Review: McAfee Vulnerability Manager

Similar documents
Total Protection for Compliance: Unified IT Policy Auditing

Vulnerability Management

Agent or Agentless Policy Assessments: Why Choose?

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

How To Buy Nitro Security

SANS Top 20 Critical Controls for Effective Cyber Defense

Symantec Control Compliance Suite Standards Manager

Extreme Networks Security Analytics G2 Vulnerability Manager

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Clavister InSight TM. Protecting Values

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

IT Security & Compliance. On Time. On Budget. On Demand.

McAfee Vulnerability Manager 7.5.1

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Continuous Network Monitoring

A Decision Maker s Guide to Securing an IT Infrastructure

IBM Security QRadar Vulnerability Manager

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

IBM. Vulnerability scanning and best practices

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Criticial Need for Stronger Network Security. QualysGuard SaaS-based Vulnerability Management for Stronger Security and Verification of Compliance

Current IBAT Endorsed Services

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

McAfee Database Security. Dan Sarel, VP Database Security Products

STATE OF NEW JERSEY IT CIRCULAR

GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE

Virtualization Guide. McAfee Vulnerability Manager Virtualization

Extreme Networks Security Analytics G2 Risk Manager

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Secret Server Qualys Integration Guide

QRadar SIEM 6.3 Datasheet

Installation Guide. McAfee Vulnerability Manager 7.5

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

GFI White Paper PCI-DSS compliance and GFI Software products

Cybersecurity Health Check At A Glance

Secret Server Splunk Integration Guide

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Enterprise Security Solutions

9 Free Vulnerability Scanners + 1 Useful GPO Tool

Devising a Server Protection Strategy with Trend Micro

How To Monitor Your Entire It Environment

BIG SHIFT TO CLOUD-BASED SECURITY

Protecting Applications on Microsoft Azure against an Evolving Threat Landscape

Total Defense Endpoint Premium r12

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Integrated Threat & Security Management.

The Nexpose Expert System

YOUR NETWORK SECURITY WITH PROACTIVE SECURITY INTELLIGENCE

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Technical Note. ForeScout CounterACT Endpoint Detection & Inspection Methods

Alcatel-Lucent Services

White Paper. Managing Risk to Sensitive Data with SecureSphere

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

How To Protect Your Cloud From Attack

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Scanning One Million IP Addresses with McAfee Vulnerability Manager Date: January 2014 Author: Tony Palmer, Senior Engineer and Analyst, ESG Lab

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Bringing Continuous Security to the Global Enterprise

Introduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Network Configuration Manager

Delivering IT Security and Compliance as a Service

IBM Tivoli Endpoint Manager for Security and Compliance

BeyondInsight Version 5.6 New and Updated Features

Your world runs on applications. Secure them with Veracode.

McAfee Server Security

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

Detecting rogue systems

Devising a Server Protection Strategy with Trend Micro

Digital Pathways. Penetration Testing

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

McAfee Endpoint Protection Products

Cisco Security Optimization Service

The Business Case for Security Information Management

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Web App Security Audit Services

rating of 5 out 5 stars

Server & Application Monitor

whitepaper The Benefits of Integrating File Integrity Monitoring with SIEM

Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw

White Paper. Imperva Data Security and Compliance Lifecycle

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Transcription:

Review: McAfee Vulnerability Manager S3KUR3, Inc. Communicating Complex Concepts in Simple Terms Tony Bradley, CISSP, Microsoft MVP September 2010

Threats and vulnerabilities are a way of life for IT admins. With the continued rise of computer and network attacks, the threat is virtually constant. And, with complex software it is all but guaranteed that there will be vulnerabilities for the threats to exploit. McAfee Vulnerability Manager--especially when used within the McAfee epolicy Orchestrator security management platform--provides IT admins with a powerful and effective tool for identifying and remediating vulnerable systems, and managing risk to protect the network. McAfee Vulnerability Manager enables an organization to identify vulnerabilities and policy violations and prioritize them based on the risk they represent within its unique infrastructure. McAfee Vulnerability Manager also helps IT departments monitor and maintain compliance with regulatory and industry security requirements. Installation McAfee offers Vulnerability Manager as software you can install on your own physical or virtualized servers, or as a hardened appliance. Each has pros and cons, but you get the same underlying McAfee Vulnerability Manager either way. It s also available as SaaS or through several companies as a managed service. The hardware and operating system requirements for the software version of McAfee Vulnerability Manager are fairly minimal and shouldn't require any special investment in servers. All you need is a server with at least dual 2GHz Xeon processors, 2Gb of RAM, 80Gb of hard drive space, and Windows 2003 SP2 or higher. It also requires a Microsoft SQL Server database built on SQL Server 2005 SP2 or later. I worked with the McAfee Vulnerability Manager appliance, so McAfee Vulnerability Manager was essentially plug and play and I was ready to get down to business. Discovery One of the biggest problems with most efforts at vulnerability scanning is that few organizations have an accurate accounting of asset inventory. A vulnerability scan that doesn't include all assets could miss vulnerable systems and expose the network to unknown risk. McAfee Vulnerability Manager provides unique ability to run continuous scans to identify new systems on the network. It can detect systems using four protocols: TCP, UDP, ICMP and even ARP. Most vulnerability scanners will rely solely on a single ICMP echo request test result where as McAfee Vulnerability Scanner accurately identifies all the assets on the network with variety of discovery methods across four different protocols. McAfee Vulnerability Manager integrates with common asset management systems such as LDAP, and Microsoft Active Directory, as well as McAfee epolicy Orchestrator (epo). McAfee Vulnerability Manager

conducts network discovery to map every asset on the network and helps identify and inventory virtual computers, rogue devices, and other connected systems to maintain an accurate inventory. Most importantly it creates the soft assets like SAP applications or internal portals in the asset inventory which allows better tracking of the applications and asset/application lifecycle management. Scanning With my network assets inventoried, it was time to conduct a scan and see what McAfee Vulnerability Manager is capable of. McAfee Vulnerability Manager uses a combination of authenticated scans, agentless scans, and penetration testing to ensure that all assets are scanned--including networkconnected printers and smartphones. Over 22,000 vulnerability checks and capability to identify 450+ operating systems provides razor sharp accuracy and efficiency in scanning with the fewest false positives. Over 400 researchers and McAfee s Global Threat Intelligence cloud provide the latest vulnerability checks to protect against new or evolving threats. Credential scanning of the target system provides more granular comprehensive scanning. McAfee Vulnerability Manager allows the IT admin to provide credentials on a per-asset basis, or use centralized credentials for simplified authentication. McAfee Vulnerability Manager also lets IT admins segregate scans by IP range, organizational unit, system types, or other custom tags, providing flexibility for how invasive and how frequent scans should be conducted for a given asset or group of assets. McAfee Vulnerability Manager goes beyond simply scanning for open ports to comprehensively scan database banners, policy settings, file and folder permissions, running services, and registry keys. McAfee provides scanning for third-party products that comply with OVAL, SCAP, and other standards, and custom checks can be created to test proprietary applications. Attackers and malware developers have come to expect that port 80 will be open through the firewall, and that many targets have a publicly accessible Web application server. Because the Web server is typically less protected than other internal servers, it represents a potential Achilles heel. McAfee conducts deep Web application scanning--checking against vulnerabilities identified in the latest OWASP Top 10 and CWE/SANS Top 25 lists of pervasive weaknesses and program security concerns.

Assessing Risk Figure 1. System Details provide a quick overview of the current state of a given machine and the actions necessary to protect it. There are a variety of applications available capable of conducting a vulnerability scan. What sets McAfee Vulnerability Manager apart from competing solutions is the intelligence and intuition McAfee has built in to analyze the results of the scans and assess the overall risk. McAfee s Patented FoundScore employs a unique algorithm--based on asset criticality, resource type, identified vulnerabilities and their associated risk, and other variables--to assign a risk grade. Vulnerability Manager also supports the Common Vulnerability Scoring System (CVSS) and provides base, temporal and environmental scores for each vulnerability to help prioritize them. In addition, McAfee Vulnerability Manager takes other security controls into account in determining the actual exposure of a vulnerable asset to a given threat. With a more precise understanding of the exposure to risk based on the layers of defense in place for the unique network environment, IT admins can address issues more efficiently. The risk prioritization done by McAfee Vulnerability Manager, provides IT admins with an intuitive method for determining which assets are the most urgent to address. Upon further review, I discovered McAfee Risk Advisor utilizes this information from Vulnerability Manager and correlates it with known McAfee countermeasures already in place as well as real-time threat intelligence to give users a full risk profile of their environment. Remediating Weaknesses As new threats are identified, McAfee Vulnerability Manager quickly and easily identifies which assets are impacted without the need for any additional scanning. This is particularly helpful for times like Microsoft's monthly Patch Tuesday release of new updates, or Adobe's quarterly security updates which are scheduled to coincide with Patch Tuesday.

Based on information previously gathered by McAfee Vulnerability Manager, the software lets IT admins see which assets are affected, and which assets represent the most urgent priority for remediation, or which assets are most exposed to new vulnerabilities or emerging threats. Compliance The regulatory and industry compliance aspects stood out to me as valuable benefits of McAfee Vulnerability Manager. Many organizations fall under multiple compliance frameworks--perhaps compelled to meet the requirements of Sarbanes-Oxley (SOX), HIPAA, and PCI-DSS (PCI) simultaneously. State and local laws often overlap these regulatory requirements, and government and municipal agencies may also fall under information disclosure rules requiring certain systems and data to be protected. Compliance efforts are often treated as competing one-off projects which are implemented and maintained separately and inefficiently. Compliance audits represent only a snapshot in time, but passing is often the only goal and on-going monitoring is not conducted to ensure compliance between audits. Figure 2. McAfee Vulnerability Manager provides a variety of built-in compliance templates. McAfee Vulnerability Manager includes vulnerability scanning templates for all of the most common compliance frameworks, including SOX, HIPAA, PCI, FISMA, BASEL II, GLBA, and more. The scans and reports from McAfee Vulnerability Manager provide IT admins with critical information that can be used

to maintain compliance more effectively and efficiently--especially in organizations burdened by multiple compliance mandates. Filling the Holes One of the coolest reports I found was the ability to identify what could be fixed or avoided if the right tools were in place. With a few clicks, IT admins can generate a report spelling out the number of impacted systems, and/or the number of applicable threats that might be addressed if another solution were in place. Quantifiable, real-world data such as this is an invaluable tool for making the case to executives to allocate funds for additional security purchases or validate existing investments. Figure 3. McAfee Vulnerability Manager lets you see at a glance which measures or tools will provide better protection. Summary No other solution combines the flexibility, comprehensive scanning, and powerful remediation capabilities in a single package. For organizations that already rely on a McAfee epolicy Orchestrator infrastructure for managing security, McAfee Vulnerability Manager is virtually a no-brainer. For organizations that don't currently use McAfee security products, McAfee Vulnerability Manager makes a compelling case for switching. With or without epo--or any other additional McAfee security products, McAfee Vulnerability Manager is an exceptional platform for assessing and managing risk in any network environment. Starting around $12,000 for the appliance, McAfee Vulnerability Manager is a cost-effective solution that will simultaneously help IT operate more proactively and efficiently, and ensure a more secure network for organizations of all sizes.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information