McAfee Total Protection for Compliance

McAfee Total Protection for Compliance

IT ポリシーの監査とリスク管理の統合で、コンプライアンス対応を簡単に

概要

McAfee Total Protection for Compliance は、エージェントベースとエージェントレスの技術を使用して、管理対象システムと管理対象外システムの監査、評価、報告を行います。IT 監査の所要時間を数週間から数日に短縮できます。

Total Protection for Compliance スイートは、McAfee Policy Auditor for Desktops、McAfee Vulnerability Manager、McAfee ePolicy Orchestrator (ePO)、McAfee Labs Global Threat Intelligence service、McAfee Risk Advisor から構成されたリスク管理ソリューションです。

セキュリティに対する投資の最適化 - この統合ソリューションでは、脅威、脆弱性、対応策の情報を組み合わせて、真に危険な資産をピンポイントで特定します。勘や経験に頼らず、対策が必要な場所を特定できるので、時間を短縮し、コストを削減できます。

統合された IT ポリシー監査による総合的な保護 - 1 つのソリューションで、様々なデバイスとデスクトップにポリシーを定義し、評価することができます。Total Protection for Compliance では、個別のプロセスを実行するのではなく、重要なツールを統合することで処理を効率化し、非対応状況を短い時間で解消できます。

テクノロジの統合 - エージェント ベースのスキャン、エージェントレスのスキャン、レポート機能が統合されています。ホスト システムのスナップショットを自動的に生成し、ポリシーを詳しく分析できます。 Total Protection for Compliance では、ネットワークのコンプライアンスからアカウント、ファイル、ネットワーク、システムに対するアクセス ポリシーを設定できます。

包括的なサポート - PCI DSS、SOX、FDCC。FISMA、HIPAA などの対応状況を評価し、報告できます。

コンプライアンス作業の簡素化 - カスタム ポリシーと検査により、特定のグループの資産を対象に検査を実行したり、テンプレートを選択して監査を実行できます。

特徴・利点

セキュリティとコンプライアンスの一元管理でコストを削減

McAfee ePolicy Orchestrator (ePO) により、リスクとコンプライアンスを自動化し、一元管理できます。この共有プラットフォームを使用して、システム セキュリティの配備と管理を行います。また、エージェント ベースのシステムとエージェントを使用しないシステムの対応状況を報告します。ポリシー ベンチマークを定義して選択し、異なるタイプの資産に適用できます。

監査時間の短縮

ホストとネットワーク システムの両方で、手間のかかる監査タスクを自動化します。内部レポートを外部監査で使用できます。

リアルタイムで正確なコンプライアンス

XCCDF や OVAL などのベンチマークを使用して、法規制に対する対応状況を評価できます。内部監査と外部監査で常に最新のデータを使用できます。

新しい情報で保護状態を評価

脅威情報と脆弱性、配備された対応策を関連付けることで、リスク状況を把握し、緊急性の高い修復箇所を特定できます。

セキュリティ製品の投資効果を分かりやすく表示

脅威を具体的に示しながら、多層型防御のメリットを説明できます。

運用効率の向上

危険な状態の重要資産と脅威を関連付ける作業は時間と手間のかかるプロセスです。これらのプロセスを自動化することで、パッチ適用のコストを削減できます。

システム要件

システム要件については、個々の Web ページをご覧ください。

McAfee ePolicy Orchestrator (ePO)

McAfee Policy Auditor

McAfee Vulnerability Manager

ニュース/イベント

リソース

FAQ

McAfee Total Protection for Endpoint Suite (英語)

Suite End-of-Life (EOL) and Auto-Migration Q&A

McAfee Client Proxy (英語)

This technical FAQ covers web protection for the mobile workforce.

インフォグラフィック

Improved healthcare shouldn't come with increased risk. (英語)

This infographic highlights the benefits and risks of the IoT in healthcare devices.

IDC Business Value Snapshot

This snapshot of the IDC white paper "The Business Value of Network-Based Intrusion Prevention Systems," provides key data about McAfee Network Security Platform performance.

ソリューション概要

The 1-2-3- Security Approach for Windows Server 2003 EOS (英語)

End of Support for Windows Server 2003 is approaching, but that doesn’t mean your business has to lack security. Learn about the three migration paths available to remain compliant and secure.

Embrace Public Clouds with Confidence (英語)

Gain all of the benefits of public cloud services without compromising security. Learn how to secure your servers wherever they are with McAfee Public Cloud Server Security Suite.

McAfee Next Generation Firewall — Securing global healthcare networks (英語)

Learn how McAfee Next Generation Firewall secures global healthcare networks with the highest level of network defense while enabling greater efficiency and cost savings.

McAfee Next Generation Firewall — Securing global retail networks (英語)

Discover how McAfee Next Generation Firewall provides a high level of network protection for global retail environments across multiple geographic locations.

Advanced Threat Defense for SIEM (英語)

When advanced detection solutions, known as sandboxes, collaborate with SIEM solutions, enterprises can better understand and respond to unknown, advanced attacks. McAfee Advanced Threat Defense and McAfee Enterprise Security Manager work in concert to extract relevant data from advanced malware and dramatically reduce time to response by minimizing uncertainty and accelerating remediation.

Management of Native Encryption (英語)

With the rapid increase of PCs, tablets, and other devices in the enterprise environment, it’s critical to ensure that sensitive data is secure, and one of the best ways to achieve it is with encryption. Intel Security data protection solutions offer a variety of encryption capabilities and solutions to cover both Windows and Apple devices.

望ましくない進化

Learn how to protect against polymorphic worms like W/32Worm-AAEH.

モバイル アプリの 脆弱なSSLに対する 攻撃を阻止する

Many mobile apps are vulnerable to man-in-the-middle attacks. Learn how to protect against them.

Defeating the Angler Exploit Kit

The Angler exploit kit has become one of the most popular and powerful attack kits. Learn how to protect against it.

Protecting Against Potentially Unwanted Programs

PUPs are applications that have legitimate uses but have functions and behaviors that can be exploited against the user without the user’s consent. Learn about PUPs and how to contain them.

McAfee Threat Intelligence Exchange and Endpoint Protection (英語)

McAfee Threat Intelligence Exchange delivers innovative endpoint protection with a system that adapts and learns from threat encounters, and immediately neutralizes emerging attacks.

A Well-Connected Sandbox (英語)

A well-connected sandbox that is integrated from the network edge to endpoints is one of the most effective defenses against today’s constantly morphing and evasive advanced threats. This brief explains how McAfee Advanced Threat Defense, when integrated with other Intel Security solutions, provides an effective defense against zero-day threats.

データシート

McAfee Endpoint Protection for OEMs (英語)

For a technical summary on the McAfee product listed above, please view the product data sheet.

Building Secure Software (英語)

For a technical summary on the McAfee service listed above, please view the data sheet.

Enterprise Log Manager

上に表示されているマカフィー製品の技術概要は製品データシートをご参照ください

McAfee Network Security Platform (NS-Series)

上に表示されているマカフィー製品の技術概要は製品データシートをご参照ください

McAfee Public Cloud Server Security Suite

For a technical summary on the McAfee product integration listed above, please view the product data sheet.

McAfee Security Information and Event Management (SIEM) Administration (英語)

McAfee MOVE AntiVirus

上に表示されているマカフィー製品の技術概要は製品データシートをご参照ください

Avionics Security Assessment (英語)

The McAfee Foundstone Avionics Security Assessment — part of the Intel Security product and service offering — is designed to give you peace of mind that your avionics network is analyzed and fortified to reduce risk.

Embedded Systems Assessment (英語)

The McAfee Foundstone Embedded Systems Assessment — part of the Intel Security product and service offering — is designed to reduce risk by discovering security vulnerabilities in your embedded systems. It’s based on a proven methodology used by skilled consultants trained to analyze the critical components of any embedded system.

McAfee Content Security Reporter (英語)

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Endpoint Protection Suite (英語)

For a technical summary on the McAfee product listed above, please view the product data sheet.

ブローシャ

Protect, Detect, Correct: Security Connected for Healthcare Providers (英語)

The Security Connected framework enables healthcare providers to operate more successfully and securely in their complex, heterogeneous environments. This approach helps healthcare providers take charge and secure sensitive data; safely embrace web portals, web services, and mobile devices; leverage situation awareness to better manage security incidents; and maintain compliance with strict industry mandates and regulations.

McAfee Product Entitlement Definitions (英語)

This document contains legal definitions that apply to McAfee products and solutions.

ホワイトペーパー

Best Practices for Dealing with Phishing and Next-Generation Malware (英語)

To combat phishing attempts and next-generation malware, organizations of all sizes should consider a variety of issues related to security. This Osterman white paper shows trends in how malware infiltrates organizations, efficacy of security technology and user training, and a variety of actions that organizations should undertake.

Best Practices for Migrating to Office 365 (英語)

This white paper is intended to help decision makers understand the implications of migrating to Microsoft Office 365 and offers practical advice for doing so. It also provides data from a survey of current and prospective Office 365-enabled organizations conducted specifically for this white paper in March 2015.

Securosis: Applied Threat Intelligence (英語)

One of the most compelling uses for threat intelligence is helping to detect attacks earlier. Examining for attack patterns identified via threat intelligence in your security monitoring and analytics processes shortens the window between compromise and detection. This Securosis white paper focuses on how to use threat intelligence to improve your ability to detect, prevent, and investigate attacks.

Protecting Mobile Devices from Malware Attack — An Osterman Research White Paper (英語)

How can you protect your employees’ computers against malware attack regardless of their location? How can you enforce acceptable usage policies for employees located remotely or mobile? The best way to protect against web threats is to redirect all web traffic through a proxy or web gateway that can block blacklisted or unsuitable sites, filter malware downloads, and enforce rules preventing sensitive data from being lost. In this white paper, Osterman Research describes the four ways to reroute web traffic from a mobile device or remote computer through a gateway, and highlights the strengths and weaknesses of each approach.

Secure Coding for Android Applications (英語)

More than one billion Android devices have been activated to date, and it’s estimate that 1.4 million devices are activated per day. The rapidly increasing popularity of this mobile OS demands that developers understand how to create secure Android applications. This white paper focuses on secure coding practices for Android applications.

PCI Guidance: Microsoft Windows Logging (英語)

This paper discusses what is involved in establishing logging for Microsoft Windows systems, and discusses how those settings will also be useful in detecting system anomalies that could be indicative of system misuse or even a system breach.

Securosis: Leveraging Threat Intelligence In Incident Response/Management (英語)

To contain an advanced attack you need to respond faster and smarter. Focusing on shortening the window between attack and detection, coupled with a solid plan to contain and remediate an attack provides the best chance to overcome the attack. This is one of the key pieces of knowledge for security experts.

The Business Value of Using McAfee IPS — IDC (英語)

In this white paper, leading market intelligence firm IDC provides a compelling view of the business value and benefits gained from using McAfee Network Security Platform. Derived from in-depth interviews with existing McAfee IPS customers, the report data shows how an IPS can provide cost and time savings across an organization.

Signature-less IPS: Secure Beyond the Signature (英語)

Learn how the McAfee signature-less intrusion prevention system (IPS) technology is changing the way malware is detected and blocked. Signature-based detection provides an important foundation for intrusion inspection, but a layered signature-less architecture greatly enhances malware detection and reduces the risk. Read about the seven signature-less detection methods McAfee offers and how they are transforming IPS.

Beyond Layer-7 Visibility: A Simpler Path to Endpoint Intelligence (英語)

Security products with layer-7 visibility are great. But in order to dramatically improve your understanding of security events, you need to extend your vision to the specific application processes responsible for initiating a connection. It’s something we call Beyond Layer-7 Visibility.

レポート

Throughput and Scalability Report McAfee NGFW 5206 — Miercom (英語)

Independent testing lab Miercom performed comprehensive throughput and scalability testing on the McAfee NGFW 5206 appliance. Testing was performed with application control, deep packet inspection, antivirus enabled, and in configurations of one to four clusters.

ESG Lab Validation Report: McAfee Next Generation SIEM (英語)

ESG Lab focused on the McAfee Enterprise Security Manager (ESM), the core product of McAfee’s end-to-end solution for addressing comprehensive threat detection and remediation. Testing was designed to explore how the solution accurately detects advanced threats using a layered approach, the speed and effectiveness of responding to an attack, and the operational efficiencies of this integrated solution.

ESG Report: Tackling Attack Detection and Incident Response (英語)

This report examines organizations’ security strategies, cyber-attack environments, incident response challenges and needs. A survey found that security professionals are inundated with security incidents and struggle with timely identification and resolution of targeted attacks. A lack of visibility into user and network activity, shortage of investigative skills and experience, and poor security analytics capabilities are key factors in slowing organizations’ response to incidents.

検出が困難な: ポリモーフィック型 ボットネット

This in-depth report discusses the polymorphic worm W/32Worm-AAEH, the control infrastructure behind it, and what it took to take it down.

SANS Data Center Server Security Survey 2014 (英語)

Learn how organizations are tackling the difficult problem of data center security, as well as the best practices for meeting data center compliance demands while reducing overall risk and management complexity.

Gartner Digital Newsletter: Best Practices Against Advanced Threats (英語)

The newsletter includes access to Gartner research ‘Five Styles of Advanced Threat Defense’ and discusses how Intel Security solutions help organizations with every aspect of their advanced threat defense strategy and has uniquely integrated them to provide a powerful security platform.

The Healthcare Internet of Things: Rewards and Risks (英語)

This report makes the case that industry must build security into healthcare devices and networks from the outset rather than as an afterthought.

レポートサマリー — 医療業界におけるIoT: メリットとリスク

医療機器に最初からセキュリティを組み込む必要性

McAfee脅威レポート:2014年第4四半期

マカフィー製品の様々なレポートを掲載しています。詳細は上のリンクをご参照ください。

Hacking the Human Operating System (英語)

This in-depth report examines social engineering as an attack vector. It details the psychological levers employed by social engineers to influence victims, communication channels used for attacks, and controls businesses should establish to reduce risk.

人の心理や行動を悪用 するハッキング — エグゼクティブサマリー

ソーシャル エンジニアリングの脅威は蔓延しています。サイバー犯罪者は、ソーシャル エンジニアリングで 不正に情報を入手し、犯罪行為に利用しています。この脅威に対処するには、ソーシャル エンジニアリングの特性をよく理解する必要があります。攻撃者、手口、リソースなどを把握し、リスクを回避するための手段を講じる必要があります。