Chet Black, AT&T Senior Technology Security Manager, in global communications giant AT&T’s Central Information Security Office (CISO) had a problem. Every month he attends the review of Microsoft’s “Black Tuesday” Security Bulletins along with others on a cross-functional IT team. At these meetings, Black must report to the team whether or not more than 150,000 desktops are protected from the latest threats, and, if they are not, be prepared to discuss what should be done and when.
“Is McAfee handling this threat or do I need to act?”
Black had deployed McAfee Host Intrusion Prevention (Host IPS) to protect these systems but he still needed to know, within a very short time window, whether McAfee Host IPS was providing coverage against the new threats and what actions, if any, needed to be taken. “With each new threat, I need to know, ‘Is McAfee handling this or do I need to act?,’” explains Black. “And if I need to roll out a patch or undertake some other mitigation effort — how quickly do I need to move?” Black called his dedicated McAfee Service Account Manager (SAM) for help. His SAM pointed Black to two free McAfee services to help solve his problem: McAfee Security Advisory and McAfee Microsoft Security Bulletin webinar.
Threat information that maps directly to McAfee products
Published by McAfee Labs, one of the top-ranked security threat and research organizations worldwide, the McAfee Security Advisory provides up-to-the-minute threat and vulnerability information daily via email. It maps each high-profile threat to protection that McAfee products provide, summarizing threat identifiers, vectors, description, general risk level, vulnerability scoring, and other critical information to help McAfee customers determine risk exposure and mitigation options.
If McAfee Host IPS is already providing coverage against a new threat, the McAfee Security Advisory tells Black no action is required. If not, the Advisory spells out resolution steps to take, such as install the Microsoft-provided patch or enable a specified vulnerability signature.
Threat information that maps directly to Microsoft issues
McAfee Labs’ Microsoft Security Bulletin webinars provide the same coverage information as the McAfee Security Advisory but the information is grouped by Microsoft Bulletin. For the monthly Microsoft Security Bulletin internal reviews at AT&T, Black finds the McAfee webinars particularly helpful because they align with the meeting’s per-bulletin review process. “As I prepare for those monthly meetings, the webinars save me a lot of time,” says Black. “The rest of the month, the ‘by vulnerability’ daily advisory is just what I need.”
"The daily McAfee Security Advisory and monthly McAfee Microsoft Security Bulletin webinars alleviate that tension between risk exposure and resolution. They buy us time to resolve security issues in an orderly fashion."Chet Black
AT&T Senior Technology Security Manager
Proactive information — even when no coverage exists
Black appreciates that the McAfee Security Advisory also informs him if a McAfee product does not provide protection for a given threat. For instance, the Advisory may state that additional coverage for a McAfee product will be provided in .DAT files to be released on a given date, or that coverage is “under analysis.”
“Sure, I’d rather read that no action is required or that all I have to do is take this simple step,” says Black. “But when a McAfee product doesn’t yet provide coverage, I definitely want to know so I can look for other means to mitigate the threat if necessary.”
Time to schedule orderly patch rollouts
“With every security threat or vulnerability, we need to balance the risk and potential impact of exposure with the ability to ensure an error-free patch rollout or other resolution,” says Black. “The daily McAfee Security Advisory and monthly McAfee Microsoft Security Bulletin webinars alleviate that tension between risk exposure and resolution. They buy us time to resolve security issues in an orderly fashion.”
Now, when Black attends those internal “Black Tuesday” review meetings, he can share with confidence whether or not McAfee Host IPS (or any other McAfee product) will protect the company’s 150,000 desktops. He comes armed with the information necessary to determine the most appropriate responses to new threats and vulnerabilities.