This McAfee customer is one of the nation’s top academic medical centers. Based in the East Coast, The Medical Center has a large full-time staff.
Extending Security Beyond the Operating System
The hospital has an extensive deployment of McAfee solutions including McAfee® VirusScan® Enterprise software for its 10,000 endpoints, with McAfee Deep Defender deployed in tandem with 4,000 of those endpoints. By combining the hardware foundation from Intel® Core™ processors McAfee Deep Defender protects against stealthy attacks. McAfee Deep Defender uses Intel Virtualization Technology (Intel VT-x) to go beyond the operating system to detect, block, and remediate advanced, hidden attacks before they cause damage. The Medical Center has also deployed McAfee Global Threat Intelligence (GTI), McAfee Host Intrusion Prevention, McAfee Device Control, and McAfee SiteAdvisor® software, with McAfee ePolicy Orchestrator® (McAfee ePO™) software providing centralized access and management for the entire security infrastructure. Within their network, the Medical Center runs multiple McAfee Network Security Platform appliances that are deployed on the perimeter.
With security covered at the operating system level, the Medical Center sought a solution that could penetrate more deeply and protect endpoints from kernel-mode rootkits—stealthy malware packages that are able to bypass the operating system and evade detection by traditional antivirus software. According to one estimate by Intel, it takes IT personnel up to six hours to re-image a typical desktop computer that has been attacked by a kernel-mode rootkit. Re-imaging might take several more hours for workstations running more sophisticated and technical software and containing large quantities of data, such as those used by scientists and researchers. The Medical Center wanted to remove that timeconsuming burden from its small IT team, which has the responsibility to re-image hundreds of infected workstations each year.
“As anyone in healthcare IT knows, there is a severe shortage of qualified technical personnel especially as hospital environments become more automated and the technology infrastructure more complex,” says a spokesperson from the Medical Center. “We are always on the lookout for advanced solutions that can help us leverage our IT staff more effectively and also provide further protection for the patient data stored on PCs in our environment.”
A Comprehensive Solution
To address these requirements, the Medical Center has installed McAfee Deep Defender—the first product built on the McAfee DeepSAFE™ technology co-developed with Intel. Representing the next generation of hardware-enhanced endpoint security, McAfee Deep Defender works beyond the operating system to detect, block, and remediate advanced and hidden attacks such as kernel-mode rootkits.
At The Medical Center, McAfee Deep Defender runs alongside McAfee VirusScan Enterprise software to provide comprehensive protection for more than 4,000 desktop computers. The remaining 6,000 endpoints are scheduled for deployment as the hospital completes its transition to an all-Windows 7 environment. Similar to the other McAfee solutions, McAfee ePO software enables the Medical Center to deploy and manage McAfee Deep Defender from a centralized dashboard, offering real-time reporting and other powerful tools for improving operational efficiencies and lowering the cost of ownership.
“We were extremely impressed with the presentation on McAfee Deep Defender at McAfee’s annual FOCUS conference, and we felt confident that this would be the ideal solution to augment our traditional security approaches,” states the spokesperson.
Shutting Threats Down Fast
Through its first-of-a-kind integration with Intel, McAfee Deep Defender resides between the computer’s operating system and memory to perform real-time kernel memory and CPU monitoring. McAfee Deep Defender detects an attempt by malware to load a driver and shuts the malware down before it can cause damage or steal data.
“By operating beyond the operating system to manage security at the hardware level, McAfee Deep Defender not only gives us advanced protection against malware, but offers significant time savings for our IT staff. McAfee Deep Defender is a definite game-changer; there is nothing else available in the industry that offers this level of deep protection.”Spokesperson for the Medical Center
The Medical Center began realizing success almost immediately. It took approximately one month to deploy Deep Defender beyond the test group. The Medical Center saw the first infection a week after their deployment expanded beyond the test group. The Medical Center found a malware package from a Dropbox infection with McAfee Deep Defender, which caught the infection trapped within a WinZip file. McAfee Deep Defender detected the kernel rootkit component instantly before it had a chance to hide the malware. As the Medical Center rolls out Windows 7, the Medical Center is feeling more confident in the layers of endpoint protection with McAfee VirusScan Enterprise 8.8 software, McAfee Deep Defender, and McAfee Host Intrusion Prevention System working in conjunction with their Intel vPro PCs to provide the utmost protection for the entire organization. “Deployment has been easy, and we purposefully incorporated McAfee Deep Defender into our build processes. Now our systems are protected at birth making infections less possible.”
New Efficiencies for IT
The Medical Center estimates that McAfee Deep Defender will save the IT team up to 40 hours approximately every month. On average it required three to four hours of work on one infected machine from re-imaging to deployment. The time that was once required for re-imaging machines can now be spent on more strategic tasks. The Medical Center expects a decrease in help desk calls from users troubled by infected computers. The decrease in calls translates to increased productivity of the IT organization, allowing the team time to focus on important projects. “We hope with McAfee ePO Deep Command software working hand-inhand with McAfee Deep Defender in the future, we can reimage a machine remotely at the hardware level. If a major detection is found, the machine can be cleaned immediately.” Overall, the Medical Center anticipates that customer satisfaction will improve as systems continue to run uninterrupted. The expected result for the organization is an increase in users’ productivity, a result benefiting the entire organization.
McAfee Deep Defender is one of the latest examples of how the collaboration of McAfee and Intel is bringing fresh innovation to computer and Internet security.
“By operating beyond the operating system to manage security at the hardware level, McAfee Deep Defender not only gives us advanced protection against malware, but offers significant time savings for our IT staff. McAfee Deep Defender is a definite game-changer. There is nothing else available in the industry that offers this level of deep protection.”
Looking into the future, the Medical Center is planning to deploy McAfee ePO Deep Command software, McAfee Vulnerability Manager, and McAfee Enterprise Security Manager. This next step will continue to enhance the way the Medical Center manages the risk of its health information systems. As a result, the Medical Center places a high value on its ongoing partnership with McAfee and Intel. “Our relationship with McAfee and with Intel has helped elevate our organization as a technology leader in the medical field. You can say that I am a true believer when it comes to McAfee and Intel providing hardware-enhanced security. I have never seen a McAfee or an Intel product fail, they only get better.”