Advantages of lab testing in the WWT Advanced Technology Center and security use cases

Selecting and testing the right security solution for your organization is a major decision and time consuming. The wrong choice can result in downtime, data loss or even a network breach. Informed decisions require thorough analysis of all available offerings, which can be challenging. This is a common theme I hear from customers, and I think everyone can relate to the pains of not having enough time, staff, expertise or the needed infrastructure to test and select the right solution for your organization.

That being said, would you ever buy a car without test driving it first? Doubtful. My advice to customers is to always take the same approach as car shopping and test drive security technologies before deploying them to protect your greatest assets.

ADVANTAGES OF USING WWT’S ATC

Recognizing this problem, WWT decided that the only way to eliminate the pains of evaluating new technology and help our customers reach their desired outcomes was to build an IT innovation ecosystem. This innovation ecosystem is known as the WWT Advanced Technology Center (ATC). The ATC brings hundreds of technology companies into one environment for testing and pairs our best minds with yours for guidance and expertise along the way. And, if that wasn’t enough, here’s some of the other key advantages when using WWT’s ATC:

  • Work anytime, anywhere with 24/7 secure, virtual access through ATC Gateway
  • Best in breed testing tools to simulate your environment
  • Industry experts available across a variety of security technologies to collaborate with you on infrastructure design and meeting regulatory requirements
  • Move quickly, effectively and efficiently with automation between physical and virtual environments

SECURITY USE CASES FOR THE ATC

So, hopefully, since you’ve made it this far, you agree that lab testing is important, but you may need to hear more about our ATC. Thankfully, I have plenty of examples to share that span several disciplines.

Endpoint management

The endpoint has emerged as a prime target for launching attacks against key assets, and traditional endpoint security is no longer effective. This is why many organizations are looking to upgrade their legacy technology to gain more visibility and protect against threats.

Evaluating the endpoint management market can be really time consuming, especially if you’re lacking time and resources. For one customer, we evaluated four next-gen endpoint solutions from start to finish – staging the testing area, conducting the testing, assembling the final report and making a recommendation. For another that wanted to do the evaluation of the solutions themselves, we built an on-demand sandbox environment that gave them access to our Endpoint Management Architecture (EMA). This solution utilized a combination of industry-leading applications, platforms and technology like Tanium, Splunk Enterprise and Microsoft Windows Defender®.

Next-gen firewall

A large retail customer with port-based firewalls and separate SSL-offload devices wanted to modernize their security architecture and needed to determine the right next-gen firewall (NGFW) solution. The retailer worked with us to create a NGFW proof of concept (POC) that would maintain security efficacy, even when pushed to a maximum load with threat features enabled, and identify the maximum load with two streams of internet traffic flowing in opposite directions. WWT worked closely with the customer to develop requirements and test plans, built their test environment, evaluated three NGFW solutions and delivered the results.

Threat protection on the NGFW POC was tested with a rule set of 500, with irrelevant rules placed before the permit statement. The POC also ensured that the intrusion prevention system (IPS) was enforcing all signatures on the OEM appliance to the strictest profile, turned on application visibility detection and added vulnerability strike pack with 420 strikes and 72 variant malware strings. The customer saved significant time and money in test resources and identified the right solution within six weeks of the project initiation.

Security training

For most organizations, security training is done infrequently and is stale (you can read more about this here). But, this use case is definitely not stale and probably one of my favorite examples of how our labs have been used. To run a cyber training exercise, four financial organizations asked us to create a cyber range in our ATC. To make this happen, we created a separate environment within our ATC for cyber war games between the various organizations. We were able to stand this up in four weeks and our customer didn’t have to use a hosted cloud provider for this individual training exercise.

Malware analysis

Not everyone needs a malware lab, but when you do you want to make sure it’s separated from your existing environment. For one customer, we created an independent malware analysis environment within a secure enclave of our ATC. The customer was able to perform sensitive analysis of custom threats targeted at their environment to determine how their 30+ OEM defenses would react. Based on each simulated attack, the customer would make configuration and/or policy changes to their environment until they successfully defended against the malware.

Automation

We all understand the extreme shortage in skilled resources. A solution for this can be automating the way your organization consumes and responds to threat intelligence indicators and put those repetitive tasks on autopilot. This SecDevOps approach can reduce the time it takes to get the myriad of security platforms and technologies to respond in a way that is aligned to your incident response process.

For example, a lot of our customers are already using individual solutions like FirePOWER, F5 load balancers, Tanium, Cisco Endpoint AMP or ThreatGrid, and the biggest hurdle they face is integration. The ATC coupled with the help of our engineers can integrate OEM products with internal incident response processes or integrate different OEM solutions to help you reach a succinct level of automation.

OFFERING THREE LEVELS OF CUSTOMIZATION

In order to make our lab service offerings seamless and consistent, we have three levels of customization:

  • Demos, sandboxes and training environments are offered on demand and can be scheduled with a WWT account team.
  • Proof of concepts that include a single test plan and success criteria are conducted with a fixed cost and timeline.
  • Lab as a Service, our highest level of customization, provides dedicated lab resources within the ATC and long-term lab space through a subscription.

The use cases above range in engagement and customization. The endpoint protection examples fall into the first and second categories, while the cyber range was a lab as a service engagement where the customer had a dedicated space for 4 weeks.

No matter your evaluation needs or level of interest, the ATC has hundreds of pre-built capabilities spanning analytics, application delivery, automation and orchestration, cloud security, endpoint protection and network access control among others. To explore further or dive right into lab testing, reach out to our account team.

If you’re still skeptical of the ATC, check out this article from my colleague Chris Weis. It’s another great example of how our ATC helped a customer avert risk and accelerate time-to-solution.

Leave a Reply

Your email address will not be published. Required fields are marked *