Stealth attacks use sophisticated techniques to hide and may operate outside of the OS or move dynamically across endpoints to conceal the attackers’ actions. Most companies have porous networks with many Internet-connected devices that can serve as entry points to such attacks, overwhelming traditional antivirus or intrusion prevention systems.
The Security Connected approach from McAfee helps companies implement layered security controls that block, detect, and defeat stealth attacks. This solution guide provides an overview of the tools and controls that stop stealth attacks in real time; minimize manual correlation and response time; facilitate rapid threat detection; generate contextually relevant alerts to provide more precise incident response; and reduce remediation, forensic, and legal costs.
The McAfee solution has two primary components: McAfee ePolicy Orchestrator (McAfee ePO) software and McAfee Enterprise Security Manager, with additional integrations to extend visibility and control across the entire security and compliance management environment.
McAfee integrates data and processes to make vulnerability management more effective and efficient. Our approach combines asset discovery and management, comprehensive vulnerability scanning, flexible reporting, and remediation workflows into a single vulnerability assessment solution.
The McAfee solution is multifaceted, integrated, and built on the real-time sharing of information.
McAfee endpoint security solutions provide a layered defense to protect PCs, providing antimalware and antivirus defenses, encryption, access control, and safe web browsing features.
McAfee fights rootkits by using real-time memory and CPU protection, protecting against known and unknown attacks, and getting beneath the operating system.
McAfee enables enterprises to collect, analyze, and preserve security forensic information. With a solution that includes content- and context-aware SIEM, McAfee provides alerts to security events, as well analysis on how the attacked occurred, affected users, and compromised data — so you can better understand the severity of a security breach.
The McAfee solution has two primary components: McAfee Firewall Enterprise and McAfee Network Security Platform. The McAfee Firewall and the IPS appliance both have add-on features that can optimize your visibility into the network. McAfee SIEM and other optional products help extend visibility and analytics to more aspects of network traffic.
While waking systems to scan and providing remote repair capabilities seem like very different issues, they are both solved through McAfee integration with Intel® vPro® Active Management Technology (Intel AMT). Leveraging the McAfee ePolicy Orchestrator (McAfee ePO) agent and centralized management environment, McAfee ePO Deep Command runs on desktops and laptops with the second generation Intel Core™ i5 and i7 vPro technologies.
McAfee safeguards mission-critical application servers with a security solution that protects against malware, vulnerabilities, and exploits; enforces change management processes; prevents the installation of unauthorized applications; and manages compliance.
The McAfee approach to database security monitors database activity and changes, offers protected auditing tools, enables virtual patching to avoid database downtime, and provides compliance and regulatory templates.
McAfee products provide a multi-layered email security solution managed by a single console for the visibility and control needed to effectively protect against emerging email threats.
File servers hold sensitive data and require security controls that guard against data-stealing malware and unauthorized system changes. McAfee protects file servers with a solution that includes antimalware and antivirus protection, change monitoring and enforcement, dynamic whitelisting, network intrusion protection, and data loss prevention.
McAfee protects the network perimeter with a solution that integrates firewall and network intrusion prevention. It effectively inspects inbound traffic at the network edge; leverages real-time file and network connection reputation data from McAfee Global Threat Intelligence; enforces policies; implements comprehensive antivirus, antispam, and encryption technologies; and inspects for emerging malware, zero-day attacks, botnets, denial-of-service attempts, and advanced targeted attacks.
McAfee solutions will help you understand your web server infrastructure and protect each web server against the vulnerabilities, attacks, and threat agents that could disrupt it.
The McAfee solution provides real-time protection against attacks on your DHCP servers through multiple levels of protection. McAfee VirusScan Enterprise, McAfee Application Control, and McAfee Change Control are deployed directly on the DHCP servers. In addition, McAfee Policy Auditor can be used to perform regularly scheduled security audits to ensure that security policies applied to the DHCP servers are always being enforced. McAfee ePolicy Orchestrator (McAfee ePO) connects all of these elements into a single management environment, so you can view status and monitor events within one console.
The McAfee solution provides real-time protection against attacks on your DNS Servers through deployment of McAfee VirusScan Enterprise, McAfee Application Control, and McAfee Change Control on your DNS Servers. In addition, McAfee Policy Auditor can perform regularly scheduled security audits to ensure that security policies applied to the DNS Servers are always being enforced.
Provide effective security for laptops. McAfee protects laptops with a solution that integrates antimalware, data loss prevention, data protection, safe web browsing features, and complete visibility and control that enables IT to deploy security updates on laptops, regardless of the Internet connection.