McAfee Vulnerability Manager

McAfee Vulnerability Manager

La detección de activos en tiempo real, los análisis basados en riesgos y el rendimiento se combinan para realizar una monitorización permanente de activos

Próximos pasos:

Descripción general

McAfee Vulnerability Manager, con su función McAfee Asset Manager, proporciona una escalabilidad y un rendimiento incomparables, y examina de forma pasiva o activa todo lo que hay en la red. Ahora ya puede detectar los dispositivos que hay ocultos en su red, así como los teléfonos inteligentes, las tabletas y los laptops que entran y salen de la red entre las exploraciones programadas. Se quedará sorprendido de todo lo que ha pasado sin ser visto ni analizado, y que podría estar poniendo en peligro el cumplimiento normativo de su organización. Millares de empresas confían en Vulnerability Manager para encontrar y priorizar rápidamente las vulnerabilidades, con instalaciones que abarcan desde unos cuantos centenares de nodos a uno, que analizan continuamente más de cuatro millones de direcciones IP. Si la vulnerabilidad tiene una dirección IP o está utilizando su red, Vulnerability Manager puede descubrirla y evaluarla, de forma automática o según una programación, y mostrar el grado de cumplimiento de todos los activos de su red.

Vulnerability Manager le ofrece:

Auditoría y remediación según prioridad: combina información de vulnerabilidad, gravedad e importancia de los activos para identificar, calificar y enfrentar con rapidez las infracciones y vulnerabilidades de sistemas y dispositivos en red.

Protección activa y pasiva de la red: combina la localización y la monitorización activas y pasivas de la red, y descubre los dispositivos virtualizados, móviles u ocultos que hay en ella.

Prueba de “no vulnerable”: una exigencia importante de los auditores es probar que usted no es vulnerable a las amenazas, lo que constituye un atributo significativo de McAfee Vulnerability Manager.

Identificación y correlación de amenazas nuevas: califica automáticamente el riesgo potencial de las amenazas nuevas al correlacionar eventos con sus datos de activos y vulnerabilidades.

Auditoría de políticas y evaluaciones de cumplimiento: define valores de verificaciones de políticas y determina si su organización cumple con las principales regulaciones. Mediante un asistente fácil de usar, le proporciona plantillas para SOX, FISMA, HIPAA, PCI y más.

Generación de informes flexible: categoriza los datos por activo o red y utiliza filtros poderosos para seleccionar y organizar los resultados en sus informes. Incluso puede crear informes mientras se están ejecutando los escaneos.

Cobertura de contenido amplia y detallada: realiza verificaciones autenticadas y no autenticadas, que McAfee Labs, el principal centro de investigación de amenazas del mundo, actualiza automáticamente en forma constante. Esto le ayuda a profundizar en los sistemas operativos y dispositivos de red para encontrar vulnerabilidades e infracciones a las políticas.

2014 ESG Lab Review: McAfee Vulnerability Manager Earns Strong Evaluation
Gartner MarketScope for Vulnerability Assessment: McAfee rated Strong Positive

Características y beneficios

Analice en profundidad las aplicaciones Web

Realice análisis exhaustivos de las aplicaciones web que le permitirán conocer los puntos en los que debe centrar sus esfuerzos de programación antes de que los hackers puedan hacerse con los datos cruciales de su empresa. Estos análisis incluyen las verificaciones exigidas por la PCI, además de cubrir las categorías OWASP Top 10 y CWE-25 de 2010.

Inicie el escaneo en minutos

Escoja una opción de instalación todo en uno o personalizada en su hardware físico o virtual o en sus dispositivos reforzados; use los sistemas de administración de activos LDAP, Active Directory o McAfee ePolicy Orchestrator (ePO) existentes o permita que el primer escaneo descubra sus activos.

Señala las vulnerabilidades y las infracciones de políticas con el máximo nivel de precisión.

A través de la monitorización activa y pasiva, las pruebas de penetración, las comprobaciones autenticadas y no autenticadas, McAfee Vulnerability Manager analiza con precisión todo lo que hay en la red y hace más fácil que nunca la administración completa de vulnerabilidades.

Utilice contenido completo y personalizable para verificaciones e informes

Ahorre horas con soporte de SCAP y plantillas de políticas predefinidas y actualizadas. Nuestras verificaciones extensivas validan la alineación con los requisitos federales y regulatorios y escribe scripts y verificaciones personalizados para probar sistemas propios y heredados.

Cumpla con los exigentes requisitos federales e industriales

Certifique el cumplimiento de los Criterios comunes de EAL y valide con cifrado FIPS-140-2. McAfee Vulnerability Manager incluye plantillas para las plantillas y normas de cumplimiento más populares.

Obtenga protección de vulnerabilidades, precisión de escaneo y protección de malware incomparables

Trascienda a los puertos y configuraciones para inspeccionar sistemas, bases de datos y aplicaciones en todos los activos en red, desde teléfonos inteligentes hasta servidores seguros.

Aumente la flexibilidad y el rendimiento

Personalice su implementación, escaneos, generación de informes y consolas de administración, sin importar si centraliza o segrega sus operaciones, con la velocidad necesaria para redes de incluso múltiples millones de nodos.

Pruebe ser “no vulnerable” a las amenazas

Genere evidencia concluyente (como resultados de escaneo esperados y reales, cualquier sistema no escaneado y cualquier escaneo archivado) para documentar que los sistemas específicos “no son vulnerables”, una exigencia de auditoría cada vez más común.

Responda ante amenazas mediante Inteligencia de amenaza global de McAfee

Aproveche los millones de sensores en todo el mundo que dirigen a cientos de investigadores de McAfee Labs hacia los cambios más recientes en el panorama de amenazas, lo que potencia evaluaciones de riesgo y advertencias de amenazas en tiempo real.

Requisitos del sistema

Software Vulnerability Manager
Implemente Vulnerability Manager como software en su propio hardware o en un entorno virtualizado. La implementación del software tiene los siguientes requisitos mínimos:

  • Hardware
    • CPU: x86 de núcleo múltiple, de 2 GHz o más (se recomienda de núcleo cuádruple)
    • RAM: 2 GB como mínimo (4 GB recomendando)
    • Espacio en disco: 80 GB como mínimo (200 GB para base de datos)
  • Host virtual
    • VMware Virtual Infrastructure 3, vSphere (ESX/ESXi)
    • VMware Workstation
  • Sistema operativo
    • Microsoft Windows 2003 Server (32 bits) con Service Pack 2 (SP2) o superior
  • Base de datos
    • Microsoft SQL Server 2005 con SP2 o superior (cualquier edición)
    • Todos los hotfixes y parches de SQL

Dispositivo Vulnerability Manager MVM3100
Escoja este dispositivo de propósito específico reforzado para obtener una implementación aun más rápida y sencilla. Incluye todos los componentes de software necesarios y una base de datos empresarial. La implementación de hardware tiene los siguientes requisitos mínimos:

  • Hardware
    • Chasis de montaje de 1U
    • Xeon de núcleo cuádruple
    • 4 GB de RAM
    • RAID 1 de 2 x 500 GB
    • Fuentes de suministro de energía redundantes
    • Administración automatizada
    • Puertos de escaneo de 4 GbE (compatibles con VLAN)

Demostraciones / Tutoriales / Videos

Demostraciones

See how McAfee Asset Manager easily detects the presence of a new smartphone on a wireless network and interacts with McAfee Vulnerability Manager to instantly scan the device.

Learn how McAfee Vulnerability Manager can continuously discover, evaluate, and monitor evolving risks from devices on your network.

Learn how McAfee Risk and Compliance products scan your entire network, providing complete visibility and ensuring proper protection.

Tutoriales

This video introduces you to the new vulnerability check editing/creation feature in McAfee Vulnerability Manager.

This video shows you how to create a vulnerability check, looking for a software application version installed on a Windows machine.

For guidance on how to use this McAfee product, watch the Quick Tips video listed above.

This collection of Quick Tips videos details some of the key features of McAfee Vulnerability Manager, including custom reports, asset discovery, and remediation workflow.

Vídeos

McAfee Vulnerability Manager, with its McAfee Asset Manager feature, delivers unrivaled scalability and performance, actively or passively canvassing everything on your network.

Premios y críticas

Análisis de un millón de direcciones IP con McAfee Vulnerability Manager

ESG Labs realizó una prueba práctica de la aplicación McAfee Vulnerability Manager MVM3100. Infórmese con más detalle sobre Vulnerability Manager y su facilidad de implementación y eficiencia para adaptarse a grandes redes, con una muestra de vulnerabilidades observadas y con lecciones para los equipos corporativos encargados de la seguridad.

Gartner MarketScope para la evaluación de vulnerabilidades

"McAfee Vulnerability Manager evalúa la configuración de seguridad sin agente, y se integra con los agentes de McAfee Policy Auditor para cumplir con la STIG de DISA, NSA, FDCC y los controles CIS. McAfee Vulnerability Manager gestiona los activos de manera flexible, notifica las correcciones y cuenta con funcionalidades de flujo de trabajo."

Análisis de McAfee Vulnerability Manager

En la evaluación independiente realizada por S3KUR3 Inc., McAfee Vulnerability Manager recibió los siguientes comentarios: "Ninguna otra solución combina la flexibilidad, las capacidades de análisis exhaustivo y las potentes funcionalidades de corrección en un único paquete".

Premio de SC Magazine a la mejor relación precio-calidad
Vulnerability Manager recibe la calificación “mejor relación precio-calidad” de SC Magazine

McAfee Vulnerability Manager es una poderosa herramienta basada en dispositivos que ofrece evaluación de vulnerabilidad, pruebas de penetración y escaneo de aplicaciones Web junto con detección de dispositivos no permitidos y capacidad de complemento con LDAP (Lightweight Directory Access Protocol) y Microsoft Active Directory para administración de activos.

Experiencias de los clientes

Abtran (english)

McAfee security risk management solutions help Abtran meet clients’ increasing security requirements.

Aspectos destacados
  • Provided multiple layers of security risk management protection for Abtran’s clients
  • Reduced IT hours spent supporting, administering, and monitoring endpoint security
  • Cut time to produce weekly security reports from three or four hours to less than two minutes
  • Migrated easily and seamlessly from existing anti-virus solutions

Alcatel-Lucent Shanghai Bell (english)

Alcatel-Lucent Shanghai Bell uses McAfee Network Security Platform to secure 100 Mbps to 10 Gbps corporate networks against threats and attacks.

Aspectos destacados
  • Increased identification and interception of up to 99% of the threats
  • Improved the work efficiency and allowed the information security and network departments to cooperate with each other in monitoring security threats and risks

Arab National Bank (english)

Arab National Bank uses McAfee ePolicy Orchestrator (ePO) software to manage endpoint protection across 5,500 endpoints.

Aspectos destacados
  • Reduces manpower required to manage endpoint security from six people to two
  • Accelerates deployment of data loss protection—70 percent faster than competitive solutions faster than competitive solutions
  • Cuts administrative reporting from several days to minutes
  • Saves $152,000 in reduced manual intervention, thanks to integration with third-party security solutions

Arab National Bank (english)

Arab National Bank uses McAfee ePolicy Orchestrator (ePO) software to manage endpoint protection across 5,500 endpoints.

Aspectos destacados
  • Reduces manpower required to manage endpoint security from six people to two
  • Accelerates deployment of data loss protection—70 percent faster than competitive solutions faster than competitive solutions
  • Cuts administrative reporting from several days to minutes
  • Saves $152,000 in reduced manual intervention, thanks to integration with third-party security solutions

Bank Central Asia (english)

Bank Central Asia achieves compliance and saves time with McAfee ePO Software.

Aspectos destacados
  • Eased compliance with internal and industry regulations
  • Saved time through centralized management
  • Provided protection to computers, network, and data through integrated solutions

Cardnet (english)

Cardnet eliminates malware infections with comprehensive network, email, and endpoint security from McAfee.

Aspectos destacados
  • Total absence of known infections of any kind
  • Protected the entire IT infrastructure
  • Maintained IT security with a staff of three, versus 20 or more if the McAfee suite was not in place

CEMEX

CEMEX relies on McAfee to find system vulnerabilities and prevent data loss.

Aspectos destacados
  • Discovered and assessed systems vulnerabilities
  • Provided in-depth visibility regarding network assets
  • Reduced vulnerability false positives by 80%
  • Saved IT hours each week thanks to easy-to-use reports and minimal false positives
  • Prioritized threat response

Citrix Systems (english)

Citrix reduces risk with McAfee’s integrated security risk management platform.

Aspectos destacados
  • Deployed quickly and easily, saving $40,000 in deployment costs
  • Reduced incident response rate by 40% and overall TCO of security risk management
  • Dramatically eased security administration and accelerated patch deployment
  • Reduced remediation time by 70%

Dongfeng Nissan Passenger Vehicle Co., Ltd. (english)

With robust integration features built into ePO, users can handle data events and achieve stronger monitoring and control easily and quickly through the platform.

Aspectos destacados
  • Protected intellectual property

DSM (english)

DSM enlists McAfee to strengthen enterprise network security control and compliance.

Aspectos destacados
  • Provided full visibility into network traffic and connected systems
  • Simplified patch management
  • Improved compliance with regulations and policies
  • Increased efficiencies for significant cost savings

HCF (english)

HCF gets comprehensive anti-malware protection and streamlined security management with McAfee.

Aspectos destacados
  • Smooth implementation
  • Easy identification of vulnerable areas
  • Meaningful reports for IT administrators who are only advised about attacks that are relevant to the environment
  • Enabled automatic enforcement of security policies; ensuring network integrity
  • Automation of patch management freed up IT staff to focus on strategic work

Idaho State Tax Commission (english)

Idaho State Tax Commission chooses McAfee to embed security in a new network infrastructure.

Aspectos destacados
  • Identified vulnerabilities and blocked threats
  • Delivered reliable endpoint protection
  • Enabled compliance with National Institute of Standards and Technology (NIST) security guidelines
  • Provided support for the commission’s defense-in-depth security strategy
  • Helped increase security awareness among network users

Integral Energy (english)

Integral Energy proactively assesses and manages vulnerabilities with McAfee Vulnerability Manager.

Aspectos destacados
  • Discovered and assessed system vulnerabilities quickly and accurately
  • Enabled threat prioritization and proactive, informed decision making
  • Provided in-depth visibility regarding network assets
  • Facilitated compliance with ISO 27001 standard

Intelsat (english)

Intelsat trusts McAfee to protect user and network devices globally.

Aspectos destacados
  • Protected a diverse environment from internal and external threats, including the inherent risks of a fluctuating population of 250 to 500 contractors
  • Managed the entire server system with 1.5 full-time employees (FTEs)
  • Reduced solution cost by 75% over a la carte purchases from separate vendors
  • Standardized a security environment that previously required five vendors
  • Complied with regulations, including SOX, HIPAA, and Department of Defense (DoD)

Macquarie Telecom (english)

McAfee solutions offer integrated protection from distributed denial-of service (DDoS) threats at the Macquarie Telecom perimeter.

Aspectos destacados
  • Fully integrated security platform easily managed from a central dashboard.
  • Visibility and control for clients over their hosted security environments.
  • Competitive advantage through partnership with a trusted technology provider.

Noticias y acontecimientos

Recursos

Libros blancos

Conquer the Top 20 Critical Security Controls (english)

The strength of the Critical Security Controls (CSCs) is their ability to reflect the consensus of successful experiences captured and refined over multiple revisions. The CSCs help organizations break down operational silos by providing a pragmatic blueprint detailing where to focus efforts to achieve the greatest results. This white paper maps the quick wins within the first five CSCs to associated McAfee products, services, and partner solution capabilities — all part of the Security Connected platform.

Discover. Evaluate. Act. (english)

This paper explains how to apply McAfee Vulnerability Manager with the McAfee Asset Manager feature to discover, evaluate, and promptly manage evolving risk. Through continuous network-based monitoring and the application of enterprise security intelligence, enterprises can mitigate security and compliance risks from IP-enabled devices that users install without administrator support, including servers, desktops, smartphones, tablets, virtualized systems, printers, and networking equipment.

Protección de los activos críticos mediante la aplicación de parches virtuales

Limitar la exposición a vulnerabilidades mediante una protección predictiva contra amenazas

Planes detallados de tecnología

Assess Your Vulnerabilities (english)

McAfee integrates data and processes to make vulnerability management more effective and efficient. Our approach combines asset discovery and management, comprehensive vulnerability scanning, flexible reporting, and remediation workflows into a single vulnerability assessment solution.

Reportes

Gartner MarketScope for Vulnerability Assessment (english)

McAfee receives the highest possible rating of "Strong Positive" in the latest MarketScope for Vulnerability Assessment (VA) where VA vendors compete on management features, configuration assessment, price, reporting, and integration with other security products.

Resúmenes de soluciones

Prioritize and Remediate Critical Risks Found by McAfee Vulnerability Manager (english)

McAfee Vulnerability Manager and Skybox Risk Exposure Analyzer (REA) combine to give customers an advanced solution to identify IT vulnerabilities, prioritize and evaluate security risks and attack scenarios, and mitigate critical risks before they cause harm.

Ensure Compliance and Automate Change Management of McAfee Enterprise Firewalls (english)

The combination of McAfee Firewall Enterprise and Skybox Firewall Assurance, Skybox Network Assurance, and Skybox Change Manager continuously validate that your McAfee Firewall Enterprise solutions are optimally and securely configured to ensure continuous compliance, block unauthorized activity, and securely automate change management.

Continuous, Comprehensive Monitoring (english)

Learn how you can move to real-time vulnerability management with always-on discovery and integrated risk assessment.

Scanning Web Applications for Vulnerabilities (english)

McAfee Vulnerability Manager has a new web scanning capability, allowing you to discover, crawl, assess, report, and manage the vulnerabilities discovered in any number of internal or external web applications.

Quantitative Metrics to Measure, Model, and Manage IT Risk (english)

Prevari’s Technology Risk Manager (TRM) solution uses existing enterprise data combined with actuarial risk information to provide repeatable, quantitative, and predictive risk analytics.

Preventing Information Leaks (english)

Raytheon SureView integration with McAfee ePolicy Orchestrator (McAfee ePO) software enables governmental and commercial enterprises to deploy and seamlessly manage command and control of SureView clients across the entire organization through their existing infrastructure, allowing for speedy implementation and efficient management of an effective cyberaudit program.

Security Posture and Risk Management (english)

RedSeal Vulnerability Advisor analyzes the results of McAfee Vulnerability Manager in the context of the network to prioritize vulnerabilities requiring attention and offer network mitigation options.

Comunidad

Blogs

  • Shedding light on ‘Shadow IT’
    David Small - enero 9, 2014

    BYOD, BYOA, BYOx. The IT industry is full of acronyms depicting its constant evolution and relationship with the professional world. First came the devices; employees saw the power of personal devices and insisted on using them in the workplace. And so the consumerisation of IT was born. After the devices came the apps. Companies reported […]

    The post Shedding light on ‘Shadow IT’ appeared first on McAfee.

  • Walking the Talk on Public-Private Partnerships
    Tom Gann - agosto 16, 2013

    There’s been a lot of talk about the value of public-private partnerships in moving the U.S. toward a more robust cyber security posture. And let’s be honest:  there’s also been a lot of private sector skepticism about how much the Administration really believed in the concept or how much they would do to make it […]

    The post Walking the Talk on Public-Private Partnerships appeared first on McAfee.

  • Five Factors That Make D.C. Region a Cybersecurity Hub
    Tom Gann - mayo 29, 2013

    McAfee is based in Silicon Valley, but we know there’s more to tech than California. We recently joined the National Institute of Standards and Technology to launch the National Cybersecurity Center of Excellence, a joint effort among high-tech business, federal, state and local government and local universities located in Rockville, Md. The goal of the […]

    The post Five Factors That Make D.C. Region a Cybersecurity Hub appeared first on McAfee.

  • Getting Assurance in a Time Constrained World
    McAfee - mayo 20, 2013

    Nothing is as frustrating as when something goes wrong, especially when you have time constraints.  NIST has just released Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations where a few notable items have been added to increase the confidence that security, practices, procedures and architectures of information systems […]

    The post Getting Assurance in a Time Constrained World appeared first on McAfee.

  • Response Now as Important as Prevention
    Leon Erlanger - febrero 24, 2012

    The National Institute of Standards and Technology (NIST) has updated its Computer Security Incident Handling Guide to take into account the increasingly dire state of cyber security. As anyone who has followed the rush of high-profile incursions over the past year knows, it’s looking less and less possible to prevent the inevitable attack, no matter […]

    The post Response Now as Important as Prevention appeared first on McAfee.