McAfee ePO Deep Command Software Future-Proofs Client Security at Man

Man is a world-leading independent asset manager dedicated to alternative and long-term investing. It offers investors access to a wide range of alternative and traditional investment portfolios that target strong, stable capital growth through the market cycle. Currently, Man has approximately GBP $37.8 billion (USD $59.5 billion) assets under its management. The company is listed on the London Stock Exchange (EMG.L) and is a member of the FTSE 250 Index.

Man refreshed its entire client estate to Lenovo desktops and laptops powered by Intel Core i5 and i7 vPro processors, with Intel Solid-State Drives (Intel SSDs). Tasked with streamlining client support across the organization while maintaining high security, it made a strategic decision to roll out McAfee® ePolicy Orchestrator® (McAfee ePO™) Deep Command software with Intel Active Management Technology (Intel AMT). An early pilot has identified a range of benefits, including enhanced client management and support, reduced operational costs, and improved security and compliance.

Streamlining Support
Man considers IT security of paramount importance. The company pours a huge effort into maintaining security across its IT infrastructure, and, in particular, across the client environment. Man's client engineering team is responsible for platform architecture, governance, and maintenance of high security standards across 2,000 desktops and laptops globally. This includes antivirus protection and security updates, as well as everyday management and troubleshooting. Some of this work is carried out by local support teams, but the vast majority is the responsibility of the client engineering team at Man in London. The team recently began an initiative to streamline client support across the organization.

Using McAfee ePO software with Microsoft System Center Configuration Manager 2007 (Microsoft SCCM), Man was able to carry out the vast majority of management tasks. However, in the face of advanced threats and stricter business requirements, Man found maintaining security to be timeconsuming and costly. The IT support desk had no wake-up functionality on the local area network (LAN), so technicians had to spend evenings or weekends manually turning on each machine for security patches to be deployed. Not only was this time-consuming, it also made it difficult to ensure that all clients were running the most up-to-date patches at the same time, increasing noncompliance and security risk.

Refreshing Change
Ultimately, it was a head office move that prompted Man to reassess its approach to client management. Ian Fraser, head of client engineering at Man, explains, "We saw the move as an ideal opportunity to refresh our infrastructure across the board—from hardware and software to applications. Our clients already had Intel vPro technology, but we'd never activated its remote management capabilities. We were determined to take advantage of this technology following the office move."

Man made a decision to upgrade its entire client environment with Lenovo ThinkCenter M91p desktops and Lenovo ThinkPad X220 laptops powered by Intel Core i7 and i5 vPro processors, as well as Lenovo ThinkPad T420 laptops powered by Intel Core i5 vPro processors. All machines would run a Microsoft Windows* 7 operating system (OS) and feature Intel Solid-State Drives (Intel SSDs. With no moving parts, Intel SSDs offer greater performance and reliability than hard disk drives. Determining which remote management software to use was the next step, and McAfee ePO Deep Command software was the natural choice.

"We were already using McAfee ePO [software] for antivirus management, and it was well-liked," says Fraser. "Also, Intel's recent acquisition of McAfee ensured that McAfee ePO Deep Command [software] is strategically the best option for us, both now and in the future. We have a clear software roadmap and the opportunity to work together with Intel and McAfee to ensure future upgrades fulfills our requirements."

"We were already using McAfee ePO [software] for antivirus management and it was well-liked. Also, Intel's recent acquisition of McAfee ensured that McAfee ePO Deep Command [software] is strategically the best option for us, both now and in the future. We now have a clear software roadmap and the opportunity to work together with Intel and McAfee to ensure future upgrades and fulfill our requirements."

Ian Fraser
Head of Client Engineering, Man

Remote Benefits
McAfee ePO Deep Command software provides secure and remote management access to PCs that may be powered off or disabled. Utilizing Intel Active Management Technology (Intel AMT), a feature of Intel Core vPro processors, the McAfee solution delivers system management beyond the OS. This enables Man to access its client devices regardless of their power states, so security administrators can remotely remediate compromised systems, enabling energy-saving initiatives and the ability to wake systems and apply proactive security.

Intel SCS, from the Intel Software Network, simplifies the provisioning of Intel AMT-enabled desktops and laptops. "Intel worked with us on the setup and configuration of the new machines," says Fraser. "We had to do a small amount of customization to integrate Intel SCS into McAfee ePO [software], but despite this, Intel SCS offers a much more effective and flexible provisioning route than other software solutions."

Since moving into the new headquarters, Fraser and his team have piloted McAfee ePO Deep Command software across 40 machines, enabling them to iron out any issues before deploying across the wider client environment. Man has already identified multiple benefits.

Commanding Security
Man's IT support desk can now remotely schedule systems to wake up and perform tasks automatically without the need for a network connection at the time of the wake. Thanks to the Intel AMT PC Alarm Clock feature within McAfee ePO Deep Command software, the team can now schedule machines to automatically wake up and install security patches after hours. "Previously, we often had to do this during office hours, which meant that the end-user experience was compromised and we couldn't guarantee that all machines were updated, leaving us periodically vulnerable to Trojans and other attacks," says Fraser. "Now we are able to achieve very high patch saturation in one go with limited manual intervention. This improves security and minimizes desk-side visits, enabling us to save time and money."

Man is also able to further reduce desk-side visits, since Intel AMT allows the IT support desk to remotely manage desktops and laptops at the BIOS level. "If one of our users encounters a blue screen, we can now force the machine to reboot so that we can load a troubleshooting OS, such as Microsoft Windows PE or BartPE," says Fraser. "This enables us to rescue important data off the hard drive so that the user can continue to work. In many instances, we can also fix problems remotely, where previously we would have had to send out a technician."

With McAfee ePO 4.6 software, Man will also utilize the demilitarized zone-based gateway component for managing cloud-based devices. "If one of our senior VPs encounters computer problems while working at home, we will be able to access their machine to rescue important files," says Fraser.

Man is also planning to take advantage of Intel KVM technology, which will be integrated into the next version of McAfee ePO Deep Command software. This feature will allow the IT support desk to take control of users' computers from the management console, enabling them to see what's on the monitor even if the OS crashes. "This new feature will allow us to take control of PCs without the need for an additional piece of software, bringing us one step further to centralizing all management tasks through McAfee ePO [software]," says Fraser.

Man expects to see significant time and cost savings thanks to McAfee ePO Deep Command software with Intel AMT, resulting in improved security and compliance and a reduction in remediation activities.

Man

Customer profile

World-leading independent asset manager

Industry

Financial services

IT environment

Intel-powered Lenovo desktops and laptops

Challenge

Streamline client support while maintaining high security and compliance

McAfee solution

McAfee ePO Deep Command software with Intel AMT

Results

  • Secure and remote access to computers, delivering management beyond the OS
  • Simplified provisioning of desktops and laptops
  • Ability to remotely wake up computers enables high patch saturation after hours
  • Remote diagnosis and remediation at BIOS level reduces desk-side visits, saving time and money
  • Clear software roadmap ensures that future McAfee ePO Deep Command software upgrades meet Man's requirements