Cyber Readiness

A common operating picture across all networks to enhance situational awareness and cyber resilience

Next Steps:

Overview

Readiness requires continuous awareness of what assets and data are on the network and what is going on inside and outside the network — right now. It depends on a common operational picture: visibility and situational awareness across defense and tactical networks, comparison of internal activity and external activity on similar networks, and knowledge of restricted and unrestricted networks away from the battlefield.

Digital dependence breeds vulnerabilities that can be exploited by criminals, hackers, hacktivists, and well-resourced nations and non-state organizations. Readiness involves understanding the enemy — cybercrime. Knowing how hackers operate, what they are after, and the impact they can have on your network will help with your preparedness.

Overcome obstacles — A single picture can be difficult for organizations using compartmentalized controls and processes. For example, defense networks, especially military networks, rely on responsiveness and rapid access to data. Users and administrators perceive standard process-heavy security controls to be obstacles to agility. For this reason, many tactical systems are exempt from security audits and excluded from traditional risk management. Complicating change, stakeholders often hesitate to relinquish control over their cyberenvironments. However, weak controls and siloed systems prevent timely action against advanced targeted attacks and data breaches, including insider threats.

View a complete operational picture — McAfee cyber readiness solutions enable a continuous understanding of the entire protected network and the ability to assess risk dynamically across three key dimensions: on the network (network devices, endpoints, users, and data), inside the network (behavior), and outside the network (threat intelligence). McAfee combines solutions for discovery, prevention, detection, response, and audit within a centralized management console enriched with threat intelligence feeds. Collectively, these solutions help detect and remediate threats sourced from inside and outside the network — even advanced stealth attacks and zero-day threats.

Act on intelligence — An extensible data collection and monitoring framework within McAfee solutions fuses machine-to-machine (M2M) and threat intelligence with IT and mission data from endpoints, servers, databases, and applications — including network and system logs. These data streams feed rich analytics that support a proactive risk management posture: continuous monitoring, assessments, and forensic investigations on a large scale. They provide cyber readiness across the cybersecurity battlefield — on the front lines and throughout the networks that enable the mission behind the scenes.

Key Benefits

  • Silently detect and monitor assets as they traverse your networks
    Passively discover and monitor assets (endpoints and servers), devices, applications, and data moving onto and between domains to reduce the chance of network disruption, data loss, and compliance violations — without intruding on operations or affecting battle command system performance.
  • Build continuous asset intelligence
    Understand your true risk posture through a complete inventory of assets with an up-to-date assessment of each device’s vulnerability, behavior, configuration, active countermeasures, and impact on your state.
  • Collect machine-to-machine intelligence from every source
    Use a proven, scalable, and standards-based framework to capture the data required for consistent, holistic situational awareness spanning from secret and enterprise networks to battle command systems and tactical combat systems. Every component of the network is a producer and consumer of intelligence, creating a smarter, connected ecosystem that uses its own network as an intelligence source. This intelligence combines with indicators from other networks worldwide to help you pinpoint relevant internal and external activity that affects risk.
  • Facilitate data protection
    Use pre-integrated systems and policy-based enforcement from McAfee and TITUS to efficiently identify, classify, label, catalog, monitor, and control sensitive data throughout your network.
  • Construct a resilient system
    Strengthen your ability to withstand attacks or failures and re-establish quickly. McAfee provides robust defense in the face of motivated persistent hackers, so you can cope with unknowns.
  • Link cyber risk to overall mission risk decisions
    Incorporate local asset intelligence and global threat intelligence in decision making to manage risk more intelligently and confidently based on a complete, contextual, and accurate view of dynamic assets, risks, and countermeasures in IT and operational networks.
  • Centralize security data and operations to speed assessment and inform response
    Streamline device management, threat monitoring, real-time analysis, and forensic investigation within a “single pane of glass” environment that includes data mined from network and system logs. Use tools to automate tactical processes so your team can focus on the events that matter most.
  • Integrate management and reporting across systems and vendors
    Connect your cyber-ready environment to higher-level decision support systems, external data sources, and third-party solutions to facilitate decision-making under pressure while improving operational efficiency.

Products

Data Protection

McAfee DLP Discover
McAfee DLP Discover

Uses advanced network crawling technology to index sensitive data stored anywhere on your network and allows you to mine this information to quickly understand your sensitive data, how it is used, who owns it, and where it has proliferated.

McAfee DLP Endpoint
McAfee DLP Endpoint

Protects against insider threats. Recognizes TITUS metadata markings on any document and can use these markings as well as “fingerprints” to control the movement of sensitive data to removable devices or through email messaging (takes action such as release, block, restrict, or encrypt).

McAfee DLP Prevent
McAfee DLP Prevent

Enforces data policies within domains and across Internet, enterprise, and partner boundaries to help prevent data loss and misuse. Integrates with McAfee Email Gateway and McAfee Web Gateway to block leakage or theft of sensitive and TITUS-marked data through protocols including HTTP, IMAP, and FTP.

Database Security

McAfee Database Activity Monitoring
McAfee Database Activity Monitoring

Provides predefined defenses and threat monitoring to secure database applications against exploitation and misuse. Works with McAfee ePolicy Orchestrator to improve data readiness through centralized policy management and event collection. Can discover and identify critical repositories.

McAfee Vulnerability Manager for Databases
McAfee Vulnerability Manager for Databases

Scans the network for databases and also uses preset patterns to identify tables containing restricted information. Determines if the latest patches have been applied, tests for weaknesses, and then prioritizes and recommends remediations.

Network Security

McAfee Next Generation Firewall
McAfee Next Generation Firewall

Meets the complex, high-performance needs of demanding data centers and distributed enterprises, with innovative evasion prevention, centralized management, and built-in high availability and scalability.

Risk and Compliance

McAfee Vulnerability Manager
McAfee Asset Manager (part of McAfee Vulnerability Manager)

Passively monitors network traffic to detect and characterize devices hidden on your network as well as smartphones, tablets, and laptops that come and go between scheduled scans, updating the asset database in McAfee ePO.

McAfee Policy Auditor
McAfee Policy Auditor

Checks and reports endpoint compliance using an agent integrated with McAfee ePO.

McAfee Risk Advisor
McAfee Risk Advisor

Works with McAfee Policy Auditor, McAfee Vulnerability Manager, and McAfee ePO to dynamically correlate threat, vulnerability, and countermeasure information across systems, data, and applications. This continuous monitoring helps you pinpoint at-risk assets, direct resources, and optimize patching. Risk assessments feed into McAfee Enterprise Security Manager for a unified view.

McAfee Vulnerability Manager
McAfee Vulnerability Manager

Using traditional active scanning plus the passive monitoring of the McAfee Asset Manager feature, this appliance delivers unrivaled scalability and performance that can keep track of the presence, configurations, and potential weaknesses of every asset and device on your network.

Security Management

McAfee ePolicy Orchestrator (ePO)
McAfee ePolicy Orchestrator (ePO)

Centrally manages endpoint security and data usage controls, providing a view of host state information alongside active countermeasures. Integrates with McAfee Enterprise Security Manager and third-party products to provide real-time visibility into asset inventory, risk, and cyber readiness.

SIEM

McAfee Enterprise Security Manager
McAfee Enterprise Security Manager

Provides a common operational dashboard and rich, high-speed analytics that promote early threat detection and forensic readiness. Scales to absorb vast and varied data feeds — from asset and threat intelligence to machine-to-machine, network, and system logs — which it correlates with other security-related events to present a unified and coherent picture of risk.

Related Partners

  • Solera Networks
    Offers full network forensics, analytics, and data retention for breach and forensic readiness. Solera Networks products can feed network logs into McAfee Enterprise Security Manager, adding these network data sources to the system logs of McAfee Enterprise Log Manager to give investigators rapid access to required data to assist response in the event of a breach.

Resources

Brochures

Security Connected for Public Sector: Situation Under Control

Through its optimized, connected security architecture and global threat intelligence, learn how McAfee delivers security that addresses the needs of the military, civilian government organizations, critical sectors, and systems integrators.

Solution Briefs

Continuous Diagnostics and Mitigation

McAfee offers a comprehensive security portfolio that maps directly to the Continuous Asset Evaluation, Situational Awareness, and Risk Scoring (CAESARS) reference architecture. Learn how McAfee solutions encompass support for all subsystems, including sensor, database, presentation/reporting, and analysis/risk scoring.

Identify Sensitive Data and Prevent Data Leaks

The interoperability between TITUS Document Classification software and McAfee Data Loss Prevention (DLP) further reduces your risk of data loss by capturing end users’ inherent knowledge about the sensitivity of documents and making that information available to McAfee host and network-based DLP as visual classification labels and corresponding metadata.

Achieve Resilient Cyber-Readiness

Learn about the three cyber-readiness solution requirements: continuous asset intelligence, risk assessment across IT and operational assets, and integration with computerized decision support systems.

Operationalize Intelligence-Driven Response

Learn about the three frameworks required for intelligence-driven response to be effective — decision, detection, and analysis.

See Network Threats to Prevent Future Attacks

Solera Networks, a platform for network security analytics, provides full context to any security event identified by the McAfee Network Security Platform.

Real-time Threat Detection for Defense in Depth (DiD) and Information Assurance

McAfee delivers comprehensive network intrusion prevention to protect the Army's network.

Technology Blueprints

Assess Your Vulnerabilities

McAfee integrates data and processes to make vulnerability management more effective and efficient. Our approach combines asset discovery and management, comprehensive vulnerability scanning, flexible reporting, and remediation workflows into a single vulnerability assessment solution.

Succeed at Data Readiness

McAfee works closely with a partner, TITUS, to provide resilient data governance solutions that enable government customers to meet regulatory requirements, prevent sensitive data leakage, monitor user compliance, and respond quickly to security incidents.

Achieve Situational Awareness

The McAfee solution has two primary components: McAfee ePolicy Orchestrator (McAfee ePO) software and McAfee Enterprise Security Manager, with additional integrations to extend visibility and control across the entire security and compliance management environment.

Look Inside Network Traffic

The McAfee solution has two primary components: McAfee Firewall Enterprise and McAfee Network Security Platform. The McAfee Firewall and the IPS appliance both have add-on features that can optimize your visibility into the network. McAfee SIEM and other optional products help extend visibility and analytics to more aspects of network traffic.

White Papers

Evolving HBSS to Protect and Enable the Modern Warfighter’s Mission

This paper will examine the future of HBSS and make measurable, tangible recommendations to not only increase overall security and capabilities, but also to lessen the management burden, lower the overall total cost of ownership, allow for better results, particularly in D-DIL environments, and allow JIE real-time operational control over HBSS assets.

Strategies to Mitigate Targeted Cyber Intrusions McAfee Capabilities

Strategies to mitigate targeted cyber institutions are mapped to McAfee capabilities — addressing the Top 35 Mitigation Strategies from the Australian Defence Signals Directorate (DSD).

Community

Blogs

Threats and Risks