Endpont Protection Consolidation
The client had multiple endpoint protection schemas deployed throughout the enterprise utilizing different anti-malware, endpoint encryption, host firewall, detection and response applications. As a result they were experiencing unacceptable costs and maintenance requirements and difficulty in maintaining a consistent endpoint security posture.
How this Project works
Hale Consulting Solutions LLC was engaged on this effort to assist to:
Implement a Next Generation Antivirus (NGAV) Platform
We worked with the client to replace a variety of anti-virus, host-based firewall, malware detection and local encryption solutions with a centrally managed Next Generation Antivirus (NGAV) platform and implement a common set of role-based rules and policies across the enterprise.
This implementation greatly decreased to complexity of the endpoint environment, increased supportability and reduced the overall risk of an endpoint directed cybersecurity attack.
Implement a Managed Detection and Response (MDR) Platform
Integrated with the Next Generation Antivirus Platform, we were able to deploy a Managed Detection and Response platform to provide continuous and comprehensive visibility into the endpoint environment and alert a contracted agency (MSSP)of any suspicious activities. The MSSP will then investigate any alerts and notify the client if an incident or additional action is needed.
Integrate Endpoint Protection with SIEM
All the logs, alerts and notifications generated by the Next Generation Antivirus and Managed Detection and Response Platforms were forwarded to, indexed and loaded into the enterprise Security Information and Event Management (SIEM)system. Additional reports and dashboards were developed within the SIEM to provide operational metrics and key performance indicators around the effectiveness and performance of these platforms.
Project Result & Benefits of Project
- NGAV and MDR were deployed to over 205,000 endpoint devices.
- The client realized over $5 million in administrative savings associated with the standardization of the endpoint protection environment.
- The average detection and response time for endpoint attacks was reduced by over80%.
- The number of reported “blocked” attacks increased by over 300%.
“Security in IT is like locking your house or car – it doesn’t stop the bad guys, but if it’s good enough they may move on to an easier target.” - Paul Herbka