McAfee Risk Advisor takes the guesswork out of protecting critical assets by proactively correlating a threat feed with vulnerability and countermeasure information to pinpoint at-risk critical assets that require immediate attention. Risk Advisor helps determine what countermeasures you need, and when you need them, enabling businesses to defend against the very real threats faced daily, including malicious hackers, viral malware, and other emerging dangers. To learn more about Risk Advisor features, please download the data sheet.
How It Works
McAfee Risk Advisor works on the ePolicy Orchestrator framework. It imports data from asset, threat, vulnerability, countermeasure and application data sources, reconciles them and performs analytics to generate reports providing the overall risk posture at assets, threats, and enterprise level.
Use the ePolicy Orchestrator standard features such as server tasks, dashboards, queries, and reporting to configure the product, schedule and perform analysis, generate reports, and query database.
The communication workflow among the various components involves:
- McAfee Risk Advisor is installed as an extension to the ePolicy Orchestrator server.
- McAfee Risk Advisor uses the ePolicy Orchestrator database for storing and retrieving data.
- McAfee Risk Advisor core extension includes data import extensions such as MRA MVM, MRA NSP, and MRA HIPS. The data import extensions help obtain:
- Vulnerability data (from McAfee vulnerability detectors)
- Countermeasure data (from McAfee countermeasure products)
- Application data (from McAfee Application Inventory agent and McAfee Application Control)
- Threat data (from McAfee Threat Intelligence Service)
- McAfee Risk Advisor retrieves assets data from ePolicy Orchestrator.
- McAfee Risk Advisor reconciles the threat, asset, vulnerability, and countermeasure data, converting it to a format that can be interpreted by McAfee Risk Advisor.
- McAfee Risk Advisor analytics performs risk analysis to determine risks to assets.
- McAfee Risk Advisor generates reports in quantitative and qualitative formats, to help you determine, analyze, and prioritize risks.
How McAfee Risk Advisor Imports and Analyzes Data
McAfee Risk Advisor imports data from products managed by ePolicy Orchestrator, creates a visual representation of the potential vulnerabilities on your network, and recommends and prioritizes what you need to do to address them.
The default server task, MRA: Threat Download and Analysis, is comprised of these actions:
- MRA: Threat Feed Download — Updates McAfee Risk Advisor with the latest threat information from McAfee Threat Intelligence Services. Imports complete threat data (From Beginning) or selected threat data (Since Last Run). This service requires Internet connectivity.
If you are in an air gap environment, you can use the Import Threats from File action to import a file containing the updates.
- MRA: Data Import/Reconciliation — Imports and reconciles system and asset information from the supported McAfee products. If application awareness is enabled, reconciles application data from the McAfee Application Control and McAfee Application Inventory.
- MRA: Threat Asset Coverage Analysis — applies the threat analysis calculations from McAfee Risk Advisor to the data collected from the MRA: Threat Feed Download and the MRA: Data Import/Reconciliation tasks.
During this task, threat data applicable to an asset is compared against the countermeasures and vulnerability status of the asset to determine whether the asset is at risk. Also, it provides an option to enable analysis for McAfee Risk Advisor reports.
You can view the status of these tasks in the Server Task Log.