Content

McAfee Risk and Compliance Manager<br>formerly McAfee Preventsys product shot

McAfee Risk and Compliance Manager
formerly McAfee Preventsys

McAfee System Protection

Automate and streamline compliance reporting and reduce costs

Synthesizing data from your disparate security systems for a holistic view of security risks and compliance issues is time- and labor-intensive. McAfee Risk and Compliance Manager (formerly McAfee Preventsys®) automates data gathering from your security solutions, leveraging their value while reducing the time and costs of identifying risks, addressing gaps and demonstrating compliance.

Tab Navigation

Benefits and Features

Benefits:

  • Gain a holistic, real-time view of risk and compliance
    With a click of the mouse, you can view and prioritize top IT security risks and compliance issues across the enterprise; determine status in real time using dashboards and compliance reports derived from live security system feeds that eliminate duplicate results
  • Save time and money by automating security auditing
    Spend less time and resources on manual processes and eliminate duplicate results by automatically correlating security data across all your various standalone point products
  • Leverage existing security system investments
    Easily integrate third-party security software, open-source tools, and other McAfee products without changing your security process or reports
  • Simplify demonstration of compliance
    Demonstrate compliance with regulatory polices and your own internally developed security policies, not just industry-established frameworks; automated compliance reporting saves time and resources in demonstrating compliance to auditors and management, eliminating the need for pre-audits
  • Reassure executives
    Show the effectiveness of your company's security controls by giving top-line managers risk and compliance scorecards on a regular basis

Features:

  • Risk and compliance dashboards
    Quickly identify the top two percent of risks with a customizable view of consolidated vulnerabilities, configuration errors, and threats; gain an overview of compliance with policies, controls, and standards
  • Flexible reporting options
    Produce high-level reports for executives and detailed analyses for IT managers; get comprehensive risk data on your entire infrastructure that includes drill downs and comparison reports by asset, policy, controls, and business unit
  • Compliance library
    Access a collection of pre-packaged regulations, policies, configuration standards, and industry best practices that make configuration and customization within your environment quick and easy
  • PolicyLab for compliance reporting
    Report compliance with established security standards like NIST, NSA, SANS and CIS benchmarks and regulatory policies like HIPAA, SOX, GLBA, and FISMA using PolicyLab™, our cost-effective custom policy-development environment
  • Integration with McAfee ePolicy Orchestrator® (ePO™)
    Aggregate network and asset data stored within ePO with the vulnerability data of McAfee Vulnerability Manager (formerly McAfee Foundstone®)for accurate and complete risk reporting; gain a comprehensive view of your risks to better prioritize remediation actions for your most important assets
  • Support for a wide range of security management solutions
    Take advantage of an array of solutions:
    • McAfee Vulnerability Manager
    • McAfee Policy Auditor
    • McAfee Remediation Manager
    • McAfee ePolicy Orchestrator
    • Open-source solutions
    • Third-party solutions

Testimonials

"PolicyLab gave us an automated way to enforce ready-made HIPAA security policy guidelines. We could easily determine compliance with established security standards and regulatory policies. It also gave us the tools we needed to automate security compliance reporting against not only HIPAA and SOX, but also our custom policies."

—Rob Ferrill, Director of Information Security

Description:

Your company has substantial investments in your existing proactive security systems. As you’re not likely to rip and replace these systems any time soon, you need to ensure you maximize their ROI. The trouble is, consolidating information from all these disparate sources take an inordinate amount of time and monopolizes precious human and IT resources.

Thanks to its open architecture, McAfee Risk and Compliance Manager automatically synthesizes security information from your existing security systems and serves it up in a variety of formats—from high-level dashboard views to detailed IT-focused reports. These aggregated views helps you identify and prioritize risks, address gaps, and demonstrate compliance to auditors, managers, your board of directors, shareholders, and customers.

By automating security data consolidation across your infrastructure, you can easily establish and implement effective, repeatable methodologies for your security risk management and compliance reporting processes. As a result of this automation, you reduce business risk while saving time, money, and resources.

Another advantage of Risk and Compliance Manager is the ability to audit both discrete network segments and the entire network on daily, weekly, monthly, or quarterly intervals—as well as on demand. Compare this with manual audits based on extrapolated findings, and you’ll see that you gain a much more accurate picture of actual business risk and opportunities for addressing them. You can also better prioritize your company’s security risks and exposure.

A key component of Risk and Compliance Manager is PolicyLab, our patent-pending policy development environment. PolicyLab allows you to input your corporate policies, edit pre-populated regulatory policies, and add your own administrative controls or manual audit tasks. This way, you’re better able to meet regulatory and corporate policies and save time, greatly improving overall compliance posture.

System Requirements:

Note: The following are minimum system requirements only. Actual requirements will vary depending on the nature of your environment.

Management Server (ESM Server) Appliance

Dell PowerEdge 1950 III 

  • Quad Core Xeon E5440, 2.83GHz, 1333MHz
  • 4GB RAM
  • 4x73 GB 10,000RPM 2.5" SAS Hard Drives in a RAID 5 configuration (3+1)
  • 1 Gigabit NIC
  • Redundant power supply with 2 cords
  • 1 CD-ROM drive
  • No operating system
  • Rack chassis with sliding rapid/versa rails and cable management arm.

Assessment Server Appliance

PowerEdge R200

  • Intel Core 2 Duo E4500, 2.2GHz, 2MB Cache,  800MHz FSB
  • 1 GB DDR2, 800MHz, 2x512MB
  • 1 80GB, Serial ATA 7,200 RPM Hard Drive
  • On-Board Dual Gigabit Network Adapter
  • 1 DVD-ROM Drive
  • No Operating System Configuration
  • Rack chassis with versarails