概述
McAfee Policy Auditor 通过根据预定义的策略内容计划 IT 控制措施,从而帮助您按照主要行业法规和内部策略准确、一致地报告整个基础架构或特定目标系统的情况。 McAfee Policy Auditor 是一款基于代理的 IT 审计解决方案,它利用安全内容自动化协议(Security Content Automation Protocol,SCAP)来实现内外部 IT 审计流程的自动化。
简化的部署和管理 — 借助 McAfee ePolicy Orchestrator (ePO) 平台不仅可以轻松部署 McAfee Policy Auditor,而且可以简化报告和合规管理流程。
灵活的策略制定 — McAfee Policy Auditor 让您在几分钟内即可创建根据公司管理条例或权威网站(如联邦桌面核心配置计划 (FDCC))设计的新策略。 用于设定数据采集频率的实时审计和控制功能可及时提供合规信息。
预定义的模板和控制 — McAfee Policy Auditor 附有预定义的基准模板,并且可以通过采用能在关键业务期间阻止数据采集的中断时间窗来确保企业的安全。
特点和优势
简化合规性证明流程
使用预置的策略模板避免手动工作,并证明对关键行业法规和内部治理策略的合规性,包括 PCI DSS、SOX、GLBA、HIPAA、FISMA 以及最佳实践框架 ISO 27001 和 COBIT。McAfee Policy Auditor 包括一个专用的 PCI 信息显示板,可按 PCI 要求/控制措施提供合规性状态的综合视图。
首次与 McAfee ePO 和 Vulnerability Manager 实现无缝集成
通过整合终端安全管理和合规管理及简化代理部署、管理和报告,McAfee ePolicy Orchestrator (ePO) 软件有助您降低拥有成本。与 McAfee Vulnerability Manager 的集成使企业能够将代理审核和无代理审核进行整合。
获得最新合规性验证标准
与最新的合规性标准保持一致。已通过美国国家标准与技术研究院(National Institute of Standards and Technology,NIST)认证的安全内容自动化协议(Security Content Automation Protocol,SCAP)可以使各类机构更好地遵从联邦桌面核心配置计划 (FDCC) 标准。
自定义和扩展 McAfee Policy Auditor IT 控制检查
使用受审计系统所支持的任何脚本语言创建规则,以扩展 McAfee Policy Auditor 的检查功能。 这类语言包括 VBScript、batch files、Perl 和 Python。
使用拦截时间窗防止干扰关键业务应用程序
设置数据采集频率,以支持用准确数据自动生成报告。为了防止干扰关键业务应用程序,可设置拦截时间窗,以便在重要业务期间通过 IT 操作来阻止审核数据采集。
快速自动导入行业基准信息
从权威站点下载基准信息。在几分钟内查看详细的安全指南,同时根据安全机构的最佳惯例确认法规遵从要求或制定自己的内部治理策略。
系统要求
操作系统
- Microsoft Windows 7
- Microsoft Windows Vista
- Microsoft Windows XP Pro
- Microsoft Windows 2000 (Advanced/Professional)、Microsoft Windows 2003 (Enterprise/Standard)、Microsoft Windows 2008
- Microsoft Windows XP、Microsoft Windows 2003、Microsoft Windows 2008 R1
- Red Hat Enterprise Linux 3.0
- Red Hat Enterprise Linux (AS, ES, WS) 4.0/5.0/5.1
- MAC OS X 10.4/10.5
- HP-UX (RISC) 11iv1/11iv2
- AIX(Power5、Power6)5.3 TL8 SP5、AIX(Power5、Power6) 6.1 TL2 SP0
演示/教程
McAfee Continuous Compliance (English)
Use a single solution and achieve continuous compliance with McAfee Configuration Control.
McAfee Risk & Compliance (English)
Learn how McAfee Risk and Compliance products scan your entire network, providing complete visibility and ensuring proper protection.
课程
客户案例
Intelsat (English)
Intelsat trusts McAfee to protect user and network devices globally.
产品特色
- Protected a diverse environment from internal and external threats, including the inherent risks of a fluctuating population of 250 to 500 contractors
- Managed the entire server system with 1.5 full-time employees (FTEs)
- Reduced solution cost by 75% over a la carte purchases from separate vendors
- Standardized a security environment that previously required five vendors
- Complied with regulations, including SOX, HIPAA, and Department of Defense (DoD)
James Tower (English)
McAfee keeps James Tower secure and compliant with industry regulations.
产品特色
- Reduced time required to push out the most current security and virus patches to minutes, rather than hours or days
- Used to apply patches, updates, settings, and other security measures consistently across all systems
- Dramatically reduced audit time as well as time to build and maintain servers
- Provided fast, accurate profiling of all systems
- Facilitated decision making through a centralized, consolidated dashboard and robust reporting
Scottrade (English)
Scottrade partners with McAfee to secure customer data.
产品特色
- Eliminated network vulnerabilities and protected customer information
- Improved monitoring and control of workstations and servers via a single management console
- Streamlined and accelerated security management and vulnerability assessment
- Simplified deployment, patches, and upgrades
- Helped Scottrade garner multiple awards for customer satisfaction and IT excellence
新闻/活动
新闻
- McAfee Unveils the First Situational and Risk Aware SIEM (English)
四月 24, 2012主题 : 风险与合规性, 安全管理, SIEM
- McAfee Named a Finalist in 15 Categories of SC Magazine 2011 Awards (English)
十一月 11, 2010主题 : 电子邮件和 Web 安全保护, 风险与合规性
活动
未找到结果社区
论坛
未找到结果博客
- RDP+RCE=Bad News (MS12-020)
Jim Walter - 三月 14, 2012
See March 15 and 16 updates at the end of this blog. —————————————————- The March Security Bulletin release from Microsoft was relatively light in volume. Out of the six bulletins released, only one was rated as Critical. And for good reason. MS12-020 includes CVE-2012-0002. This flaw is specific to the Remote Desktop Protocol (RDP) present on Read more... - An Update on DNSChanger and Rogue DNS Servers
Jim Walter - 三月 06, 2012
In late 2011, the FBI released documents and data focusing on “Operation Ghost Click.” This malicious operation, leveraging a variety of DNSChanger-type malware, was defined by the FBI as an “international cyber ring that infected millions of computers.” Associated malware samples and events can be traced back several years, and multiple platforms were targeted. To this day many remain Read more... - McAfee Q4 Threats Report Shows Malware Surpassed 75 Million Samples in 2011
David Marcus - 二月 21, 2012
Today we released our Fourth Quarter 2011 Threat Report, revealing that malware surpassed the our estimate of 75 million unique malware samples last year. Although the release of new malware slowed a bit in Q4, mobile malware continued to increase and recorded its busiest year to date. Malware The overall growth of PC-based malware actually Read more... - Cultural Security: Promoting Security Policies Using Organizational Culture
Steven Fox - 九月 06, 2011
Most of us refer to security policies in much the same way as we refer to our car manuals – when something unexpected happens. We know these documents have useful information. However, their utility is tied to situations where answers do not present themselves readily. According to Chris Noel, SVP of Product Management at ANXeBusiness, Read more... - Building an Arsenal of Best-in-Breed Database Security Solutions
Eric Schou - 八月 19, 2011
Visit any news site on the Web, and undoubtedly you’ll come across a barrage of articles publicizing the details of yet another data breach. With the prominence of SQL injection attacks, and malicious insiders and hackers exploiting sensitive data stored on unpatched and vulnerable databases, enterprise organizations have found themselves reevaluating their security strategies. Following Read more...