You thought securing your endpoints was tough. Fixed-function devices like ATMs, medical equipment, industrial control systems, multifunction printers, automotive and aeronautical systems, and point-of-sale (POS) systems such as cash registers, have their own innate security challenges. Many run legacy operating systems that are no longer supported by vendors, have restricted or no network connection, and function with limited CPU, memory, and available storage — a combination that makes installing traditional antivirus defenses and new security controls and patches difficult.
Yet, fixed-function devices still face many of the same threats that target your desktops, laptops, and networks, including zero-day attacks and other forms of malware. Additionally, many of these devices must prove compliance to industry regulations like PCI DSS.
Under the Security Connected framework, McAfee takes a three-pronged approach to securing fixed-function devices. In this solution guide, you’ll learn how implementing dynamic whitelisting, change management, and integrity monitoring solutions can block malware, ease compliance, and provide you better control over modifications made to systems, all while adapting to the resource constraints of fixed-function devices. With McAfee security, you can prevent system downtime, control costs, and ultimately extend the life of fixed-function devices.
McAfee integrates data and processes to make vulnerability management more effective and efficient. Our approach combines asset discovery and management, comprehensive vulnerability scanning, flexible reporting, and remediation workflows into a single vulnerability assessment solution.
The McAfee solution combines the advanced management and reporting features available within McAfee ePolicy Orchestrator (McAfee ePO) software with Rogue System Detection (a feature of McAfee ePO), and McAfee Vulnerability Manager.
The McAfee solution includes McAfee VirusScan Enterprise, McAfee Application Control, McAfee Change Control, and McAfee Policy Auditor. Each control can be implemented standalone and thus allows an easy entry with minimal dependencies.
McAfee protections for Industrial Control Systems overcome the risks and threats to manufacturing floor systems by instituting tight application and change controls over processes that can execute on the systems and limiting the risk of attacks entering from the corporate network. The solutions fit both the technical and business constraints of manufacturing floor environments.
The McAfee solution provides real-time protection against attacks on your DHCP servers through multiple levels of protection. McAfee VirusScan Enterprise, McAfee Application Control, and McAfee Change Control are deployed directly on the DHCP servers. In addition, McAfee Policy Auditor can be used to perform regularly scheduled security audits to ensure that security policies applied to the DHCP servers are always being enforced. McAfee ePolicy Orchestrator (McAfee ePO) connects all of these elements into a single management environment, so you can view status and monitor events within one console.
The McAfee solution provides real-time protection against attacks on your DNS Servers through deployment of McAfee VirusScan Enterprise, McAfee Application Control, and McAfee Change Control on your DNS Servers. In addition, McAfee Policy Auditor can perform regularly scheduled security audits to ensure that security policies applied to the DNS Servers are always being enforced.
Deploying McAfee Embedded Control (or McAfee Integrity Control with McAfee ePO) provides a way to ensure the software running on your POS devices is software that you approve and trust. When you are ready to update these systems and expand their features, you have a controlled, predictable production environment.
The McAfee products work in concert to proactively mitigate the risks to your domain controllers from malicious and unauthorized code execution, out-of-band configuration changes, and software updates that expose security holes.
With the McAfee solution, you can get the full value out of legacy OS machines while keeping them secure. The whitelisting approach uses less overhead, because it eliminates scanning and updating. The memory protection eliminates exploits on unpatchable machines. Change Control prevents corruption for any part of the system to assure uptime.
McAfee offers a suite of products that work together to protect medical device installations. These solutions can be tied together and integrated with other security and IT systems through the open platform of McAfee ePolicy Orchestrator (McAfee ePO) software.