Platform

The WootCloud HyperContext Platform

Today we’re seeing an explosion in the number, type and mix of smart devices in our business environment, which are not entirely visible to IT and are creating a larger attack surface to manage and control. It is important that organizations are able to see all devices in their environment and are able to exercise granular control to mitigate risks and data loss. Enter the WootCloud HyperContext Device Security Solution that provides context to devices, their behavior, network access and threat intelligence and:

  • Gives an organizational device risk score based on hundreds of dimensions to identify SecOps, NetworkOps, & IT Ops gaps.
  • Identifies areas to focus security investment (SecOps, Network Ops or IT Ops) to improve risk score.
  • Auto enforces granular policies based on the HyperContext approach.

With an explosion in the number of electronic devices that are now connected via multiple communication protocols like wifi, zigbee, bluetooth, ble and cellular networks, fingerprinting the device needs to be done based on the unique characteristics of the device across multiple dimensions. These dimensions are not limited to a specific interface of the device, but include multiple layers all the way from hardware, software, logical, functional and other operational characteristics.

This means that information about the device collected all the way from RF, each physical interface, protocol, traffic flow, application is combined with organizational information from CMDB, other tools like MDM, EDR, vulnerability assessment, firewall, location is learned by supervised, unsupervised machine learning algorithms and rule sets to reveal patterns embedded in these measurements. These algorithms and rule sets generate models and signatures for each device to generate the following information which is called HyperContext which includes:

  • 1. Type, Category of the device and related information
  • 2. OS, patches, services and applications running on the device
  • 3. Functionality or the “purpose in life” of the device
  • 4. Micro location of the device, its mobility patterns and times of visibility
  • 5. Ownership information of the device and its control information
  • 6. Users on the device
  • 7. Behavior based analysis of all the data transmissions across all protocols and spectrums
  • 8. Risk and vulnerability information, other information collected by other tools used
  • Provides richer device context to help create more deep and accurate policies to manage, track, group, and microsegment devices
  • Use auto generated policies that are crowdsourced based on best practices
  • Non-intrusive, AI driven & ML threat detection solution
  • Scans devices across multiple spectrums (Network + RF) and dimensions with a deeper capture of device properties and attributes
  • Receive context driven anomaly detections that leads to lower false positives
All the collected data and the intermediate insights are then used to develop a device identity fingerprint, a device group fingerprint and device operational fingerprint. These fingerprints accurately recognize the device, group similar devices, and establish the device’s normal operation and function. This is used to establish an effective device security architecture by
  • 1. Identifying new devices seen in the organization automatically
  • 2. Identifying anomalous behavior in the devices whose fingerprints have been collected
  • 3. Offer insights about the risks, threats associated and best practices
  • 4. Generate labels based on all the collected information, intermediate insights and final fingerprints and expose these labels to the micro-segmentation and policy layers

This website uses cookies to ensure you get the best experience on our website.