuses on prevention, detection and remediation.
A strategic response stance starts by identifying your organization’s value as a target
• TARGET MATURITY MODEL/LEVEL• BUSINESS ALIGNMENT• THREAT PREVENTION AND DETECTION CAPABILITIES• RESPONSE AND REMEDIATION STRATEGY• BUSINESS CASE JUSTIFICATION
FBI • US Military Cyber CommandLocal Law Enforcement • NSA • CIA
02
Your Security Solution: What does it look like?
03
Strategic Principle #2: Holistic solutions balance people, processes and technology.
Strategic Principle #3:
Operational readiness and tactical response are key concerns of a sustainable security posture.
WWT’s Approach is to Validate then Strengthen Your Security Posture.
• Threat Defense Maturity Model and Gap Analysis• Alignment with Business Priorities• Remediation Recommendations as part of a
Risk-Based Security Model
Strategic Principle #4:
IT security solutions must address the current threat landscape and high-risk vulnerabilities.
NetworkAccessControl
Web Securityand Mobile
Device Mgmt
SecurityAnalytics
SOLUTION ARCHITECTURES
WWT uses these domains to apply a principled approach to developing Solution Architectures that address the IT security challenges of our customers.
Advanced Threat Defense
The broad attack surface of advanced threats make solutions in this area a top priority, and WWT combines several focus areas, including anomaly detection within systems and behavioral elements, the presence of malware and other attack vectors, and big data analytics to predict and surgically address threats to enterprise assets and critical infrastructure.
Secure Data Center and Cloud
WWT understands how to secure the data center, public, private and hybrid clouds, by employing solutions that account for both fundamental concerns, such as virtualization security and multitenancy, next generation firewalls and storage encryption, as well as employing intrusion prevention systems, data loss prevention tools and database security elements.
Secure Mobility
With expertise and OEM products enabling identity and access control, VPNs, mobile data protection and mobile device management, wireless infrastructure and management, and large-scale tablet deployment and imaging, WWT is able to architect complete solutions for Secure Mobility.
04
Strategic Security Domains: Validate, Strengthen.
• Remote Access• Network Identity and Access
Control• Multi Factor Authentication• Risk-based Authentication
• Next Gen Firewalls • VPNs - Site, DMVPN, etc.• Intrusion Prevention Systems • Context-based Authorization• Router and Switch Security• Virtualization Security and
Multitenancy
• Data Loss Prevention• Storage Encryption • Database Security • Mobile Data Protection• Content Protection (email and
web)
• Configuration Management• Security Analytics• APT Investigation• Behavioral Analytics• Malware and other Attack
Vectors
ITINFRASTRUCTURE
ACCESSCONTROL
DATAPROTECTION
SECURITY MGMT & ANALYSIS
ITINFRASTRUCTURE
WWT SECURITY TEAM DETAIL
By investing over $30 million in OEM technologies and integrating these solutions to address our specific, real world environments and challenges, WWT has established a lab, demo and POC eco-system, which improves the discovery and evaluation process at zero cost to our customers.
EXAMPLES:
• Cisco ISE, Citrix Zenprise, Security Analytics• Security labs and “sandboxes” designed to enable testing in
quickly deployed, real world configurations that reflect the environments of our customers
• Breach Readiness demos with Incident Reporting and Analysis
ASSESSMENTS • WORKSHOPS • DEMOS: Our Tools
05
Michael J. McGlynnVice President and General Manager, Intelligence Community
Prior to joining WWT, Mr. McGlynn spent 25 years at the National Security Agency as a member of the NSA Senior Executive Service, holding various technical and leadership positions in the areas of systems development, mathematics and cryptography. He is a graduate of the NSA’s Director Leadership Program and Senior Technical Development Program and has received several honorary awards, including two Meritorious Civilian Service Awards and the Deckert Foster Excellence inSIGINT Engineering Award. He has an M.S. in Computer Science from JohnsHopkins University and a B.S. in Mathematics from the State University of New York at Albany.
Team Member
Snapshot
Members of our team hold Masters and PhD degrees from top University programs, as well as over 100 certifications from accredited organizations and OEM training academies. Team members are required to perform ongoing education and skill assessment coursework designed to enhance WWT’s Security Practice capabilities, and keep up with technology trends.
TOPCREDENTIALS
Demand from our commercial and federal customers spans an array of verticals and has resulted in WWT’s Security Practice engaging projects in industries ranging from banking and finance to healthcare, telecommunications, entertainment, pharmaceuticals and energy. Federal customers include not only large agencies and departments but also military branches and other organizations requiring top security clearance.
INDUSTRYKNOWLEDGE
The evolution of WWT’s security practice represents a strategic initiative for our company and is invested in accordingly. Combining external recruiting with internal development we have accomplished the scalability necessary to enable rapid deployment.
SCALABLE AND ABLE TODEPLOY QUICKLY
NATIONAL SECURITY LEADS
BRIAN ORTBALSDir, Advanced Technologies
LADI ADEFALASecurity Practice Manager
AMAN DIWAKARTechnical Solutions Architect
AAMIR LAKHANITechnical Solutions Architect
TIM ADAMSTechnical Solutions [email protected]
COMMERCIAL SECURITY LEADS
ZAC WARRENNorthwest
CHAD CHAFFEESouthwest
BRIAN TRULOVEMidwest
MARK ZIMMERMANSoutheast
FEDERAL SECURITY LEADS
JOHN GIDDERSNavy, USMC
FARHAN MIRZACivilian
JAMIE ROTHAir Force
LAVERNE SANDERSHealthcare
BRIAN BAKERArmy
06
A Principled Approach to Achieving Holistic Security Posture
SECURITYPRACTICE