McAfee Endpoint Security Frequently Asked Questions

Similar documents
How McAfee Endpoint Security Intelligently Collaborates to Protect and Perform

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

McAfee Threat Intelligence Exchange Software

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

Technology Blueprint. Secure Your Virtual Desktop Infrastructure. Optimize your virtual desktop infrastructure for performance and protection

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Direct or Transparent Proxy?

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

McAfee Security Architectures for the Public Sector

Product Guide. McAfee Endpoint Security 10

McAfee Server Security

McAfee Public Cloud Server Security Suite

Endpoint Security for DeltaV Systems

Secure Virtualization in the Federal Government

McAfee Certified Product Specialist McAfee epolicy Orchestrator

Cisco Advanced Malware Protection for Endpoints

The client transfer between epo servers guide. McAfee Drive Encryption 7.1.3

McAfee Host Intrusion Prevention Patch 6 Software

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

Technology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption

Sophistication of attacks will keep improving, especially APT and zero-day exploits

McAfee Deep Safe. Security beyond the OS. Kai-Ping Seidenschnur Senior Security Engineer. October 16, 2012

BlackRidge Technology Transport Access Control: Overview

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

McAfee Advanced Threat Defense 3.6.0

SANS Top 20 Critical Controls for Effective Cyber Defense

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

McAfee Data Loss Prevention Endpoint 9.4.0

McAfee Data Loss Prevention Endpoint

McAfee MOVE AntiVirus Multi-Platform 3.5.0

Total Protection for Compliance: Unified IT Policy Auditing

Web Request Routing. Technical Brief. What s the best option for your web security deployment?

Desktop Release Notes. Desktop Release Notes 5.2.1

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

McAfee Web Reporter Turning volumes of data into actionable intelligence

Product Guide. McAfee Endpoint Security for Mac Threat Prevention

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Symantec Advanced Threat Protection: Network

Choosing Between Whitelisting and Blacklisting Endpoint Security Software for Fixed Function Devices

Endpoint Security More secure. Less complex. Less costs... More control.

McAfee Endpoint Protection Products

Data Center Connector for vsphere 3.0.0

Cisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

McAfee Endpoint Security Software

McAfee Network Security Platform 8.2

McAfee DAT Reputation Implementation Guide. Version 1.0 for Enterprise

Breaking the Cyber Attack Lifecycle

Securing Your Business s Bank Account

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

End to End Security do Endpoint ao Datacenter

McAfee Data Loss Prevention Endpoint

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Best Practices for Deploying Behavior Monitoring and Device Control

Securing the Internet of Things

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Symantec Endpoint Protection

Cisco Advanced Malware Protection for Endpoints

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Data Center Connector for OpenStack

McAfee MOVE AntiVirus (Agentless) 3.6.0

Endpoint protection for physical and virtual desktops

White Paper. No Signature Required: The Power of Emulation in Preventing Malware

INTRODUCING isheriff CLOUD SECURITY

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

Trend Micro OfficeScan Best Practice Guide for Malware

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Database Security in Virtualization and Cloud Computing Environments

Unprecedented Malware Growth

Data Sheet: Endpoint Security Symantec Endpoint Protection The next generation of antivirus technology from Symantec

Anti-Spyware Enterprise Module software

CA Anti-Virus r8.1. Benefits. Overview. CA Advantage

Symantec Endpoint Protection

Content-ID. Content-ID URLS THREATS DATA

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Best Practices for Running Symantec Endpoint Protection 12.1 on the Microsoft Azure Platform

Virtualization Guide. McAfee Vulnerability Manager Virtualization

Endpoint Threat Detection without the Pain

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Next Generation Firewalls and Sandboxing

SECURITY PLATFORM FOR HEALTHCARE PROVIDERS

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Threat Center. Real-time multi-level threat detection, analysis, and automated remediation

Websense Web Security Solutions

Technology Blueprint. Protect Your Servers. Preserve uptime by blocking attacks and unauthorized changes

Application Note. Configuring McAfee Firewall Enterprise for McAfee Web Protection Service

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

IBM Endpoint Manager for Core Protection

McAfee Client Proxy 2.0

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

Symantec Client Management Suite 8.0

Transcription:

McAfee Endpoint Security Frequently Asked Questions Overview You re facing new challenges in light of the increase of advanced malware. Limited integration between threat detection, network, and endpoint technologies lengthens your response time and complicates remediation. In addition, it s often difficult to translate malware information into action and remediation. To help arm you with the defenses and tools today s advanced threats require, our endpoint protection defenses are built upon an integrated security framework: McAfee Endpoint Security. Below are a few frequently asked questions (FAQs): Q: What is it? A: is our collaborative protection for McAfee Endpoint Protection Suite customers. It provides a framework that allows multiple endpoint defense technologies to communicate in real time to analyze and collaborate against new and advanced threats. Q: What is new in version 10.5? A: provides a collaborative security framework that reduces the complexity of endpoint security environments, delivers better performance that protects productivity, and offers visibility into advanced threats that speeds detection and remediation responses. Its extensible architecture provides a framework for IT teams who are burdened with multiple solutions to more easily view, respond to, and manage the threat defense lifecycle. Our 10.5 release introduces several new technologies and improvements: Real Protect. 1 Applies state-of-the-art machine learning techniques to identify malicious code based on both what it looks like and what it might do (pre-execution analysis) and what it does (dynamic behavioral analysis) all without signatures. Dynamic Application Containment. 2 This release includes the ability to contain a single instance of a process. McAfee Client Proxy integration. is now ready for Multi-Layered Web Gateway Security which provides pervasive protection wherever a user travels, eliminating the gap of off-network protection by connecting endpoints to the Web Gateway cloud service.

Migration Assistant. The automatic migration capability now includes McAfee epolicy Orchestrator (McAfee epo ) system tree groups and McAfee VirusScan Enterprise policies for workstations and servers. The assistant will also now generate equivalent McAfee Endpoint Security Web Control multi-slotted policies during migration. Firewall Module. HTTPS suffix now available for domain reachability location criteria. Threat Prevention Module. On-Demand Scans now include a registry scanning option. Administrators can create custom services Access Protection rules and Access Protection rules now include Windows Services. Custom Application Exploit Prevention is available along with McAfee-supplied intrusion prevention system (IPS) signatures. Lastly, Windows Application protection has been added to Exploit Prevention rules. Q: What are the key areas of improvement? A: version 10.5 continues the positive improvements that we ve already witnessed in prior releases: Zero-impact user scans only run when the device is idle and resumes after shutdown or restart. Our framework allows us to deploy future scanners and content without requiring point product binary updates. Idle CPU use is 18% faster than McAfee VirusScan Enterprise. Boot time is 18% faster than McAfee legacy endpoint security. CPU utilization is 89% better than McAfee legacy endpoint security. First-time scans for 10.1 run more than 30% faster over our legacy endpoint security solutions. Version 10.2 Improvements: Initial on-demand scans are 48% faster over McAfee VirusScan Enterprise. Applications launch 57% faster compared to 10.1. Endpoints shut down 27% faster than 10.1. File copy with 10.2 is 32% faster than deployments of McAfee VirusScan Enterprise/McAfee Host Intrusion Prevention for Server/McAfee SiteAdvisor Enterprise. Version 10.5 Improvements over McAfee legacy endpoint security: The user interface launches 34% faster. Web browsing is 17% faster. Reduced impact to endpoint performance. File Copy is performed 17% faster. Installation of applications occurs 38% faster. System boot times are 12% faster.

Q: What is included with? A: There are three core modules: Threat Prevention Module. Includes several new advanced malware scanning features to defend against emerging and targeted attacks. It is a replacement for McAfee VirusScan Enterprise, however unlike VirusScan Enterprise, it includes exploit prevention capabilities similar to those found in Host Intrusion Prevention. Web Security Module. Prevents users from browsing to malicious or unauthorized websites and serves as a replacement for McAfee SiteAdvisor Enterprise. Firewall Module. Stops malicious inbound and outbound network traffic and replaces the Host Intrusion Prevention System Firewall feature of Host IPS. The Adaptive Threat Protection module is a new module which is available as part of the Complete Endpoint Threat Protection suite (formerly Complete Endpoint Protection Enterprise). This module houses Dynamic Application Containment (DAC) and Real Protect technologies. Both DAC and Real Protect integrate with the framework. Customers interested in obtaining DAC and Real Protect should contact a sales representative or their partner for information on how they can migrate from their current suites to obtain these capabilities. Q: What is Dynamic Application Containment (DAC)? A: DAC is a capability that traces and contains threats like greyware and secures patient-zero. It is lightweight and doesn t require a cloud connection so users are protected no matter their location. DAC detects and contains greyware immediately to stop infection before it begins for endpoints both on and off the network. It is available as part of the McAfee Complete Endpoint Threat Protection suite. Q: What is Real Protect? A: Real Protect uses machine-learning behavior classification to detect zero-day threats in near real time enabling actionable threat intelligence. It stops known threats by comparison and analysis of established malware attributes, then combats and convicts the unknown using behavioral and memory analysis. It unpacks executables to detect sophisticated threats with obfuscated code variants, undetected by static detection methods. Q: Do either Real Protect or DAC require an internet connection? A: Dynamic Application Containment works with or without a connection while Real Protect requires a connection. However, because Real Protect and DAC leverage McAfee Global Threat Intelligence to get the latest information on threat behaviors and the Real Protect cloud aids in the decision process when determining the intent of behaviors, an internet connection is recommended to help avoid any false positive convictions and to combat the newest emerging threats as they appear in real time globally. Q: How does the web gateway cloud service work with? A: Integration of McAfee Client Proxy into enables the endpoint the ability to redirect HTTP and HTTPS traffic transparently to McAfee Web Gateway or McAfee Web SaaS cloud. The re-directed traffic can be scanned for malware, reputation and category-based filtering along with SSL decryption all managed by McAfee epo or cloud epo software for an integrated user experience. Customers using McAfee Client Proxy with will see a dramatic reduction in infected endpoints, pervasive protection wherever their users travel, and elimination of the gap caused by off-network protection.

Q: What are the advantages of the common architecture in the platform? A: Along with higher performance and better protection, the common architecture allows the modules to work together to provide improved security. For example, when a file gets downloaded, the Web Control module sends a file hash to the Threat Prevention module. The Threat Prevention module triggers an immediate on-demand scan on the file. You can also configure McAfee Global Threat Intelligence sensitivity in McAfee epo software for these types of scenarios. Based on the results of the scan, the product will take the necessary action. Q: Does offer full Host Intrusion Prevention for Server functionality? A: Customers that use Host Intrusion Prevention for Server currently with McAfee content or who manage signatures provided through McAfee updates will find that version 10.5 will meet their needs. Version 10.5 offers most of the Host Intrusion Prevention for Server functionality customers require including the following: 1. Custom Access Protection Rules (File/Registry/Process), including user-based inclusions/exclusions. 2. Exploit Prevention now has enhanced exclusions as well as support for General Privilege Escalation Protection. 3. Data Execution Protection. 4. Supervisor Mode Execution Protection. Customers will be able to operate and Host Intrusion Prevention for Server on the same machine as there is co-existence of both. It is also worth noting that there are advanced features of the Threat Prevention module (Generic Buffer Overflow Protection, Data Execution Prevention, and advanced Access Protection rules) that provide protection against advanced targeted attacks. Lastly, the Threat Intelligence Exchange module can also be added to the platform providing further advanced threat protection capabilities. Q: Are Macintosh and Linux systems supported? A: Yes, supports both Mac OS and Linux. Also, both Windows and Macintosh systems can now be managed by the same policy configurations in McAfee epo software and Cross-OS Threat Prevention Extensions exist to simplify management. Administrators no longer need to manage Threat Prevention policies for the Macintosh platform separately. Q: Is there an additional charge or cost? A: Current Endpoint Suites customers are entitled to at no additional cost. The Adaptive Threat Protection module is available only to Complete Endpoint Threat Protection (formerly CEE suite) customers. Customers may purchase or migrate to the Complete Endpoint Threat Protection suite using cross-grade paths or at the time of renewal. Two additional add-on packages are also available for purchase McAfee Endpoint Threat Defense and McAfee Endpoint Threat Defense and Response which offer these technologies along with others like McAfee Active Response. Contact your sales representative or partner for more information and for help determining what best fits the requirements of your environment.

Q: What is available to aid in migrating our existing policies? A: We have created a Migration Assistant tool that will aid you in migrating data to the McAfee Endpoint Security platform. There are two approaches that can be taken: Automatic Migration. Customers can create new policies and client tasks automatically, based on current product settings, and assign them to groups and managed systems based on current assignments. Manual Migration. Customers select the settings to migrate and, optionally, edit them. Manual migration does not retain assignments. Help is also available from the Intel Security Professional Services team including upgrade assessment, design, pilot planning, and optimization. Q: How do we get access to? A: You simply log in to McAfee epo software, and it will be available within Software Manager. You can also get access by using your grant number to download the software package in order to install it via McAfee epo software. Q: Where can I go to learn more about? A: Additional materials can be found on the landing page and within online help. 1. The solution includes hosted data centers located in the United States used to check file reputations and store data relevant to suspicious file detection. Although not required, Dynamic Application Containment will perform optimally with a cloud connection. Full Dynamic Application Containment and Real Protect product capabilities require cloud access, active support and are subject to Cloud Service Terms and Conditions. 2. Ibid. McAfee. Part of Intel Security. 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.intelsecurity.com Intel and the Intel and McAfee logos, epolicy Orchestrator, McAfee epo, SiteAdvisor, and VirusScan are trademarks of Intel Corporation or McAfee, Inc. in the US and/or other countries. Other marks and brands may be claimed as the property of others. Copyright 2016 Intel Corporation. 1873_1016 OCTOBER 2016

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information