McAfee/Intel Security Workshop

Transcription

1 McAfee/Intel Security Workshop Transforming the Security Industry Derrick Honea Regional Account Manager

2 Agenda 1 pm to 1:45 McAfee Security Connected Why McAfee/Intel? 1:45 pm to 3 pm McAfee s Security Sandbox Presentation/Demonstration 3 pm to 3:30 Autonomics McAfee SIA Partner Presentation/Demonstration 3:30 pm Q&A September 18,

3 McAfee DeepSAFE Technology This technology and our joint collaboration with Intel is the next evolution of security and will enable McAfee to continue to be the trusted security provider to our largest and most complex customers. Michael DeCesare, Co-President, McAfee By combining the features of existing Intel hardware and innovations in security software, Intel and McAfee are driving innovation in the security industry by providing a new way to protect computing devices. We are truly excited to introduce this technology upon which we will deliver new solutions. Renee James, GM Software & Services, Intel Corp. McAfee DeepSAFE uses hardware features already in the Intel processors to provide security beyond the OS. From this unique vantage point, McAfee DeepSAFE can apply new techniques to deliver a whole new generation of protection in real time to prevent malicious activity and not just detect infections. Todd Gebhart, Co-President, McAfee

4 Intel / McAfee Transforming the Security Industry Imagine a World BETTER Where SECURITY Security SOLUTIONS Is No & PRODUCTS Concern A world where you can open any file or click on any link without worrying whether it will compromise your device or steal your identity. Together We re Changing the Industry We re not just changing security we re changing the industry. POWER By combining EFFICIENT the power of INTERNET hardware and software PERFORMANCE to neutralize cyber threats, CONNECTIVITY we will enable consumers and business to realize the full potential of connected computing. SECURITY 4 September 18, 2012

5 Intel and McAfee SECURITY vpro Active Management Technology Advanced Encryption Standard Virtualization One Time Password Secure BIOS Network Security Cloud Security Security Management Endpoint Security Technology Ecosystem 5 September 18, 2012

6 Security Connected Framework Delivers Ubiquitous Security From Silicon to Satellite 6 September 18, 2012

7 The Security Paradigm Is Changing Escalating Threat Landscape total unique pieces of malware in 2010 new, botnet infections per month new, malicious websites per month new, unique pieces of malware per day new, unique rootkits identified per day of malware and APT non detectable Source: McAfee Labs 7 September 18, 2012

8 New Approach to Security Is Needed Attack and disable security products and hence all protection Compromise virtual machine and hence all guest machines within Applications/RDBMS AV HIPS Operating System Virtual Machine I/O Memory Disk Network Display Traditional attacks and defenses focused primarily on the application layer Infect OS with APT s resulting in threats hidden from security products Rogue peripherals & firmware bypassing all other security measures Ultimate APT s compromise devices below OS, either before or after shipment BIOS CPU Intel & McAfee Confidential 8 September 18, 2012

9 Introducing McAfee DeepSAFE Technology Next Generation Security Beyond the OS Technology by McAfee and Intel Industry s First Hardware Assisted Security Platform New Vantage Point on Security Operates Beyond the OS Technology Foundation to Deliver Future Products 9 September 18, 2012

10 McAfee DeepSAFE McAfee DeepSAFE is the McAfee-Intel jointlydeveloped technology which allows McAfee to develop hardware-assisted security products that take advantage of a deeper security footprint. DeepSAFE technology sits below the OS allowing McAfee products to have an new vantage point in the computing stack to better protect systems. 10 September 18, 2012

11 DeepSAFE Technology Making GTI More Effective IP addresses distributing URLs hosting malware Mail/spam including it Botnet affiliation IPS attacks caused File Reputation Network Connection Reputation Botnet/DDoS activity Mail/spam sending activity Web access activity Malware hosting activity Network probing activity Presence of malware DNS hosting activity Intrusion attacks launched Mail/spam sending activity Web access/referer activity Malware hosting activity Hosted files Popups Affiliations Web Reputation DNS hosting activity Message Reputation Mail/spam sending activity Intrusion attacks launched IP addresses of attackers Web hosting/phishing activity Botnet/DDoS activity Network IPS Firewall Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed 300M IPS Attacks/Mo. 300M IPS Attacks/Mo. 2B Botnet C&C IP Reputation Queries/Mo. 20B Message Reputation Queries/Mo.. 2.5B Malware Reputation Queries/Mo. 300M IPS Attacks/Mo. Geo Location Feeds 11 September 18, 2012

12 McAfee Agent McAfee Integrated Security Platform Artemis Software-as-a-Service (SaaS) Endpoint Anti-Virus & Anti-Spyware AV & Anti-Spam Mobile Device Security Host IPS SiteAdvisor NAC Policy Auditing Macintosh AV Linux AV Data Protection Endpoint Encryption Device Control Host DLP epo Single Agent Single Console Agent deployment Configuration Updates Policy settings Alerts and Reporting Events and Reports Network Security Web Security Network DLP IPS Firewall/UTM Nitro Security SIEM Behavioral Analysis Risk and Compliance Vulnerability Mgmt. Remediation Policy Auditing Agents and Policies Vulnerabilities and Reports SIA Ecosystem

13 McAfee s Open Platform for Security Risk Management Industry Leadership to Drive Better Protection, Greater Compliance and Lower TCO SIA Associate Partner SIA Technology Partner (McAfee Compatible)

14 McAfee Agent McAfee Integrated Security Platform Artemis Software-as-a-Service (SaaS) Endpoint Anti-Virus & Anti-Spyware AV & Anti-Spam Mobile Device Security Host IPS SiteAdvisor NAC Policy Auditing Macintosh AV Linux AV Data Protection Endpoint Encryption Device Control Host DLP epo Single Agent Single Console Agent deployment Configuration Updates Policy settings Alerts and Reporting Events and Reports Network Security Web Security Network DLP IPS Firewall/UTM Nitro Security SIEM Behavioral Analysis Risk and Compliance Vulnerability Mgmt. Remediation Policy Auditing Agents and Policies Vulnerabilities and Reports SIA Ecosystem

15 Where Do I Learn More? New Reality of Stealth Crimeware Whitepaper Stealth Crimeware Video 15 September 18, 2012

16 Maryland Enterprise Education Consortium (MEEC) Consolidated Consortium leveraging the Educational Buying Power of the State Colleges and Public/Private School Systems to Procure Technology, hardware, Software, and Services. September 18,

17

18 McAfee Security Connected Board of Regents University System of Georgia September 17, 2012 McAfee Confidential Internal Use Only

19 Technology Architecture for Security How Connected Is Your Security? Host IPS Agent DLP Agent Encryption Antivirus Agent NAC Audit Agent Systems Management Agent EVERY SOLUTION HAS AN AGENT EVERY AGENT HAS A CONSOLE 2 Security Connected EVERY CONSOLE REQUIRES A SERVER EVERY SERVER REQUIRES AN OS/DB EVERY OS/DB REQUIRES PEOPLE, MAINTENANCE, PATCHING WHERE DOES IT END? McAfee Confidential Internal Use Only

20 Technology Architecture for Security How Connected Is Your Security? McAfee epo Server (AV, DLP, NAC, Encryption, PA, Site Advisor) SINGLE AGENT SINGLE CONSOLE 3 Security Connected McAfee Confidential Internal Use Only

21 Managing Security through a Single Pane of Glass Complexity is the worst enemy of security - Bruce Schneier 4 September 17, 2012 McAfee Confidential Internal Use Only

22 McAfee Security Connected Solution Platform NETWORK SECURITY High Assurance Firewall Network Intrusion Prevention Network Access Control Network Behavior Analysis INFORMATION SECURITY Security Web Security Data Loss Prevention Encryption Identity & Access Management API and Web Services Security SECURITY MANAGEMENT Security Operations Mgmt Policy Auditing & Management Vulnerability Management Risk Management Compliance Management ENDPOINT SECURITY Malware Protection Device Encryption Application Whitelisting Desktop Firewall Device Control Protection Network Access Control Endpoint Web Protection Host Intrusion Protection Mobile Device Management Server & Database Protection Hardware Assisted Security Smartphone and Tablet Protection Virtual Machine and VDI Protection Embedded Device Protection PARTNER COMMUNITY Security Innovation Alliance McAfee Connected Global Strategic Alliance Partners 5 Security Connected McAfee Confidential Internal Use Only

23 What It Takes to Make an Organization Safe Global Threat Intelligence Threat Reputation Network IPS Firewall Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed 300M IPS attacks/mo. 300M IPS attacks/mo. 6 Security Connected 2B Botnet C&C IP Reputation Queries/mo. 20B Message Reputation Queries/mo. 2.5B Malware Reputation Queries/mo.. 300M IPS Attacks/mo. Geo location feeds McAfee Confidential Internal Use Only

24 What We Learn from a Single Piece of Spam Global Threat Intelligence Internet Spam Origin? Links & Malware? GTI Informs Portfolio Host IPS Blocks Malware User Network IPS Firewall Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed Domain IP Address Affiliations Domain IP Address 7 Security Connected Domain Domain IP Address IP Address Geo Location Affiliations Dangerous Links Links Malware Malware Samples Domain IP Address Geo Location Affiliations Malware Domain IP Address Geo Location Affiliations Geo Location McAfee Confidential Internal Use Only

25 McAfee epolicy Orchestrator 4.6 epolicy Orchestrator Extensible Automated Unified Enterprise-ready Automate solutions with open API Leverage ecosystem Connect to your IT infrastructure Streamline processes Speed incident responses Reduce audit fatigue Central point of reference Enterprise-wide visibility Reduce management complexity Distributed architecture supports deployments of any size Flexible reference architecture McAfee epolicy Orchestrator 8 McAfee Confidential Internal Use Only

26 Personalized Command Center Tune your work environment to best suit your needs Personalize views, navigation and action bar Drag-and-drop controls to place most used within easy reach Create query groups and related workflows based on your priorities automate common tasks 9 September 17, 2012 McAfee Confidential Internal Use Only

27 Role-based Access Control Permission sets determine what users can see and do to facilitate efficiencies Distribute administrative tasks and information by role Roles defined by permission sets Permission sets for functionality such as Reporting, Automation, Configuration Upon login, user is presented only with the features that they have permission to access; everything else is hidden Increase management confidence in security posture and cut reporting time Create role-based dashboards for executive users 10 September 17, 2012 McAfee Confidential Internal Use Only

28 Drillable Dashboards and Actionable Reports Dramatically slash incident response times Dashboards provide at-a-glance understanding of security posture Dashboards display complex information quickly Correlated threat intelligence provides risk assessments Drill to detail Drag-and-drop editing Share with others Actionable Information Execute tasks directly from a dashboard or report (update now task button) Kick off workflows based on predefined reporting thresholds Generate reports on-demand, on a schedule or with an event Schedule and html, xml, csv, or pdf reports Multiple queries within a single report Parameter-based reports develop on-demand reports with user-driven filters 11 September 17, 2012 McAfee Confidential Internal Use Only

29 Rogue System Detection Identify assets to bring under control and to mitigate risk Identifies rogue systems connecting to network Rogue sensors strategically deployed to detect rogue systems Detect all systems connecting to your network such as PC, routers, printers Provides system of record to identify assets 12 September 17, 2012 McAfee Confidential Internal Use Only

30 Powerful Automations & Workflows Streamline workflows to eliminate security gaps and achieve efficiencies Automatic response system works with existing infrastructure Tag assets and policies to take future actions based on tags Example - As new Exchange servers come into the system tree run task to deploy GroupShield protection Create tickets within HP OpenView and BMC Remedy ticketing systems Make security processes a transparent part of IT operations Connect to external systems and customize workflows with epo Web API Supports business logic Event Trigger Report Help Desk Resolved MALWARE ATTACK Report Sent to Team through phone and issue is created Issue sent to 3rd party help desk Patch update sent; epo and help desk synched in system 13 September 17, 2012 McAfee Confidential Internal Use Only

31 Enterprise-class Scalability Multi-tiered, distributed architecture elegantly scales Dramatically improve scalability Improve security policy and DAT coverage for remote and roaming endpoints solutions Policy sharing and usage reporting across servers Ticketing Systems McAfee Network Security McAfee Update Servers Notifications epo Server epo DB Web Console Distributed Repository Super Agents Distributed Repository Agent Handler 14 September 17, 2012 McAfee Confidential Internal Use Only

32 Agent Handler Manage Mobile Users DB Server Agent Handler epo Server DMZ Internet Corporate Network McAfee Confidential Internal Use Only

33 McAfee s Open Platform for Security Risk Management Industry Leadership to Drive Better Protection, Greater Compliance and Lower TCO SIA Associate Partner SIA Technology Partner (McAfee Compatible) Note: Partner list growing rapidly inquire for current list 16 Security Connected McAfee Confidential Internal Use Only

34 Total Protection for Endpoint The World Leader in Endpoint Protection McAfee Confidential Internal Use Only

35 McAfee VirusScan Enteprise Protects Over 60 Million Corporate Endpoints Functionality Anti-Virus Anti-Spyware Buffer Overflow Protection Self Protection Application Protection Scanner Outlook Lotus Notes Web scanner ScriptScan IE and FireFox Anti-Malware Protection Stops known and unknown malware, spyware, rootkits, key-loggers and more Over 99% detection rate Proactive, real-time GTI technology Windows, Macintosh and Linux supported Broad protection across endpoints, servers and mobile devices Compatibility epolicy Orchestrator Windows 2000 and up, Desktop and Server Windows XPE (Non-Thin Clients) Virtual Environments Macintosh/Linux/Solaris 18 September 17, 2012 McAfee Confidential Internal Use Only

36 VirusScan Enterprise September 17, 2012 McAfee Confidential Internal Use Only

37 McAfee Host Intrusion Prevention HIPS FW Host Intrusion Prevention with Integrated Firewall Ends the pain of Patch Tuesdays and emergency patch cycles Three layers of protection against emerging threats - signature analysis, behavioral analysis, and dynamic stateful firewall Dynamic, stateful firewall protects against advanced threats such as botnets before attacks can occur Adjusts protection to users location - office network, VPN, public network) Specialized server protection 20 Confidential McAfee Internal Use Only

38 Benefits of Behavioral & Signature Protection 9/17/ Behavioral Analysis Zero-day Attack Protection Looks for malicious behavior patterns Most effective way to stop zero day attacks without updates Mitigates patch deployment urgency Ensure applications only perform legal operations (e.g., Web and DB enveloping) Signature Analysis Known Attack Protection Vulnerability Shielding capabilities for up to 100% MS vulnerability coverage Stop known attacks with zero service interruption + = Significantly reduces false positives Protects laptops during startup Better protection from known malicious attacks More time to test patches before deploying Improved business continuity & security 21 Title of presentation 9/17/2012 Confidential McAfee Internal Use Only

39 Protecting Web Server Data Streams 22 Title of presentation 9/17/2012 Confidential McAfee Internal Use Only

40 Desktop Firewall - Location Awareness A single policy with multiple levels of control Apply different security rules per connection Loose in your domain Employee Laptop 2 1 On-net traffic Corporate Network Tighter on VPN Tightest in public networks 4 Set different rules for Wired and Wireless connections 3 External Websites 1 Intranet 2 VPN Access 3 Outside world 4 Catch-all Fairly open; allow inbound service traffic; *.mcafee.com + internal subnet address Similar to Intranet; perhaps tighter restrictions; *.mcafee.com + VPN subnet address Very restrictive inbound; Limit access to external addresses & ports (e.g. port 25) Block all unsolicited inbound traffic; Allow only what s needed for hotel/vpn link up 23 9/17/2012 McAfee Confidential Internal Use Only

41 Desktop Firewall - Connection Isolation Prevent insecure network connections (i.e. wireless) from connecting to corporate network Works in conjunction with Connection Aware Groups Corporate Network Isolate network connection & block others McAfee Confidential Internal Use Only

42 GTI Integration: Dynamic Stateful Firewall Network Connection Reputation Use Case McAfee Host IPS, using McAfee Global Threat Intelligence network connection reputation, blocks the attempted connection with , a malicious connection = unknown malware network connection reputation = malicious McAfee HIPS attempted connection to Confidential McAfee Internal Use Only

43 GTI Integration: Dynamic Stateful Firewall Network Connection Reputation Use Case But we don t stop there! = adjust file reputation of original malware Now that we know the file is malware, the endpoint s next cloud lookup will identify it as such and our anti-malware will remove the file. We also update our systems to adjust the reputations of other entities associated with the malware or malicious network connection. Confidential McAfee Internal Use Only

44 McAfee Application Control Security through Whitelisting Dynamic Whitelisting Prevents all unauthorized code from running Memory Protection RAM Prevents whitelisted apps from being exploited via buffer overflow attacks File Reputation Integrates with GTI to classify binaries as Good, Bad and Unknown 27 McAfee Confidential Internal Use Only

45 Whitelisting Basics Whitelist created during install-time by scanning system for applications, libraries, drivers, scripts. 1 Application attempts to launch Could be an executable or OS component Whitelist 2 3 MAC verifies binary code from Whitelist If not in Whitelist, then program is not launched. Attempt is logged for alerts and auditing Unknown Binary is Unauthorized 28 McAfee Confidential Internal Use Only

46 Trust Model Enabler for Dynamic whitelisting Locked down with Whitelisting Whitelist automatically updated Returned to Whitelist Lockdown Trusted Updaters Trusted Certificates Trusted Directory Trusted Admin 29 McAfee Confidential Internal Use Only

47 File Reputation from GTI Known Good Known Bad GTI Graylist 30 McAfee Confidential Internal Use Only

48 Application Inventory Applications added this week Uncertified binaries Files with unknown reputations Systems running outdated versions of Adobe Reader And more 31 McAfee Confidential Internal Use Only

49 Approval Request for Desktop Users 32 McAfee Confidential Internal Use Only

50 Approval Granting Admin 1. Is this required for productivity? 3. Approve it on just this system or on All? 2. Is it trustworthy? 5 Good 4. Approve all Apps from this Vendor?? 33 McAfee Confidential Internal Use Only

51 Controlled Change Maximizing Server Uptime Real-time change tracking of files, directories & registry keys Gives the Who? When? What? Why? Username Time of change Program name File/registry content Out of the box policies track critical resources by default Special alerting mechanisms for critical changes 34 Sept emb er McAfee Confidential Internal Use Only 17,

52 App Control in McAfee ecosystem Known Good Known Bad GTI GTI: File reputation from the cloud VSE: Whitelist file only if AV approves epo MRA MRA: What threats am I protected from? HIPS: Sandbox unknown apps (graylist) from communicating VSE HIPS MAC 35 McAfee Confidential Internal Use Only

53 What is McAfee Endpoint Encryption for PC? #$$%%#%%&& Lorem ipsum dolor sit amet 1.DOC.XLS.APPS Files/APPS Full Disk Encryption (FDE) Software to encrypt every sector of internal hard disks Lorem ipsum dolor sit amet #$$%%#%%&& Operating System Encryption Driver Hard Disk Guarantees data is encrypted while at rest on the disk This assurance is used to claim safe harbor from most data protection regulations Average cost of a lost laptop is $49,246. If you can prove it was encrypted, the cost is reduced by at least $20,000. Average cost of a single lost record is $204. Average total cost of a data breach in 2009 was $6.75 million. Source: 2009 Ponemon Institute Cost of a Data Breach Report commissioned by Intel. 36

54 Full Disk Encryption Features Agent Features Transparent to end user Cannot be removed or disabled by end user Encryption keys stored securely Pre-boot authentication Active Directory integration & Single Sign On Fault tolerant, can survive reboots during encryption Multi-factor authentication Windows/Mac AES 256 bit encryption Secure hibernation Secure client to server communication End user access can be revoked on the fly by administrator McAfee 37

55 Full Disk Encryption Features Management Features System audit for proof of encryption Secure key backup Enterprise scalability Role based access control Centrally managed policies Directory and PKI integration Web based console Management dashboards Reports and custom reports Administrator audit Endpoint event audit (failed logon attempts, etc) McAfee 38

56 Support for AES-NI EEPC 6.1 Patch 2 support Intel AES-NI AES-NI increases the speed of raw AES All new business class PCs from the major OEMs are built on Intel s Calpella platform PCs with Calpella and Core i5 (min i5-520m) and Core i7 contain AES-NI at manufacture Sample: 2010 Notebook PCs with AES-NI (Core i5 and Core i7) DELL Latitude E5410 Latitude E5510 Latitude E6410 Latitude E4310 Latitude Z Precision M4500 Precision M6400 HP EliteBook 8440w EliteBook 8540w EliteBook 8740w EliteBook 2540p EliteBook 2740p ProBook 6450p ProBook 6550p Lenovo Thinkpad L512 Thinkpad L412 Thinkpad T410 Thinkpad T410s Thinkpad T510 Thinkpad X201 Thinkpad X301

57 Endpoint Encryption for Files and Folders Encryption where it s needed Local file and folder encryption File and folder encryption on file servers Removable media: file and folder encryption on USB drives User initiated encryption of attachments Data protection made easy Designed for sharing of encrypted data Persistent encryption On-the-fly, transparent data encryption and decryption when writing to/reading from disk Automatic policy enforcement beyond user control

58 Product Purpose Use file level encryption to prevent unauthorized access to private information. Encrypt Data On removable media On network shares On all endpoints On file servers In transit to partners In attachments 41 McAfee Endpoint Encryption for Files and Folders Subject to NDA

59 42 Endpoint Encryption for Removable Media Software for encryption of removable media Part of Endpoint Encryption for Files and Folders Applies to all removable storage media: USB memory sticks main target devices Also USB hard drives, FireWire drives Hardware independent Even the cheapest USB stick Not CD/DVD and floppy disks FAT32 formatted encrypted container Data on stick can be edited outside office with retained encryption, without installing any software 9/17/2012

60 Unencrypted USB Access Prevent sensitive data from being copied onto USB September 17,

61 Device Control Device level management for Removable storage device Plug-and-play devices Flexible device definition e.g. by Vendor/Product ID to restrict usage for specific devices only e.g. by Serial Number to restrict to authorized device list only McAfee Encrypted USB devices (formerly SafeBoot) are predefined

62 Device Control Reactions Block Monitor Usage Notify User Read Only (for removable storage devices) Reactions can apply to Online/Offline state of the user

63 Device Control Demo

64 McAfee Policy Auditor Overview Agent based solution Deploy-Manage-Report via epo Central policy management Scheduled audits Standards based SCAP XCCDF, OVAL, CVSS, CVE Published Industry templates Configurable Baseline audits Manage exceptions, waivers September 17,

65 Measure Compliance Mandates Out-of-the-box Best Practice Benchmarks Your CUSTOM FISMA FDCC* ISO COBIT PCI DSS GLBA SOX HIPAA NERC Detailed compliance assessment of IT Controls Password settings, account privileges, audit settings, file permissions, patch status Use of XCCDF and OVAL standards a key differentiator: Enables organizations to easily import benchmarks created by authoritative security sources * One of the additional templates that can be easily imported from the NIST website

66 Policy Auditor Patch Status Dashboard

67 Policy Auditor PCI Dashboard

68 Policy Auditor Content Creator UI 51

69 Policy Auditor Content Creator Browser 52

70 McAfee Mobile Security for Enterprise McAfee epo EMM Enterprise Mobility Mgmt Device provisioning Policy management App distribution Partner Community Telecom Expense Mgmt Secure Communication Mobile Commerce Mobile Security Device Security Anti-malware Data Protection App Security Web Protection Endpoint Security Network Security

71 McAfee Policy Features

72 McAfee EMM Help Desk Management 1. Over the Air Device Management (Silent Remediation of Software and Policy Updates) EMM platform provides the appropriate tools for image management, deployment, and reporting while also providing remote interactive diagnostics that help resolve issues without requiring users to surrender their devices. 2. Live Help Desk Self-Service Portal Self-Service Portal that helps wipe devices remotely. This resource is accessible to users from a web browser on their mobile device or laptop. The portal offers capabilities that when combined form a highly effective way to offload rudimentary tasks from help desk staff while ensuring user satisfaction. 3. Leverages existing IT infrastructure, resources and tools with web services interfaces 4. Simplifies user support with help desk reports and real-time view of the device

73 McAfee Enterprise Mobility Management Enforce Strong Authentication for Personal Devices Apply Corporate Policies to Prevent Data Loss Exclude Risky Devices to Maintain Compliance Manage Devices and Laptops in One Location

74 Self-Service Provisioning for ios GO TO THE APP STORE ENTER YOUR CREDENTIALS AGREE TO CORPORATE POLICY IT SERVICES ARE AUTO-PROVISIONED Optional Two-Factor Authentication Easy, Secure, Automated

75 Self-Service Provisioning for Android GO TO THE MARKETPLACE ENTER YOUR CREDENTIALS AGREE TO CORPORATE POLICY IT SERVICES ARE AUTO-PROVISIONED Easy, Secure, Automated 58

76 Enterprise Application Store Application Blacklisting for ios and Android Block specific apps on mobile devices containing corporate data Blocked apps can include games, apps with adult or inappropriate content as well as file sharing apps Recommend applications based on group, role, or device type Custom corporate applications Third-party applications (Apple App Store or Android Marketplace) Device application inventory, audit, and policy management

77 McAfee Secure Container for Android Data and intellectual property loss is number one enterprise concern (63% of respondents; Source: Yankee s mobile enterprise survey) McAfee EMM 10.1 Android Container Security Segregate corporate in an encrypted data store Block copy and paste of data to personal account Block saving of attachments to outside of data store Auto wipe of corporate data for rooted devices Remote lock and data wipe for lost devices

78 McAfee VirusScan Mobile for Enterprise By the end of March 2012, Android mobile malware reached 7,000+ threats (Source: McAfee Labs) Anti-malware optimized for Android devices Managed by Enterprise Mobility Management AVtest.org validated 100% detection rate Only solution to scan all aspects of device Powered by McAfee Global Threat Intelligence Mobile device protection against viruses, spyware and other cyber threats

79

80 McAfee epo Deep Command Security Management Beyond the OS epo Agent Handler Apps McAfee Security McAfee Agent OS Preboot Intel vpro Utilizes Intel vpro technology (AMT) Local and remote AMT connections Permits remote assistance, policy control, and remediation epo-class scalability Value Reduce cost of security operations Improve security to powered-off PCs Maintain security access while lowering energy use

81 Recovering Compromised Systems Goals (a) Remediate compromised or corrupt systems from epo (b) Perform forensics on boot disk 1. End users notifies administrator of disabled system either via call or via Remote Call for Help function 2. epo administrator access disabled endpoint via AMT at hardware level epolicy Orchestrator Connection to AMT Remote Boot from.iso 3. Administrator instructs endpoint to boot from another network disk image 4. Once booted, administrator deploys remediation steps to restore endpoint or collect forensic evidence

82 Deploying Security Ahead of the Attack Goals (a) Ensure all endpoints, even powered off, have up-to-date security epolicy Orchestrator 1. IT Security team sees threats spreading throughout environment 2. epo administrator connects via AMT to turn on powered-off PCs Alternately sets AMT Alarm to wake systems at specific time Connection to AMT Task: Update DAT now 3. On Wake-up, epo Deep Command executes series of tasks to update security profile e.g. update anti-malware signatures, deploy additional security, run scan 4. After tasks execute, system powers off

83 6 Septem Wake and Execute Goals (a) perform maintenance or intensive tasks during off hours only if woken by AMT (b) ensure updated security in place ahead of threat 1. epo admin sets AMT alarm to power on PCs or issues immediate power on signal! epo 2. McAfee Agent checks for AMT wake-up then executes defined series of tasks e.g. upgrade VSE, update DAT, run ODS, send events, shutdown Apps McAfee Security McAfee Agent OS Preboot Intel AMT! Task List AMT Alarm or Power-on

84 Introducing McAfee Deep Defender Endpoint Security Beyond the Operating System Industry s first hardware-assisted security technology Uses McAfee DeepSAFE technology Real-time kernel memory protection Protection from previously hidden threats beyond the OS for enhanced security McAfee Deep Defender Operating System McAfee DeepSAFE Technology Managed by epo CPU Intel Core i3, i5, i7 VT-x

85 Deep Defender Stopping a Stealthy Rootkit McAfee DeepSAFE Intel i3/i5/i7 CPU (BIOS VT-x Enabled) OS Loader DeepSAFE Loader / Agent Boot Driver Rootkit Boot Driver Driver AV Driver Rootkit Driver Driver Deep Defender Agent Application Application malware Application DeepSAFE Loaded Beyond the OS OS Initialization Boot Drivers Other Drivers Services and Applications Real-time kernel-level monitor of memory Identifies kernel-mode rootkits in real-time Prevents the drivers from loading DeepSAFE technology loads before the OS DeepSAFE technology informs Deep Defender of suspicious behavior 2011 McAfee, In. Company Confidential McAfee Labs Internal Use Only Do Not Distribute

86 Autonomic Software, Inc. September, 2012

87 Agenda Who We Are Integration Patch Manager Power Manager Demonstration 2

88 Who is Autonomic Software? Time: 30 Seconds Autonomic Stands apart from Big Fix and Altiris InfoWorld We have tested against our competition and have come out on top. Best Power Management Technology of the Year ANSA Platinum Suite Best Enterprise desktop management and Security Product ANSA Power Manager and ANSA Power Manager for epo Best enterprise sustainability solution ANSA Platinum Best Desktop Security & Sustainability Award

89 McAfee Partner of the Year 4

90 Integration with McAfee Like Having Wisdom Teeth Removed without Anesthetics Time: 75 Seconds Security of epo Same Console Same Database - Same Reports The Process is designed to make sure McAfee clients are NOT compromised with integration 5

91 Autonomic Software Patch Manager Power Manager Fully integrated with epo We Really, Really Mean Fully Integrated, Everything is integrated; not just agent deployment! 6

92 The Value of Patch in epo Gartner states that over 80% of all intrusions have a fix available The addition of Patch puts McAfee in a very unique position. Who else has AV, Anti Malware, Patch, etc all Integrated in one database, console, and report generator Reports roll up to Risk Advisor Adobe, plus third party updates 7

93 Sample Patch Management Functions in epo Autonomic ANSA Patch Management menu on epo console Deploy Autonomic agents using epo system hierarchy Schedule patch deployments to impacted systems centrally 8

94 System Details Report Patch management details for each epo-managed system

95 Sample Patch Management Report in epo Updates by Severity Report 10

96 The Value of Alternative Energy The cleanest energy is energy we don t use The cheapest energy is the energy we don t use at all. 11

97 Power Manager Initiating power policies to minimize power consumption at the desktop level ROI 460% 1,000 nodes equals $60K per year savings Environmental Benefits: Tons of Co2 emissions not released Equates to 83.1 acres of trees planted Equates to taking 67 cars off the roads Usually no upfront costs due to utility rebates Wake On LAN 12

98 Bottom Line Power Manager savings will pay for the McAfee EndPoint Security Suite, plus some consulting! The Savings are measurable 13

99 Saving Power is Saving Money 14

100 When Done Correctly You have a more comprehensive Security Suite from a single source that is paid for by what you save with an effective desktop Power Management Policy. 15

101 Summary ROI 460% 1,000 nodes equal $60K per year savings Saves the environment Usually zero upfront cost / rebates Puts a bow on the McAfee EndPoint Security Suite epo customers are already used to look and feel McAfee is the only security vendor to include AV, Patch and Power in one console 16

102 Time: 15 Seconds What We Can Do for the Environment If all McAfee customers installed ANSA Power Management for epo the impact on the environment would be enormous. One years savings would be: 94,635,280,000,000 Kwh in electricity $11,592,822, ,316,000 tons of Co2 emissions If one customer with 1,000 desktops used our Power Manager they would save $60,000 a year 403 tons of Co2 emissions One Fact is Clear We Can Make a Difference! 17

103