Solution Brief

Achieving Business Visibility into Security Risk and Compliance Use WCK bSRM and McAfee® ePolicy Orchestrator® software to understand how risk and compliance data affects critical business processes

Adding A Business Layer to Risk and Compliance VisibilityOne of the key challenges that organizations face is how to extract business visibility from risk and compliance Big Data. A better understanding of how discoveries on the endpoint affect business processes will allow managers to include business criticality in IT operations, enabling better business decisions when it comes to prioritizing security improvement and remediation activities.

The WCK solution visually depicts an organizational hierarchy and how technical discoveries for endpoints managed by McAfee ePO software might affect the business.

WCK bSRM both maps and analyzes the interdependencies between endpoints managed by McAfee ePO software to business assets. Any type of asset can be defined, including business processes, organizational units, systems, and even buildings, control systems, and pumps.

Figure 1. Sample hierarchy showing events on endpoints in relation to higher organizational units.

Assets can be input into the system with a user-friendly WCK Designer Tool or imported from external sources, such as CMDB systems or spreadsheets.

The WCK Dependency Maps allow users to visually understand the relationships and dependencies between business processes, systems, and components, and how risk cascades across these assets.

WCK business-driven Security Risk Management (bSRM) software extends real-time visibility into the security risk and compliance management framework provided by McAfee ePO™ software by adding a business layer. Users can easily see how each McAfee ePO software endpoint affects business processes and organizational units.

McAfee Compatible SolutionWCK bSRM 2.20 and McAfee ePO 4.6

2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com

McAfee, the McAfee logo, ePolicy Orchestrator, and McAfee ePO are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2013 McAfee, Inc.57703brf_wck_0113_fnl_ASD

Benefits of the Joint SolutionBy implementing WCK bSRM together with McAfee ePO software, users can:

• Clearly see how McAfee ePO software-managed endpoints affect business processes. Visual tools can pinpoint which critical business processes are affected, for example, by an out-of-date antivirus .DAT file on a specific server.

• Prioritize mitigation spending and activities according to the business importance of assets and other business criteria. For example, instead of mitigating problems relating to a specific server, an organization can decide to remediate all open tickets relating to a key trading process, which may affect diverse endpoints.

Figure 2. WCK bSRM dashboard in McAfee ePO software.

About WCK bSRMWCK develops and markets WCK-bSRM, an innovative risk and compliance software for managing IT, security, and critical infrastructure protection. The solution helps organizations protect their critical business processes by providing crystal-clear visibility of their risk posture, decision support tools, and a prioritized remediation workflow based on business needs. For more information visit www.wck-grc.com.

About McAfee ePolicy Orchestrator softwareMcAfee ePO software is the industry-leading security and compliance management platform. With its single-agent and single-console architecture, McAfee ePO software provides intelligent protection that is automated and actionable, enabling organizations to reduce costs and improve threat protection and compliance.