McAfee GTI Reputation & Categorization Services

File Reputation

McAfee Global Threat Intelligence file reputation is McAfee’s comprehensive, real-time, cloud-based file reputation service that enables McAfee products to protect customers against both known and emerging malware-based threats.

McAfee’s cloud-based system receives billions of file reputation queries each month and responds with a score that reflects the likelihood that the file in question is malware. The score is based not only on the collective intelligence from sensors querying the McAfee cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from web, email, and network threat data. The McAfee anti-malware engine — whether deployed as part of an endpoint anti-malware, gateway, or other solution — uses the score to determine action (such as block or quarantine) based on local policy.

Key benefits:

  • Compresses the threat protection time period from days to milliseconds
  • Increases malware detection rates
  • Reduces downtime and remediation costs associated with malware attacks

Web Reputation

McAfee Global Threat Intelligence web reputation is McAfee’s comprehensive, real-time, cloud-based URL and web domain reputation service that enables McAfee products to protect customers against both known and emerging web-based threats.

McAfee’s cloud-based system receives billions of web reputation queries daily and responds with a score that reflects the likelihood that the URL, web domain, or DNS server in question is a phishing site, infected with malware, or otherwise malicious. The score is based not only on the collective intelligence from sensors querying the McAfee cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, email, and network threat data. McAfee products, such as McAfee Web Gateway, use the score in combination with product intelligence to determine action based on local policy. McAfee not only calculates reputations for URLs, but also for domains, their associated IP addresses, and DNS servers.

Key benefits:

  • Protects users from Web 2.0 threats, social engineering, and drive-by malware downloads
  • Increases end-user awareness of online dangers
  • Reduces system and network burden by blocking threats at the network edge

Web Categorization

McAfee Global Threat Intelligence web categorization is McAfee’s comprehensive, real-time, cloud-based URL and web domain categorization service that enables McAfee products to take policy-based action on user web activity as well as protect customers against both known and emerging web-based threats.

McAfee’s cloud-based system has granular categorizations for millions of websites across more than 90 categories. The information is based on the collective intelligence from sensors providing information to the McAfee cloud as well as analysis performed by McAfee researchers and automated tools created by McAfee Labs. McAfee products, including McAfee Web Gateway, use the score in combination with product intelligence to determine action based on local policy. McAfee not only calculates reputations for URLs, but also for domains, their associated IP addresses, and DNS servers.

Key benefits:

  • Protects users from Web 2.0 threats, social engineering, and drive-by malware downloads
  • Safeguards organizations from legal liabilities by blocking inappropriate online content
  • Increases organizations’ employee productivity by blocking unauthorized websites

Message Reputation

McAfee Global Threat Intelligence message reputation is McAfee’s comprehensive, real-time, cloud-based message and sender reputation service that enables McAfee products to protect customers against both known and emerging message-based threats such as spam.

McAfee receives hundreds of millions of email queries daily, takes a fingerprint of the message content (versus the content itself, for privacy reasons), and analyzes it along many dimensions. Message reputation combines with factors such as spam-sending patterns and IP behavior to determine the likelihood that the message in question is malicious.

The score is based not only on the collective intelligence from sensors querying the McAfee cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, web, and network threat data. McAfee products, such as McAfee Email Gateway, use the score to determine action based on local policy.

Key benefits:

  • Protects users from social engineering messages and other message-borne threats
  • Reduces system and network burden by blocking threats at the network edge
  • Safeguards organizations from legal liabilities by blocking messages containing inappropriate online content

Network Connection Reputation

McAfee Global Threat Intelligence network connection reputation is McAfee’s comprehensive, real-time, cloud-based service that combines IP address, network port, and communications protocol to determine granular reputation intelligence, enabling McAfee products to protect customers against both known and emerging network threats.

McAfee collects data from billions of IP addresses and network ports, providing hundreds of trillions of unique views, and calculates a reputation score based on network traffic, including port, destination, protocol, and inbound and outbound connection requests. The score reflects the likelihood that a network connection poses a threat, such as a connection associated with botnet control. The score is based not only on the collective intelligence from sensors querying the McAfee cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, web, and network threat data. McAfee products, including McAfee Firewall Enterprise and McAfee Network Security Platform, use the score to determine action based on local policy.

Key benefits:

  • Protects endpoints from botnets, distributed denial-of-service (DDoS) attacks, command and control activity, advanced persistent threats, and risky web connections
  • Reduces system and network burden by blocking threats at the network edge
  • Decreases downtime and remediation costs associated with network-based attacks