McAfee Tackles the Complexities of Endpoint Security

Transcription

1 McAfee Tackles the Complexities of Endpoint Security Stronger security. Streamlined management. Simplified compliance.

2 Table of Contents Endpoint Security Challenges Abound 3 Point Products Increase Complexities and Costs 4 The Burden of Proof 5 McAfee s Approach: Comprehensive, Integrated Security and Compliance Management 6 Stronger Security 7 Key Protection Tiers of McAfee Total Protection for Endpoint 7 Simplified Compliance 8 Network access control (NAC) for compliant systems and safe networks 8 Easing the demands of audits 9 Risk Identification: Take the guesswork out of where to focus your security efforts 9 McAfee Total Protection for Endpoint Makes Good Business Sense 10 epo reduces operational costs 10 Incident response 11 Leverage the products you already own with the security innovation alliance 12 Demonstrable ROI through total cost of ownership analysis 12 Conclusion 14 Learn More about McAfee Total Protection for Endpoint 14 About McAfee, Inc. 14

3 Twenty-five years ago, the very first computer virus emerged. Today, computer security has changed dramatically more than we could have possibly imagined back then. It has become far more complex and time-consuming for enterprises to stay safe and protect their sensitive data. Viruses have been joined by a constant stream of worms, Trojans, spyware bots, hackers, vulnerability exploits, identity thieves, and other attacks that threaten entire networks, not to mention endpoints such as desktops, laptops, and servers. And, as networks expand to embrace the growing population of remote and mobile users, the potential for gaps in enterprise security becomes even greater. Fortunately, a wide array of technologies, from anti-spyware to host intrusion prevention, is available to combat these evolving threats, but these point products can be complex and costly to manage. It is more critical than ever for organizations to have a simple, pragmatic way to manage all of the solutions needed to secure their corporate infrastructure. Companies are looking for ways to streamline their IT process to improve operational efficiencies while still maintaining control. With McAfee Total Protection for Endpoint, both endpoint security and compliance are managed through a single, centralized console, McAfee epolicy Orchestrator (epo ). Protecting the corporate network and its users from security threats is only part of the overall risk management picture. To compound matters, companies are also under mounting pressure not only to meet the stringent compliance requirements of industry and government regulations, but also to prove that they are compliant at audit time. Regulations force companies to deploy stronger security, and auditors demand proof tangible evidence that policies are consistent with regulations and rigorously implemented and enforced. This white paper will demonstrate how and why Total Protection for Endpoint is a viable, cost-effective solution for enterprise endpoint protection that includes anti-malware, host intrusion prevention, policy auditing, and network access control. McAfee s solution provides strong security while lowering operational costs and simplifying compliance management. This paper will describe the different components of the solution, the business value of deploying Total Protection for Endpoint with details about the cost savings realized from a centralized, integrated management, and the benefits of purchasing a complete endpoint security solution from a single vendor. Endpoint Security Challenges Abound More than ever before, organizations of all sizes face a dynamic threat landscape characterized by stealthy, highly targeted, financially motivated attacks orchestrated by sophisticated, global, cyber crime rings that exploit vulnerabilities on endpoint devices. In the first half of 2009, there were more new threats than in all of With threats and attacks coming faster and faster from all directions, what worked in the past is no longer sufficient. Antivirus point products alone cannot counter the large variety of threats and exploits that can jeopardize business continuity and productivity. Now companies have to defend themselves against hackers that steal sensitive customer and employee data, spyware that snoops on employees, self-propagating worms that infect desktops, and botnets that commandeer networks of computers for nefarious purposes. The list goes on and on. The statistics illustrate the stark realities of today s threat landscape: McAfee reviews 25,000+ malware samples per day 4,000+ new, unique pieces of malware are identified every day McAfee identifies approximately 1.5 million new malicious websites per month 1. source: McAfee Labs 3

4 1,600,000 1,500,000+ 1,400,000 1,200,000 1,200,000 Number of Threats 1,000, , , , , , , H09 Source: McAfee Labs Figure 1. McAfee Labs threat volume statistics Another factor that complicates security is the increased mobility of corporate professionals. Today, corporate end users work at home and on the road, which creates a demand for Internet and access beyond the controlled environment of the LAN. Moreover, they do not want to be bothered with managing the security of their PCs. Without proper measures in place, corporate networks are at risk when noncompliant or infected laptops or other devices try to gain access. A single noncompliant system on the network can have potentially disastrous consequences business disruption, fines, and loss of customer confidence, to name a few. It quickly becomes apparent that IT security teams need to find ways to protect all endpoints from the rapidly growing number of complex threats and exposures. Point Products Increase Complexities and Costs In response to a pressing need, security vendors have flooded the market with a host of products and solutions that generally address only limited aspects of the security concerns that plague most companies. As a result, IT teams find themselves spending a great deal of time juggling these nonintegrated products. The juggling act involves learning different management tools, tracking and maintaining multiple update schedules, and reviewing isolated reports that show only a small slice of their organization s security. 4

5 8 Network Access Control Anti-Virus 1 7 Host Intrusion Prevention Anti- Spyware 2 6 Data Protection DLP, Encryption, etc. Inefficient and ineffective Desktop Firewall 3 5 Web Security Policy Auditing 4 Figure 2. Point products increase cost and complexity This lack of integration increases costs, decreases visibility to what is really going on with the organization s risk profile, and creates inefficiencies. Managing a collection of point products from different vendors also requires additional administrative talent and training. It is easy to see how disparate point products can quickly escalate costs. An even more serious issue that arises is that organizations can never feel completely confident that they have all of the bases covered on their endpoints. Reliance on too many management consoles constrains the organization s ability to respond swiftly to threats and manage enterprise security efficiently. A company can potentially have one management console for virus protection, another to prevent spyware intrusion, another for establishing a protective firewall, and additional management consoles to protect enterprise resources. Without centralized control over internal security policies, violations cannot be detected and logged, so appropriate action is virtually impossible. And without centralized reporting, it becomes more difficult to quickly assess attacks, exploits, or outbreaks to apply remediation, so endpoints risk exposure for a longer period of time. Finally, without automated centralized reporting, compiling proof for a compliance audit becomes a monumental, resource intensive nightmare consisting of long hours spent gathering data and poring over spreadsheets. The Burden of Proof These days, regulations seem to fuel each other, spawning new requirements and tighter controls every year. In this day of proliferating mandates and requirements, many of these regulations derive from common best practices or from one another. Despite this common heritage, separate regulations require separate audits, proofs, and documentation, even when they affect the same endpoints. Add to that mounting internal governance requirements, and IT has precious little bandwidth left for security. In addition to the heavy investment companies are required to put into implementing and enforcing controls to achieve compliance, organizations are also finding themselves dedicating a hefty amount of time and resources proving it at audit time. Enterprises are under increasing pressure not only to be compliant, but also to be able to demonstrate that fact within the context of established compliance frameworks. For most organizations, audits require manual sharing of data between systems and organizations. One of the reasons companies resort to processes like filling out spreadsheet after spreadsheet with manually gathered data is because enterprises tend to use multiple, disparate security technologies. Each set of controls has separate policy definition, implementation, and enforcement processes. Timely and accurate 5

6 data collection is a protracted, manual endeavor because proprietary interfaces for point products prevent data integration, even if the reporting capabilities of the products are automated. This lack of operational efficiency puts a huge strain on IT departments, robbing them of the time they need to maintain the organization s security posture. It may take weeks to prepare for audits. In the meantime, with IT and security personnel buried in audit tasks, there may be serious lapses in enterprise security posture. Needless to say, responding to audits in this way is expensive. McAfee s Approach: Comprehensive, Integrated Security and Compliance Management McAfee s comprehensive, integrated approach to security helps an organization apply business discipline to proactively manage risk. What does this mean? McAfee helps customers by presenting a pragmatic approach to managing security risks and compliance. It starts with discovering assets; evaluating and understanding risk; protecting endpoints, networks, and data from threats; enforcing policies; and, finally, remediating and reporting compliance. epo is the world s most scalable security and compliance management platform. Over 60+ million corporate endpoints are epo-managed Largest deployment is larger than 5 million endpoints Deploy, manage and report on Endpoint security Data loss prevention Encryption Web and messaging security Network access control Policy audit Vulnerability management Network IPS events Threat and vulnerability alerts from McAfee Labs McAfee provides a complete process with a common architecture and management infrastructure. This approach integrates multiple threat prevention and compliance management tools to provide comprehensive solutions that work better, save time, and cost less. The proven underlying architecture that helps deliver McAfee s security strategy is McAfee epo. epo has historically been the standard for centralized administration consoles. Gartner Endpoint Protection Platform Magic Quadrant epo Foundation of Optimized Security Management that scales to any enterprise McAfee s strategy solves real security problems by integrating all of the functionality that customers need from threat protection to compliance to provide knowledge-driven security that is automated and actionable, and which empowers organizations to be efficient and effective. McAfee s collaborative framework bridges network and system security to save enterprises of all sizes money, improve protection, and provide a security and compliance solution that is greater than the sum of its parts. The endpoint security component of McAfee s strategy is delivered through the Total Protection for Endpoint solution, which helps companies to secure their critical infrastructure, including desktops, laptops, and servers. Total Protection for Endpoint provides broad protection without the complexity, expense, and headaches of multiple standalone endpoint products. It equips all systems deployed on the network with comprehensive threat protection, and ensures enterprise-wide compliance with security policies and industry and government regulations. McAfee s strategy eliminates the need to rely on unmanageable standalone products that do not offer sufficient coverage and cannot scale to support enterprise security and compliance goals. 6

7 Stronger Security The top performer in many leading analyst reports, McAfee Total Protection for Endpoint is a single management platform for endpoint security and policy compliance. In addition to full strength antimalware protection, Total Protection for Endpoint fends off new exploits, saves time with automatic vulnerability shielding, and protects networks with true on-access scanning, filtering, and cleaning of incoming and outgoing , viruses, spam, phishing scams, and other unwanted content. It also detects rootkit infestations capable of leading to identity theft, spyware, and other malicious exploits, and wipes them out before hackers have a chance to use them to cause damage. McAfee Host Intrusion Prevention (Host IPS) is another key component of the Total Protection for Endpoint defense arsenal. Host IPS protects all endpoints from known and unknown zero-day threats by combining signature and behavioral intrusion prevention protection with a stateful desktop firewall and application control. McAfee Host IPS reduces patching frequency and urgency, preserves business continuity and employee productivity, protects data confidentiality, and supports regulatory compliance. Host IPS brings order to the often chaotic patching process and, by doing so, cuts costs. It provides zero-day endpoint protection for 97 percent of Microsoft 2 vulnerabilities, which enables enterprise IT administrators to plan, prioritize, and deploy patches in alignment with business schedules. The alternative is a reactive approach to patching; without Host IPS, administrators must immediately deploy patches to all systems, to none, or to an ad hoc selection based on guesswork. Network access control (NAC), included with the advanced version of Total Protection for Endpoint, prevents noncompliant systems from jeopardizing business continuity by stopping them before they access the corporate network. And integration of policy auditing with the Total Protection for Endpoint solution simplifies and automates compliance reporting at audit time by validating compliance across systems and security solutions. Key Protection Tiers of McAfee Total Protection for Endpoint The following table represents the protection tiers included with Total Protection for Endpoint solutions: Protection Tier ToPS for Endpoint Essential (TEE) ToPS for Secure Business (TEB) ToPS for Endpoint (TEN) ToPS for Endpoint Advanced (TEA) ToPS Service (TSB) ToPS Service Advanced (TSA) Single management console Desktop and server anti-virus Desktop anti-spyware Desktop host IPS and firewall Web security server anti-virus and antispam Network access control Desktop policy auditing Device control Full disk encryption and web gateway anti-virus and web gateway anti-spam and web gateway URL/ content filtering anti-virus and anti-spam services Figure 3. Total Protection for Endpoint provides end-to-end protection for businesses of any size. 2. This statistic refers to 2007 Microsoft vulnerabilities. 7

8 With Total Protection for Endpoint, enterprises no longer have to rely on unmanageable standalone products that do not offer sufficient coverage and cannot scale to support enterprise security and compliance goals. Simplified Compliance Total Protection for Endpoint also addresses strict compliance requirements for regulations, such as the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act (SOX), the Data Protection Act, and others that are forcing organizations to safeguard data and deploy stronger security. In most organizations, IT operations demand the rapid remediation of systems that are vulnerable to attack and are out of compliance with both internal policies and government or industry regulations. And as most security professionals know, it is not enough to just know about and follow regulations and corporate IT policies in today s environment, companies also have to demonstrate that they are in compliance with them. Total Protection for Endpoint is the industry s first unified management platform for endpoint security, access control (NAC), and compliance auditing. Compliance management is simplified every step of the way: Identify and report on rogue systems, vulnerabilities, service misconfigurations, and policy violations by mapping IT controls against predefined compliance policies Enforce policies by making sure that all endpoints are compliant with security policies before allowing access to network and/or data stores Prove compliance by consistently reporting on both internal security policies and key government and industry regulations Network access control (NAC) for compliant systems and safe networks Mobility, mergers and acquisitions, and offshore partnerships are part of the evolution of a growing enterprise. But greater flexibility and expanded operations also increase risk. One noncompliant, infected, or misconfigured laptop on an organization s network can cost significant time and money in terms of system downtime, loss of reputation, regulatory fines for noncompliance, frustrated customers, and IT support for restoring systems. With the volume of guests and contractors bringing noncompliant systems into your organization growing rapidly, it comes as no surprise that organizations have serious concerns when it comes to NAC. Traditional NAC systems promise to scan devices as they try to log onto a network to test their overall security posture. But enterprises are also looking for NAC protection against hidden attacks by monitoring devices after they have been granted access. The advanced version of Total Protection for Endpoint includes NAC software for managed hosts to help mitigate risk to managed corporate assets posed by systems that do not comply with security policies. It combines powerful yet flexible policy control with a wide range of enforcement methods to protect networks. Network exposure to noncompliant, infected, or misconfigured systems is minimized because McAfee NAC allows only authorized devices to have network access. It enforces compliance to internal policies and industry or government regulations by scanning devices to test their overall security posture as they attempt to log onto a network Working in concert with the McAfee NAC Appliance for handling guests and contractors, McAfee NAC endpoint software for managed hosts identifies, quarantines, and remediates attack vectors before they spread. Because it is integrated into the epo management console, IT departments gain immediate visibility on PCs or laptops used by guests, contractors, partners, or branch offices to trigger antimalware protections or to correct and update noncompliant machines. 8

9 Easing the demands of audits Using McAfee technology, once onerous compliance tasks that were tackled manually have given way to integrated, automated processes that support industry standards, make data gathering seamless, provide flexible reporting options, and positively impact the bottom line. Included in the advanced version of Total Protection for Endpoint, McAfee Policy Auditor is tightly integrated into the epo infrastructure and is built on Secure Content Automation Protocol (SCAP) standards to automate the processes required for IT audits. SCAP standardizes the types of information that are communicated among products and services for asset, vulnerability, and compliance management. Policy auditing implements SCAP as a way of streamlining and simplifying compliance. The end result is a confident response to the question Can you prove it? as well as fewer long, sleepless nights for hardworking IT and security staff members. From a single dashboard, epo displays an organization s overall security status, including compliance posture Total Protection for Endpoint policy auditing provides a continuous audit model Waiver or exception management helps justify deviations from policy to auditors epo s flexible dashboards satisfy the board, C-level executives, auditors, and compliance teams Figure 4. epo s dashboard view for PCI DSS compliance status Risk Identification: Take the guesswork out of where to focus your security efforts A relatively new entrant to the McAfee product line, Risk Advisor proactively combines threat, vulnerability, and countermeasure information to pinpoint assets that are truly at risk. It takes the guesswork out of when and where to focus your security efforts, saving you time and money. For example, when a new set of vulnerability alerts are issued by software vendors, Risk Advisor takes this information and other threat feeds from McAfee s Global Threat Intelligence network and combines it with knowledge of a customers on-site assets and in-place countermeasures. This can immediately pinpoint the most at-risk assets for immediate attention, freeing IT people from rushing out untested patches across all assets, which can increase errors and take down business processes. 9

10 Figure 5. McAfee Risk Advisor report, showing threats by severity, vendor, vector, regulation, as well as which devices are at risk Total Protection for Endpoint also reduces audit fatigue by saving a company an enormous amount of resources in time, money, and personnel at audit time. In a recent McAfee-commissioned survey on IT audit-related functions, the most notable finding was the lack of automated tools. In organizations with more than 5,000 employees, 51 percent of organizations surveyed used either unspecified tools or spreadsheets. IT managers can greatly reduce the amount of staff time needed to satisfy auditors by selecting the advanced version of Total Protection for Endpoint, which has a common management platform and automates data harvesting and controls through a unified compliance reporting infrastructure. Automating controls is critical for improving the audit process, especially since regulations such as SOX encourage continuous internal controls monitoring. With Total Protection for Endpoint, organizations can build repeatable and sustainable processes, reducing the impact of IT audits and ensuring the integrity of audit data. McAfee Total Protection for Endpoint Makes Good Business Sense Investing in McAfee Total Protection for Endpoint means organizations do not have to start from scratch when new threats appear. Built on a proven platform that evolves as the threat environment evolves, it protects corporate systems and an organization s security investment. Total Protection for Endpoint lowers total cost of ownership because it is an integrated platform built for scalability. It provides a higher level of protection across multiple tiers of security, ensures business continuity, and helps an organization maintain a high level of productivity because it is no longer at the mercy of today s sophisticated threats. Simply stated, enterprises can expect superior security and a healthier risk profile. epo reduces operational costs Total Protection for Endpoint leverages epo to simplify security management, and it lowers the cost of managing IT security and compliance with an open, unified platform. Enterprises reduce the number of servers, people, and time needed to manage security and compliance across the IT infrastructure. 10

11 80 Security and Patching Milestones Hours, People, Cycles Number of Patch Cycles Number of People Assigned to Patch Operations Average Hours per Cycle Total FTE Anti-virus, Network Security Platform, and Vulnerability Manager Host IPS installed Patching process and policy refinements due to Host IPS Optimized/ stable Figure 6. McAfee uses Total Protection for Endpoint to achieve dramatic cost savings through fewer, planned patching cycles. McAfee s IT staff manages the patch process for over 5,000 desktops and laptops as well as 700 servers across 31 countries. The figure above shows how McAfee has saved $5.5 million over 3 years in reduced operations costs. In addition, full time equivalent personnel dedicated to patching was reduced from 27 to 0.3. Incident response Perhaps the single most significant benefit of Total Protection for Endpoint is that incident response times are accelerated dramatically. Access to consolidated information about threats and possible intrusions speeds up outbreak response times and provides the centralized mechanisms needed to quickly identify and respond to threats. Thanks to epo, IT professionals can quickly determine what systems are out of compliance which ones lack adequate protection (for example, laptops that do not have anti-spyware installed) and which have outdated.dat files. After identifying those systems, IT can apply updates and remediations companywide, whether systems are in-house or remotely connected to the network. Figure 7. The epo dashboard provides a complete view of an organization s security status for quicker problem resolution. 11

12 epo further reduces the burden on IT when it comes to installing, configuring, and maintaining security technologies. With epo, IT can centrally deploy software according to corporate security and compliance policies. Through advanced installers, the presence of third-party security products can be detected and policies can be created to address them. For example, an IT department can establish an epo policy that will delete third-party anti-virus software on all machines and install McAfee anti-malware to streamline operational efficiencies and enhance enterprise security. Leverage the products you already own with the security innovation alliance Most organizations deploy security and other IT products from multiple vendors that do not interact with each other. In today s fast evolving threat landscape, this not only increases operational costs, it may even increase risk. Security challenges now require open, collaborative approaches to detect threats, reduce risk, and ensure compliance. The McAfee Security Innovation Alliance (SIA) is a technology partnering program that delivers solutions to integrate data and actions such as alerts with existing customer products, helping to reduce time to problem resolution and lower operational costs. Central to McAfee s relationship with each SIA partner is at least one customer use case. For example, an SIA partner might link Its real-time monitoring and threat detection with our incident response and compliance reporting. You can browse the SIA Partner Directory on mcafee.com to explore a listing of interoperable security solutions that provide simplified integration with complex customer environments. Figure 8. McAfee s Security Innovation Alliance Partners Demonstrable ROI through total cost of ownership analysis McAfee epolicy Orchestrator (epo) improves an organization s return on investment (ROI) even beyond endpoint protection, because it is the industry s first and only platform that enables organizations to centrally manage endpoint, data, and network security as well as risk and compliance. Organizations 12

13 benefit from epo not only by gaining a holistic view of their security and compliance posture, but also because it helps them optimize resources and security visibility across the entire infrastructure. To prove the cost effectiveness of implementing McAfee epo, McAfee recently released the Forrester Total Economic Impact Calculator to determine cost savings and total cost of ownership of deploying McAfee solutions. Forrester Consulting was commissioned by McAfee to develop an ROI calculator to help organizations quantify the costs and benefits of using epo to manage their security. Organizations can now estimate the financial impact of using epo, so that they can quantify the benefits of investing in this product. The ROI calculator takes into account the cost and benefits of a company s IT investment, future options created by the investment (flexibility), and the risk of a security breach. Decisions about investing in security no longer have to be ruled by what ifs the Forrester ROI calculator uses real-world numbers to calculate real-world benefits. The only information required is an organization s annual revenue, gross profit margin, and number of endpoints needing protection, and the calculator will determine operational ROI. The calculator uses Forrester s industry-proven Total Economic Impact (TEI) methodology to estimate the total expected cash flow and return of using McAfee. The cost of security is based on auditable data the cost of full-time employees, for example. On average, the calculator has determined that an enterprise with approximately 5,500 systems could see more than $1.3 million in annual operational cost savings. A medium size business with 500 systems could save more than $500,000. The calculator bases its results on the operational efficiencies gained by having a single console, the potential decreases in license costs, and the impact of being able to identify and respond more quickly and effectively to security incidents. Estimated Annual Operational Cost Savings by Security Domain 100% 80% $57,690 $131,624 $19,423 $12,894 60% 40% $235,189 $65,881 and Messaging Security Network Security Endpoint Security 20% 0% Total Estimated Annual Operational Cost Savings: $522,701 Figure 9. Estimated annual operational savings by domain Results delivered by the model are calculated using Forrester s TEI methodology, which includes elements of flexibility, benefits, and costs balanced against risk. The ROI calculator breaks down an organization s cost savings into the following functional areas: Monitoring everyday security and ensuring regulatory compliance Responding to security incidents Maintaining multiple management consoles 13

14 Managing policy configuration and policy enforcement for multiple point product solutions throughout the organization Maintaining and managing endpoint, network, and content security infrastructure throughout the organization Easy to use and fully customizable, ROI and cost savings can be calculated in less than 30 seconds, and the calculator can be tailored to match an organization s specific requirements. A web-based version of the McAfee ROI calculator is available at Note: The information and results in this document are only an estimate of potential costs and savings. Actual results will vary and may be affected by individual human factors and interactions, implementation of alternate processes and procedures, or unanticipated events. Forrester does not endorse McAfee or its offerings. Although great care has been taken to ensure the accuracy and completeness of this model, McAfee and Forrester Research are unable to accept any legal responsibility for any actions taken on the basis of the information contained herein. The tool is provided as is, and Forrester and McAfee make no warranties of any kind. For more details on Forrester TEI methodology, visit Conclusion Today s threats to enterprise endpoints are more complex, more numerous, and more varied than ever before, but that does not necessarily mean that organizations have to resort to assembling a patchwork of point products to achieve comprehensive security and peace of mind. McAfee Total Protection for Endpoint has eclipsed traditional standalone products in the scope of its protection, its flexibility, its ability to support compliance, and its operational efficiencies. The extensible architecture of Total Protection for Endpoint with scalable management through epo leverages a company s current infrastructure, providing solid endpoint security for today and for the future. McAfee s single management framework combines multiple technologies to protect endpoints against the full spectrum of today s complex threats. It delivers better security while it simplifies compliance management and reporting, and reduces costs. Organizations of all sizes can rely on unified endpoint protection, combined with compliance reporting, managed from a single centralized console from a trusted vendor McAfee. Learn More about McAfee Total Protection for Endpoint Visit or call us at , 24 hours a day, seven days a week. McAfee Total Protection for Endpoint and McAfee Total Protection for Endpoint Advanced are part of the McAfee family of business security products and services. McAfee provides a comprehensive portfolio of dynamic risk management and mitigation solutions that secure your business advantage. About McAfee, Inc. McAfee, Inc., headquartered in Santa Clara, California, is the world s largest dedicated security technology company. It delivers proactive and proven solutions and services that secure systems and networks around the world, allowing users to browse and shop the web securely. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector, and service providers by enabling them to comply with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee, Inc Freedom Circle Santa Clara, CA McAfee and/or other noted McAfee related products contained herein are registered trademarks or trademarks of McAfee, Inc., and/or its affiliates in the U.S. and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. Any other non-mcafee related products, registered and/or unregistered trademarks contained herein is only by reference and are the sole property of their respective owners McAfee, Inc. All rights reserved. 8095wp_tops_complexities_0110_fnl_ETMG