Intelligence-Driven Response

Real-time automated and human decision, detection, and analysis systems for resilient cyberdefense

Next Steps:

Overview

Speed of response and efficient allocation of resources are essential to mission assurance. Intelligence-driven response helps government enterprises combat today’s threats and maintain service availability as cyberattacks become more stealthy and persistent. Operationalizing these fundamental systems and processes enhances speed, visibility, and accuracy while directing resources for the most efficiency and impact.

Broad and deep visibility into the anatomy of each attack — McAfee detection and analysis solutions provide visibility across the kill chain, from endpoints to the data center. Multiple forms of inline and out-of-band traffic analysis validate suspicious events quickly. As you discover and identify malicious actions and intrusion indicators, McAfee helps you capture and leverage that knowledge to prevent or disrupt in-process events or speed detection in the future.

Rapid, prioritized responses — The McAfee decision framework integrates rich analytical insights into a centralized intelligence exchange and workflow for discovery, prevention, detection, analysis, impact assessment, and response. External threat intelligence is enhanced with local threat intelligence gathered from sensor grids throughout your network and correlated with contextual data. This system drives rapid, prioritized mitigation or remediation by systems and staff. Where possible, policies launch automated responses by McAfee preventative controls at endpoints, network gateways, and data centers to reduce the attack surface and potential impact. Precious intelligence staff can direct their time to the most egregious and insidious events.

Essential to a cyber resilience strategy — McAfee helps integrate tailored and timely incident analysis and response with enterprise IT and strategic decision frameworks. Your defense enterprises can incorporate speed, efficiency, and visibility throughout critical incident management processes and develop measurable points of success.

Key Benefits

  • Adapt analysis to your network for maximum protection
    Detect and analyze the varied attacks facing government environments: client-side exploitation and web-borne malware attacks on unrestricted Internet-facing networks; insider threats and data breaches on restricted and classified networks; and denial of service, privilege escalation, and rogue devices threatening data center security.
  • Design intelligence in to maintain resilience
    Build a data strategy that provides visibility in depth and integrates real-time intelligence from both global and local sources for a threat-vector and environment-aware strategy. Integrate with traditional IT systems and decision frameworks like CyberScope and HP Secure Boardroom to support defense enterprise strategic processes. Support machine-to-machine data collection and exchange for real-time continuous monitoring that allows systems and people to learn while protecting.
  • Seek the persistent adversary
    Establish visibility in depth throughout the kill chain — reconnaissance through exfiltration — and on both host and network; normalize data and validate suspicious events quickly by applying multiple analytical techniques to the same content.
  • Evolve without pain
    Integrate extra analysis capability without a forklift upgrade in sensor hardware; use the McAfee decision framework as an integration point for multiple information domains and partner solutions.
  • Act with intelligence
    Incorporate intelligence and context from both global and local sources to rapidly characterize the data and determine the most appropriate intervention, mitigation, or remediation. Once an attack is confirmed and contained, intelligence gained from the root analysis is used to find and clean affected hosts anywhere on the network, update prevention systems, and create watchlists to identify future or historical incidents.
  • Learn as you go
    Capture intelligence from attempted intrusions and leverage that knowledge to prevent new events or speed detection of indicators in the future.
  • Report, measure, and evaluate easily
    Centralize reporting for better metrics and accountability; use McAfee SIEM to develop incident response metrics that measure the performance of the program and align with operational requirements to determine mission impact.

Products

Endpoint Protection

McAfee Application Control
McAfee Application Control

McAfee Application Control software provides an effective way to block unauthorized applications and code on servers, corporate desktops, and fixed-function devices. This centrally managed whitelisting solution uses a dynamic trust model and innovative security features that thwart advanced persistent threats — without requiring signature updates or labor-intensive list management.

McAfee Endpoint Protection — Advanced Suite
McAfee Endpoint Protection — Advanced Suite

McAfee Endpoint Protection — Advanced Suite delivers proactive anti-malware protection, access control, and centralized policy-based management to keep your assets safe and compliant.

McAfee Global Threat Intelligence Proxy
McAfee Global Threat Intelligence Proxy

McAfee Global Threat Intelligence Proxy (McAfee GTI Proxy) enables McAfee VirusScan Enterprise nodes to perform McAfee GTI file reputation queries from within the enterprise network — without requiring direct access to the public McAfee cloud.

McAfee Host Intrusion Prevention for Desktop
McAfee Host Intrusion Prevention for Desktop

McAfee Host Intrusion Prevention for Desktop helps keep your business safe and productive by monitoring and blocking unwanted activity with a comprehensive three-part threat defense — signature analysis, behavioral analysis, and system firewall — all easily managed from one central console, the McAfee ePolicy Orchestrator (ePO) platform.

Network Security

McAfee Network Security Platform (IBS)
McAfee Network Security Platform

McAfee Network Security Platform is the industry’s leading next-generation network intrusion prevention system. It protects network-connected devices against advanced, targeted attacks through a combination of sophisticated defenses, including full stack inspection, protocol anomaly detection, advanced behavior analytics, and reputation-based analysis. It delivers integrated visibility and control of over 1,100 network-based applications. It provides hypervisor-aware Intrusion prevention, supports live migration of virtual machines, and scales up to 80 Gbps to meet the performance needs of the world’s most demanding networks.

McAfee Network Threat Behavior Analysis
McAfee Threat Behavior Analysis

McAfee Network Threat Behavior Analysis analyzes traffic for network security threats coming from inside your network, including malicious behavior and unusual host interactions. Working with McAfee’s network intrusion prevention platform, Network Threat Behavior Analysis can positively identify bots, worms, spam, and reconnaissance attacks. A single device combines NetFlow feeds with rich Layer 7 data from throughout the network to provide a unified view of network security threats.

McAfee Network Threat Response
McAfee Network Threat Response

McAfee Network Threat Response is a network security solution that specializes in finding that single, all-important security threat: the attack that gets inside the network itself. Network Threat Response is a framework of next-generation detection engines specializing in thwarting advanced persistent threats (APTs), and prioritizes and presents only those security threats that require investigation — cutting analysis time from weeks to minutes.

SIEM

McAfee Enterprise Security Manager
McAfee Enterprise Security Manager

McAfee Enterprise Security Manager provides the speed and rich context required to identify critical threats, respond quickly, and easily address compliance requirements. Continuous global threat and enterprise risk feeds deliver adaptive and autonomous risk management, allowing remediation of threats and compliance reporting in minutes instead of hours.

McAfee Global Threat Intelligence for Enterprise Security Manager
McAfee Global Threat Intelligence for Enterprise Security Manager

Built for big security data, McAfee Global Threat Intelligence for Enterprise Security Manager (ESM) puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent Security Information and Event Management (SIEM).

Services

    McAfee Malware Forensics and Incident Response Training

    IT professionals charged with protecting the environment can be overwhelmed, ignoring malware attacks or mistakenly diagnosing them as system or network problems. McAfee Foundstone Consulting’s Malware Forensics and Incident Response Education (MFIRE) course is a comprehensive technically oriented course that enables you to respond to malware incidents successfully and reinforce your security posture. In this course, you’ll learn techniques to identify, respond to, and recover from malware incidents.

    Malware Analysis as a Service

    Online subscription service is available for malware analysis.

Partner Solutions

HB Gary

HBGary specializes in developing advanced computer analysis products to detect, diagnose, and respond to advanced malware, targeted threats, and other cybercrime activities.

Solera Networks

Solera Networks delivers a high-speed network monitoring and forensics platform for complete network capture, classification, indexing, visualization, and reconstruction of any network event.

Resources

Brochures

Security Connected for Public Sector: Situation Under Control

Through its optimized, connected security architecture and global threat intelligence, learn how McAfee delivers security that addresses the needs of the military, civilian government organizations, critical sectors, and systems integrators.

Solution Briefs

Continuous Diagnostics and Mitigation

McAfee offers a comprehensive security portfolio that maps directly to the Continuous Asset Evaluation, Situational Awareness, and Risk Scoring (CAESARS) reference architecture. Learn how McAfee solutions encompass support for all subsystems, including sensor, database, presentation/reporting, and analysis/risk scoring.

Counter Stealthy Malware

The most menacing type of cyberattack is invisible. Using sophisticated techniques to hide its presence, stealthy malware may operate outside of the OS or move dynamically across endpoints to conceal the attackers’ actions. The risk to enterprises is real, with high-profile attacks such as Operation High Roller impacting companies around the globe. Traditional antivirus or intrusion prevention systems are no match for this new breed of stealthy malware; instead, enterprises need layered security controls that work together to detect the presence and actions of stealthy malware and attackers.

Identify Sensitive Data and Prevent Data Leaks

The interoperability between TITUS Document Classification software and McAfee Data Loss Prevention (DLP) further reduces your risk of data loss by capturing end users’ inherent knowledge about the sensitivity of documents and making that information available to McAfee host and network-based DLP as visual classification labels and corresponding metadata.

Law Enforcement Solutions

McAfee understands cybercrime investigation and offers a number of products and services to enable law enforcement investigators.

McAfee Solutions for Computer Emergency Response Teams

Computer Emergency Response Team (CERT) organizations perform critical incident analysis and handling and information dissemination in support of government, law enforcement, critical infrastructure, and other public sector customers. McAfee understands this mission and offers a number of products and services that enable the core missions of international CERT groups.

Achieve Resilient Cyber-Readiness

Learn about the three cyber-readiness solution requirements: continuous asset intelligence, risk assessment across IT and operational assets, and integration with computerized decision support systems.

Operationalize Intelligence-Driven Response

Learn about the three frameworks required for intelligence-driven response to be effective — decision, detection, and analysis.

See Network Threats to Prevent Future Attacks

Solera Networks, a platform for network security analytics, provides full context to any security event identified by the McAfee Network Security Platform.

Protecting Information

There are several solutions for protecting information that offer the added benefit of reducing costs and complexity.

Protecting the Data Center

The data center operations team is being tasked with responsibilities from building solutions for continuous compliance and virtualization to consolidation and leveraging the cloud.

Real-time Threat Detection for Defense in Depth (DiD) and Information Assurance

McAfee delivers comprehensive network intrusion prevention to protect the Army's network.

Technology Blueprints

Protect Your Databases

The McAfee approach to database security monitors database activity and changes, offers protected auditing tools, enables virtual patching to avoid database downtime, and provides compliance and regulatory templates.

Assess Your Vulnerabilities

McAfee integrates data and processes to make vulnerability management more effective and efficient. Our approach combines asset discovery and management, comprehensive vulnerability scanning, flexible reporting, and remediation workflows into a single vulnerability assessment solution.

Achieve Situational Awareness

The McAfee solution has two primary components: McAfee ePolicy Orchestrator (McAfee ePO) software and McAfee Enterprise Security Manager, with additional integrations to extend visibility and control across the entire security and compliance management environment.

Look Inside Network Traffic

The McAfee solution has two primary components: McAfee Firewall Enterprise and McAfee Network Security Platform. The McAfee Firewall and the IPS appliance both have add-on features that can optimize your visibility into the network. McAfee SIEM and other optional products help extend visibility and analytics to more aspects of network traffic.

Protect Your File Servers

File servers hold sensitive data and require security controls that guard against data-stealing malware and unauthorized system changes. McAfee protects file servers with a solution that includes antimalware and antivirus protection, change monitoring and enforcement, dynamic whitelisting, network intrusion protection, and data loss prevention.

White Papers

Evolving HBSS to Protect and Enable the Modern Warfighter’s Mission

This paper will examine the future of HBSS and make measurable, tangible recommendations to not only increase overall security and capabilities, but also to lessen the management burden, lower the overall total cost of ownership, allow for better results, particularly in D-DIL environments, and allow JIE real-time operational control over HBSS assets.

Community

Blogs

Threats and Risks