概述
对于存在多个操作系统、网络、服务器、桌面机/便携式计算机、用户、应用程序和数据库的环境来说,变更管理将是一场“持久战”。McAfee Risk Management 解决方案不仅可以处理环境中固有的变更,同时还能引导您正确地执行补丁管理和策略实施,充分减少变更对业务运营的影响。通过不间断的监控和管理,您可以自动接受对环境的有利变更,同时避免有害变更。我们的目标是,充分延长您的系统的正常运行时间,确保用户保持高效。
主要优势
- 减少未授权应用程序带来的风险
拦截恶意应用程序,避免它们带来的风险。用户可能会无意间带入一些能安装恶意软件、导致支持问题或者违反软件许可的软件 — 这些都将影响系统性能和整体的业务运营。McAfee Application Control 可以确保服务器和终端上只能运行可靠的应用程序。 - 实施变更策略和流程
确保仅执行符合流程要求的变更。McAfee Change Control 能够前瞻地阻止对系统执行的超出流程范围的变更以及恶意变更。 - 降低运营成本
借助 Change Control 有效避免未授权变更或不当变更,并减少人工跟踪和描述系统变更所需的工作。通过减少系统停机以及违反安全事项和策略的行为,Change Control 能够帮助企业节省额外的 IT 成本。 - 实现审核与配置评估自动化
通过最新的数据、强大的信息显示板和报告功能以及内置的豁免管理,简化每一步审核与配置流程。 - 确保并维持对 PCI DSS 的遵从性
掌握 POS 基础设施中变更事件的持续信息,更好地遵循 PCI DSS 的要求。借助 McAfee Integrity Control,您可以了解最初发生变更的服务器、变更时间、执行变更的用户、变更方式、文件中发生变更的内容以及变更是否得到批准。 - 简化合规范围
业界首套集成的基于代理和无代理解决方案,可以满足补丁评估、合规报告和风险分析等用途,有助于合规活动实现自动化。
产品
McAfee Total Protection for Compliance
McAfee Total Protection for Compliance 通过行业首款集成的漏洞管理、合规评估和报告以及全面风险管理解决方案,让企业的合规工作更轻松!
McAfee Application Control
McAfee Application Control 可以确保服务器和终端上只能运行可靠的应用程序。它能够减少未经授权软件带来的风险,加强终端控制,降低运营成本,而且可以在不影响性能的前提下增强固定功能系统的作用。
McAfee Integrity Control
McAfee Integrity Control 综合了行业领先的白名单创建功能和变更控制技术,能够确保 POS 系统、ATM 和自助服务终端这类固定功能设备只能运行可信应用程序。
安全管理
McAfee ePolicy Orchestrator
McAfee ePolicy Orchestrator (ePO) 是 McAfee Security Management Platform 的关键组件,也是唯一能够提供终端、网络和数据安全统一管理的企业级软件。凭借可有效缩短事件响应时间的端到端监控和强大的自动化功能,McAfee ePO 软件能够显著增强保护、降低风险和安全管理的成本及复杂性。
服务
事件管理检查
制定更全面、更有效的事件应急响应和管理计划。McAfee Foundstone 将对您事件管理计划中的差距 进行分析,并提供用于提升突发事件应急响应方案的建议。
数据丢失防护评估
检测并防止敏感信息的未授权传输或泄露。 McAfee Foundstone 通过识别被复制的敏感数据或当前正在从其原始预期存储区域传输的敏感数据,来降低您的风险率。
漏洞管理检查
评估您的漏洞管理计划。 McAfee Foundstone 对您的计划进行差距分析,以确保计划中的人、流程和技术三方面维持一个完美平衡。
身份信息窃取红色警示规则服务
符合合规性要求,改善您企业的整体安全状态。 Foundstone 专家将帮助您实施身份窃取防范计划,分析数据流和风险,以及开发用于检测、防止和缓解身份信息窃取的策略。
资源
Risk & Compliance Outlook 2011 (English)
In this global study, independent research firm Evalueserve examines the dynamic risk and compliance market, including the state of the industry, the challenges faced by enterprises, and emerging trends that will impact both consumers and vendors.
社区
博客
- RDP+RCE=Bad News (MS12-020)
Jim Walter - 三月 14, 2012
See March 15 and 16 updates at the end of this blog. —————————————————- The March Security Bulletin release from Microsoft was relatively light in volume. Out of the six bulletins released, only one was rated as Critical. And for good reason. MS12-020 includes CVE-2012-0002. This flaw is specific to the Remote Desktop Protocol (RDP) present on Read more... - An Update on DNSChanger and Rogue DNS Servers
Jim Walter - 三月 06, 2012
In late 2011, the FBI released documents and data focusing on “Operation Ghost Click.” This malicious operation, leveraging a variety of DNSChanger-type malware, was defined by the FBI as an “international cyber ring that infected millions of computers.” Associated malware samples and events can be traced back several years, and multiple platforms were targeted. To this day many remain Read more... - McAfee Q4 Threats Report Shows Malware Surpassed 75 Million Samples in 2011
David Marcus - 二月 21, 2012
Today we released our Fourth Quarter 2011 Threat Report, revealing that malware surpassed the our estimate of 75 million unique malware samples last year. Although the release of new malware slowed a bit in Q4, mobile malware continued to increase and recorded its busiest year to date. Malware The overall growth of PC-based malware actually Read more... - Cultural Security: Promoting Security Policies Using Organizational Culture
Steven Fox - 九月 06, 2011
Most of us refer to security policies in much the same way as we refer to our car manuals – when something unexpected happens. We know these documents have useful information. However, their utility is tied to situations where answers do not present themselves readily. According to Chris Noel, SVP of Product Management at ANXeBusiness, Read more... - Building an Arsenal of Best-in-Breed Database Security Solutions
Eric Schou - 八月 19, 2011
Visit any news site on the Web, and undoubtedly you’ll come across a barrage of articles publicizing the details of yet another data breach. With the prominence of SQL injection attacks, and malicious insiders and hackers exploiting sensitive data stored on unpatched and vulnerable databases, enterprise organizations have found themselves reevaluating their security strategies. Following Read more...