Time traditionally favors attackers. You need defenses that act without boundaries or delays, moving from encounter to containment in milliseconds, not months. Sharing data and learning as they protect, cutting-edge countermeasures in the Security Connected platform benefit from contextualized threat intelligence, analytics, and centralized security management. We knit together endpoints, network, and the cloud for the only comprehensive, automated approach to find, freeze, and fix advanced threats — fast.
Most threats are blocked at first encounter by our advanced endpoint, web, email, and network detection. Contextual SmartListing within McAfee Threat Intelligence Exchange also shares local, global, third-party, and manually entered threat intelligence and organizational rules in real time to stop threats. For extra confidence, system and application controls thwart any malicious code that gets through. Remaining suspicious files flow directly to McAfee Advanced Threat Defense for dynamic and static analysis, including sandboxing, that quickly reveals the full intent of the file. Going beyond malware analysis, endpoint- and network-based systems instantly analyze traffic to detect activity that could indicate a compromised host.
If a host is compromised, containment is crucial. The Security Connected platform facilitates automated intervention. Sharing threat intelligence among management, network, and endpoint systems, McAfee immediately shuts down command and control communications and quarantines compromised systems. For example, McAfee Network Security Platform uses guidance from McAfee Enterprise Security Manager to block communication with infected hosts. Via McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange, details like dynamic file and IP reputation, prevalence, and malware artifacts educate each countermeasure to recognize and block emerging and targeted threats.
Event data and threat intelligence flows into our security information and event management (SIEM). While watchlists prevent the recurrence of an event, incident responders can delve into your current and historic security situation. Looking across endpoints and network, you can manipulate data, logs, and analytics to quickly outline the attack scope, track its path and impact, and select the best remediation or risk mitigation. Off-the-shelf integrations with countermeasures and policy- and rules-based management remove steps, repetition, and errors that handicap response and multiply costs.
The Security Connected platform converts the phases of the fight — find, freeze, and fix — from separate battles into a concerted defense. With data correlated, contextualized, and linked to countermeasures, time is your ally. A real-time data exchange layer and the McAfee Threat Intelligence Exchange mean McAfee defenses can act autonomously, applying your rules and risk posture, immunizing systems with updated intelligence, and keeping networks available and secure. This expedites detection, incident response, and investigations, preventing attackers from entering, persisting, or exfiltrating data.
A.T.U safeguards employee web and email communications with centrally managed McAfee security solutions.
Alcatel-Lucent Shanghai Bell uses McAfee Network Security Platform to secure 100 Mbps to 10 Gbps corporate networks against threats and attacks.
Cardnet eliminates malware infections with comprehensive network, email, and endpoint security from McAfee.
McAfee Total Protection for Secure Business provides Community South Bank with comprehensive server and desktop protection, while safeguarding data and defending against threats.
McAfee simplifies security management for French city’s local government.
McAfee Firewall Enterprise, McAfee Web Gateway, and McAfee Email Gateway provide the foundation for MidWestOne’s Internet security strategy.
SIM University uses McAfee Firewall Enterprise to protect its data center.
McAfee delivers comprehensive protection for Transend Networks' virtualized infrastructure, enabling high network availability.
Finds advanced malware and zero-day threats, and seamlessly integrates with McAfee network security solutions to freeze the threat while Real Time for McAfee ePolicy Orchestrator initiates a fix or remediation actions.
Provides innovative evasion prevention, centralized management, and built-in high availability and scalability to meet the complex, high-performance needs of demanding data centers and distributed enterprises.
Aggregates powerful malware detection techniques including global file reputation, custom malware signatures, file anomaly analysis, heuristics, emulations, cloud lookups, and static file analysis to identify and block threats travelling over the network, from worms to bots. Tools, weighted alerts, and forensic dashboards reduce the expertise and time required to understand and act on relevant events.
Monitors web traffic for malicious content, suspicious memory activities, and known bad URLs, using advanced content and behavior analytics to accurately and preemptively detect and block modern blended attacks and complex malware. Includes full browser emulation and multi-layer analysis that detects malicious active content and reveals the malware’s final intent, reflecting dynamic changes that occur in real time, as well as scareware.
Offers hybrid deployment options, multiple scanning engines, and click-time URL analysis to provide defense in depth for the email vector against phishing attacks, viruses, malware, directory harvest, denial of service (DoS), bounceback attacks, zero-hour threats, and spam surges with the leverage of network, file, and message reputation. Integration with McAfee Advanced Threat Defense enables detection of stealthy, zero-day malware files that attempt to breach the network via email.
Fends off hackers attempting to enter the network or manipulate bots and compromised systems within your infrastructure. Strong next-generation firewall capabilities, including application visibility and deep application controls, reduce the attack surface, block the latest attacks, and eliminate unwanted traffic.
Unifies security management and policy enforcement for consistent control across the McAfee portfolio of endpoint, network, and data security. Helps security professionals make better security management decisions based on a holistic view of security posture, actionable dashboards, automated responses, and integrated workflows.
Collects and correlates event, behavior, and alert information from all your sources, delivering a full depiction of the attack with context awareness for rapid, decisive action based on a crisp understanding of event sequences and scope. Integrates with McAfee ePO software to automatically adjust system security settings for attacks or potential attacks in progress. Can send quarantine commands to McAfee Network Security Platform to shut down suspicious communications.
McAfee Threat Intelligence Exchange significantly optimizes threat prevention, closing the gap from encounter to containment for advanced targeted attacks from days, weeks, and months down to milliseconds.
Restrict the applications that can be installed or run on your endpoints to limit vulnerabilities and prevent execution of malicious software binaries, kernel components, DLLs, ActiveX controls, scripts, or Java components.
Prevents tampering with critical system files, directories, and registry keys to block all unauthorized changes, whether malicious or inadvertent, that could permit compromise and persistence, such as creation of backdoors and escalation of privileges.
Monitors system behavior at the kernel-level to expose and remove stealthy and unknown threats, including master boot record (MBR) bootkits and kernel rootkits, and preempt zero-day malware; utilizes integration with Intel technology to remove low-level threats that traditional OS-based protection cannot detect.
Lets you lock down ports to limit the chance that portable storage devices can introduce malicious code into your systems or exfiltrate sensitive data.
Imposes three layers of protection (signature analysis, behavioral analysis, and dynamic stateful firewall with global reputation technology) to prevent intrusions, protect mobile assets, and defend your organization against known and emerging exploits, including zero-day attacks.
Offers specialized protection to secure critical servers against attacks, including directory traversal and SQL injection attacks, and block threats such as botnets and denial of service before attacks can occur.
Blocks access to dangerous or forbidden websites and flags potentially risky websites to educate users and reduce the chance for malware to enter through vulnerable browsers and endpoints.
Combines antivirus, antispyware, firewall, and intrusion prevention technologies to stop and remove malicious software and guard against buffer overflow exploits, spam, phishing attacks, malicious websites, and other threats that often evade standard antivirus and URL filtering systems.
Provides malware protection for Android and secures corporate email, calendar, and contacts to prevent interaction with personal data or malicious apps.
For product enhancements, please view the data sheet listed above.
Welcome to Advanced Evasion Techniques For Dummies, your guide to the security evasion techniques that have become a serious preoccupation of the IT industry.
This report discusses how to estimate the cost of malicious cyber activity, and its effect on trade, technology and competitiveness.
AV-Test performed a test of McAfee Web Gateway to determine its malware detection and blocking capabilities.
In January 2013, AV-TEST performed a comparative review of McAfee Deep Defender, Microsoft System Center Endpoint Protection, and Symantec Endpoint Protection to determine their capabilities to proactively protect against kernel-mode and MBR rootkits, also known as day zero attacks.
McAfee endpoint protection scored the highest in a test of protection against evasion attacks.
McAfee core endpoint anti-malware products (McAfee VirusScan Enterprise, McAfee Host Intrusion Prevention, and McAfee SiteAdvisor Enterprise) achieved the highest block rate and an overall score of 97% for all threats blocked in the exploit protection test.
Each month brings new media coverage of a targeted attack against a business, government, or critical infrastructure operator previously considered “invulnerable.” As more organizations encounter the cost, disruption, and public humiliation of data breaches, advanced targeted attacks become an executive-level discussion. Comprehensive threat protection requires orchestration of countermeasures and collective intelligence deployed with sensitivity to performance and risk.
The most menacing type of cyberattack is invisible. Using sophisticated techniques to hide its presence, stealthy malware may operate outside of the OS or move dynamically across endpoints to conceal the attackers’ actions. The risk to enterprises is real, with high-profile attacks such as Operation High Roller impacting companies around the globe. Traditional antivirus or intrusion prevention systems are no match for this new breed of stealthy malware; instead, enterprises need layered security controls that work together to detect the presence and actions of stealthy malware and attackers.
Smart and malicious advanced malware is targeted stealthy, evasive, and adaptive. Sandboxing and other stand-alone products can't do the job on their own. This editorial brief explains why you need an arsenal of layered, integrated defenses to protect against these sophisticated threats.
Learn about the three frameworks required for intelligence-driven response to be effective — decision, detection, and analysis.
Learn how application whitelisting and recent technology enhancements make it easier to implement whitelisting.
There are several solutions for protecting information that offer the added benefit of reducing costs and complexity.
The data center operations team is being tasked with responsibilities from building solutions for continuous compliance and virtualization to consolidation and leveraging the cloud.
Adaptive intelligence and real-time communications orchestrate protection in the McAfee Security Connected Platform.
Cybercriminals are increasingly exploiting vulnerabilities in network security systems at a greater rate than ever before. Learn how to protect against advanced evasion techniques (AETs) and avoid becoming a victim.
The McAfee Gateway Anti-Malware engine is a powerful, next-generation technology designed to protect against contemporary threats delivered via HTTP and HTTPS channels. Leveraging new, patent pending techniques, McAfee Gateway Anti-Malware takes web exploit detection, zero-day, and targeted threat prevention to the next level, protecting customers from web-delivered threats and exploits.
This paper describes how McAfee Deep Defender moves endpoint security beyond the operating system. McAfee Deep Defender gets hardware assistance from Intel and uses a privileged early load position to uncloak, block, and remove the kernel-mode activities of stealthy rootkits.
This white paper discusses how the McAfee Network Security Platform can help organizations unify network security across physical and virtual environments, streamline security operations, and protect themselves from emerging malware, zero-day attacks, denial-of-service exploits and advanced targeted attacks.