Intel Security

McAfee GTI Reputation & Categorization Services

File Reputation

McAfee Global Threat Intelligence provides accurate and relevant file reputation for our products via direct integration to defend against both known and emerging malware-based threats.

McAfee Labs’ cloud-based system receives billions of file reputation queries each month and responds with a score that reflects the likelihood that the file in question is malware. The score is based not only on the collective intelligence from sensors querying our cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from web, email, and network threat data. Our anti-malware engine—whether deployed as part of an endpoint anti-malware, gateway, or other solution—uses the score to determine action (such as block or quarantine) based on local policy.

Key benefits:

  • Compresses the threat protection time period from days to milliseconds.
  • Increases malware and zero-day detection rates.
  • Reduces downtime and remediation costs associated with malware attacks.

Web Reputation

McAfee Global Threat Intelligence provides cloud-based URL and web domain reputation for our products via direct integration to defend against both known and emerging web-based threats.

Our cloud-based system receives billions of web reputation queries daily and responds with a score that reflects the likelihood that the URL, web domain, or DNS server in question is a phishing site, infected with malware, or otherwise malicious. The score is based not only on the collective intelligence from sensors querying our cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, email, and network threat data. Our products, such as McAfee Web Gateway, use the score in combination with product intelligence to determine action based on local policy. We not only calculates reputations for URLs, but also for domains, their associated IP addresses, and DNS servers.

Key benefits:

  • Protects users from Web 2.0 threats, social engineering, and drive-by malware downloads.
  • Increases end-user awareness of online dangers.
  • Reduces system and network burden by blocking threats at the network edge.

Web Categorization

McAfee Global Threat Intelligence provides cloud-based URL and web domain reputation for our products via direct integration to defend against both known and emerging web-based threats.

Our cloud-based system has granular categorizations for millions of websites across more than 90 categories. The information is based on the collective intelligence from sensors providing information to our cloud as well as analysis performed by McAfee Labs researchers and automated tools. Our products, including McAfee Web Gateway, use the score in combination with product intelligence to determine action based on local policy. We not only calculates reputations for URLs, but also for domains, their associated IP addresses, and DNS servers.

Key benefits:

  • Protects users from Web 2.0 threats, social engineering, and drive-by malware downloads.
  • Safeguards organizations from legal liabilities by blocking inappropriate online content.
  • Increases organizations’ employee productivity by blocking unauthorized websites.

Message Reputation

McAfee Global Threat Intelligence provides cloud-based message and sender reputation services for our products via direct integration to defend against both known and emerging message-based threats such as spam.

We receive hundreds of millions of email queries daily, take a fingerprint of the message content (versus the content itself, for privacy reasons), and analyze it along many dimensions. Message reputation combines with factors such as spam-sending patterns and IP behavior to determine the likelihood that the message in question is malicious.

The score is based not only on the collective intelligence from sensors querying our cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, web, and network threat data. Our products use the score to determine action based on local policy.

Key benefits:

  • Protects users from social engineering messages and other message-borne threats.
  • Reduces system and network burden by blocking threats at the network edge.
  • Safeguards organizations from legal liabilities by blocking messages containing inappropriate online content.

Network Connection Reputation

McAfee Global Threat Intelligence cloud based service combines IP addresses, network ports, and communications protocols to determine granular reputation intelligence, protecting our products against both known and emerging network based attacks and adversarial activity.

We collect data from billions of IP addresses and network ports, providing hundreds of trillions of unique views, and calculate a reputation score based on network traffic, including port, destination, protocol, and inbound and outbound connection requests. The score reflects the likelihood that a network connection poses a threat, such as a connection associated with botnet control. The score is based not only on the collective intelligence from sensors querying our cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, web, and network threat data. Our products, including McAfee Network Security Platform, use the score to determine action based on local policy.

Key benefits:

  • Protects endpoints from botnets, distributed denial-of-service (DDoS) attacks, command and control activity, advanced persistent threats, and risky web connections.
  • Reduces system and network burden by blocking threats at the network edge.
  • Decreases downtime and remediation costs associated with network-based attacks.