Intelligence-Driven Response

Real-time automated and human decision, detection, and analysis systems for resilient cyberdefense

Next Steps:

Chat with McAfee
Ready to make a purchase or have questions before you buy? Chat with a McAfee expert. Available Monday to Friday.
Find a Reseller
Contact Me
Call: 1-888-847-8766

Overview
Key Benefits
Products
Services
Partner Solutions
Resources
Community

Overview

Speed of response and efficient allocation of resources are essential to mission assurance. Intelligence-driven response helps government enterprises combat today’s threats and maintain service availability as cyberattacks become more stealthy and persistent. Operationalizing these fundamental systems and processes enhances speed, visibility, and accuracy while directing resources for the most efficiency and impact.

Broad and deep visibility into the anatomy of each attack — McAfee detection and analysis solutions provide visibility across the kill chain, from endpoints to the data center. Multiple forms of inline and out-of-band traffic analysis validate suspicious events quickly. As you discover and identify malicious actions and intrusion indicators, McAfee helps you capture and leverage that knowledge to prevent or disrupt in-process events or speed detection in the future.

Rapid, prioritized responses — The McAfee decision framework integrates rich analytical insights into a centralized intelligence exchange and workflow for discovery, prevention, detection, analysis, impact assessment, and response. External threat intelligence is enhanced with local threat intelligence gathered from sensor grids throughout your network and correlated with contextual data. This system drives rapid, prioritized mitigation or remediation by systems and staff. Where possible, policies launch automated responses by McAfee preventative controls at endpoints, network gateways, and data centers to reduce the attack surface and potential impact. Precious intelligence staff can direct their time to the most egregious and insidious events.

Essential to a cyber resilience strategy — McAfee helps integrate tailored and timely incident analysis and response with enterprise IT and strategic decision frameworks. Your defense enterprises can incorporate speed, efficiency, and visibility throughout critical incident management processes and develop measurable points of success.

Key Benefits

Adapt analysis to your network for maximum protection
Detect and analyze the varied attacks facing government environments: client-side exploitation and web-borne malware attacks on unrestricted Internet-facing networks; insider threats and data breaches on restricted and classified networks; and denial of service, privilege escalation, and rogue devices threatening data center security.
Design intelligence in to maintain resilience
Build a data strategy that provides visibility in depth and integrates real-time intelligence from both global and local sources for a threat-vector and environment-aware strategy. Integrate with traditional IT systems and decision frameworks like CyberScope and HP Secure Boardroom to support defense enterprise strategic processes. Support machine-to-machine data collection and exchange for real-time continuous monitoring that allows systems and people to learn while protecting.
Seek the persistent adversary
Establish visibility in depth throughout the kill chain — reconnaissance through exfiltration — and on both host and network; normalize data and validate suspicious events quickly by applying multiple analytical techniques to the same content.
Evolve without pain
Integrate extra analysis capability without a forklift upgrade in sensor hardware; use the McAfee decision framework as an integration point for multiple information domains and partner solutions.
Act with intelligence
Incorporate intelligence and context from both global and local sources to rapidly characterize the data and determine the most appropriate intervention, mitigation, or remediation. Once an attack is confirmed and contained, intelligence gained from the root analysis is used to find and clean affected hosts anywhere on the network, update prevention systems, and create watchlists to identify future or historical incidents.
Learn as you go
Capture intelligence from attempted intrusions and leverage that knowledge to prevent new events or speed detection of indicators in the future.
Report, measure, and evaluate easily
Centralize reporting for better metrics and accountability; use McAfee SIEM to develop incident response metrics that measure the performance of the program and align with operational requirements to determine mission impact.

Products

Endpoint Protection

McAfee Application Control

McAfee Application Control software provides an effective way to block unauthorized applications and code on servers, corporate desktops, and fixed-function devices. This centrally managed whitelisting solution uses a dynamic trust model and innovative security features that thwart advanced persistent threats — without requiring signature updates or labor-intensive list management.

McAfee Endpoint Protection — Advanced Suite

McAfee Endpoint Protection — Advanced Suite delivers proactive anti-malware protection, access control, and centralized policy-based management to keep your assets safe and compliant.

McAfee Global Threat Intelligence Proxy

McAfee Global Threat Intelligence Proxy (McAfee GTI Proxy) enables McAfee VirusScan Enterprise nodes to perform McAfee GTI file reputation queries from within the enterprise network — without requiring direct access to the public McAfee cloud.

McAfee Host Intrusion Prevention for Desktop

McAfee Host Intrusion Prevention for Desktop helps keep your business safe and productive by monitoring and blocking unwanted activity with a comprehensive three-part threat defense — signature analysis, behavioral analysis, and system firewall — all easily managed from one central console, the McAfee ePolicy Orchestrator (ePO) platform.

Network Security

McAfee Network Security Platform

McAfee Network Security Platform is the industry’s leading next-generation network intrusion prevention system. It protects network-connected devices against advanced, targeted attacks through a combination of sophisticated defenses, including full stack inspection, protocol anomaly detection, advanced behavior analytics, and reputation-based analysis. It delivers integrated visibility and control of over 1,100 network-based applications. It provides hypervisor-aware Intrusion prevention, supports live migration of virtual machines, and scales up to 80 Gbps to meet the performance needs of the world’s most demanding networks.

McAfee Threat Behavior Analysis

McAfee Network Threat Behavior Analysis analyzes traffic for network security threats coming from inside your network, including malicious behavior and unusual host interactions. Working with McAfee’s network intrusion prevention platform, Network Threat Behavior Analysis can positively identify bots, worms, spam, and reconnaissance attacks. A single device combines NetFlow feeds with rich Layer 7 data from throughout the network to provide a unified view of network security threats.

McAfee Network Threat Response

McAfee Network Threat Response is a network security solution that specializes in finding that single, all-important security threat: the attack that gets inside the network itself. Network Threat Response is a framework of next-generation detection engines specializing in thwarting advanced persistent threats (APTs), and prioritizes and presents only those security threats that require investigation — cutting analysis time from weeks to minutes.

SIEM

McAfee Enterprise Security Manager

McAfee Enterprise Security Manager provides the speed and rich context required to identify critical threats, respond quickly, and easily address compliance requirements. Continuous global threat and enterprise risk feeds deliver adaptive and autonomous risk management, allowing remediation of threats and compliance reporting in minutes instead of hours.

McAfee Global Threat Intelligence

Built for big security data, McAfee Global Threat Intelligence for Enterprise Security Manager (ESM) puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent Security Information and Event Management (SIEM).

Services

McAfee Malware Forensics and Incident Response Training

IT professionals charged with protecting the environment can be overwhelmed, ignoring malware attacks or mistakenly diagnosing them as system or network problems. McAfee Foundstone Consulting’s Malware Forensics and Incident Response Education (MFIRE) course is a comprehensive technically oriented course that enables you to respond to malware incidents successfully and reinforce your security posture. In this course, you’ll learn techniques to identify, respond to, and recover from malware incidents.

Malware Analysis as a Service

Online subscription service is available for malware analysis.

Partner Solutions

HB Gary

HBGary specializes in developing advanced computer analysis products to detect, diagnose, and respond to advanced malware, targeted threats, and other cybercrime activities.

Solera Networks

Solera Networks delivers a high-speed network monitoring and forensics platform for complete network capture, classification, indexing, visualization, and reconstruction of any network event.

Resources

Solution Briefs

McAfee Solutions for Computer Emergency Response Teams

Computer Emergency Response Team (CERT) organizations perform critical incident analysis and handling and information dissemination in support of government, law enforcement, critical infrastructure, and other public sector customers. McAfee understands this mission and offers a number of products and services that enable the core missions of international CERT groups.

See Network Threats to Prevent Future Attacks

Solera Networks, a platform for network security analytics, provides full context to any security event identified by the McAfee Network Security Platform.

Law Enforcement Solutions

McAfee understands cybercrime investigation and offers a number of products and services to enable law enforcement investigators.

Real-time Threat Detection for Defense in Depth and Information Assurance

McAfee delivers comprehensive network intrusion prevention to protect the Army's network.

Identify Sensitive Data and Prevent Data Leaks

The interoperability between TITUS Document Classification software and McAfee Data Loss Prevention (DLP) further reduces your risk of data loss by capturing end users’ inherent knowledge about the sensitivity of documents and making that information available to McAfee host and network-based DLP as visual classification labels and corresponding metadata.

Brochures

Security Connected for the Public Sector

Through its optimized, connected security architecture and global threat intelligence, learn how McAfee delivers security that addresses the needs of the military, civilian government organizations, critical sectors, and systems integrators.

Security Connected Reference Architecture

Operationalize Intelligence-Driven Response

Learn about the three frameworks required for intelligence-driven response to be effective — decision, detection, and analysis.

Achieve Resilient Cyber-Readiness

Learn about the three cyber-readiness solution requirements: continuous asset intelligence, risk assessment across IT and operational assets, and integration with computerized decision support systems.

Achieve Continuous Monitoring

Continuous monitoring is a network lifestyle for greater resilience. It requires a shift in mindset, from reaction and documentation to proactive, data-centric, risk-based action.

Counter Stealth Attacks

The most menacing type of cyberattack is invisible. Using sophisticated techniques to hide its presence, a stealth attack may operate outside of the OS or move dynamically across endpoints to conceal the attackers’ actions. The risk to enterprises is real, with high-profile attacks such as Operation High Roller impacting companies around the globe. Traditional antivirus or intrusion prevention systems are no match for this new breed of attack; instead, enterprises need layered security controls that work together to detect the presence and actions of stealthy malware and attackers.

Protecting Information

There are several solutions for protecting information that offer the added benefit of reducing costs and complexity.

Protecting Information from Insider Threats

There are a number of scenarios that can spawn from insiders, but information theft is squarely the primary issue.

Protecting the Data Center

The data center operations team is being tasked with responsibilities from building solutions for continuous compliance and virtualization to consolidation and leveraging the cloud.

Assess Your Vulnerabilities

For efficient vulnerability assessment, it is necessary to step beyond point products and disparate tools and integrate vulnerability assessment into a broader enterprise workflow. An ideal solution combines the following capabilities into a cohesive framework: asset discovery and management, comprehensive vulnerability scanning, flexible reporting, and remediation workflows into a single vulnerability assessment solution.

Achieve Situational Awareness

To attain situational awareness, your organization must break down technical walls that keep teams and critical data separated. You must allow the decision makers managing your risk to see not only your internal infrastructure as a whole, but see beyond your perimeter to external actors, external dependencies, and all associated threats.

Look Inside Network Traffic

The McAfee solution has two primary components: McAfee Firewall Enterprise and McAfee Network Security Platform. The McAfee Firewall and the IPS appliance both have add-on features that can optimize your visibility into the network. McAfee SIEM and other optional products help extend visibility and analytics to more aspects of network traffic.

Protect Your Databases

The McAfee approach to database security monitors database activity and changes, offers protected auditing tools, enables virtual patching to avoid database downtime, and provides compliance and regulatory templates.

Protect Your File Servers

File servers hold sensitive data and require security controls that guard against data-stealing malware and unauthorized system changes. McAfee protects file servers with a solution that includes antimalware and antivirus protection, change monitoring and enforcement, dynamic whitelisting, network intrusion protection, and data loss prevention.

Forums

No results found

Blogs

Continuous Monitoring at GFIRST (Part 2)
Archive - August 23, 2012
Yesterday I blogged about a presentation I gave at GFIRST in Atlanta, Georgia where I demonstrated a number of application and database attacks and referenced how this is extremely relevant to Continuous Monitoring (CM) for federal agencies. McAfee’s Approach to Continuous Monitoring Risk Awareness Risk awareness across all subsystems enables agencies to understand real-time activities Read more...
Continuous Monitoring at GFIRST (Part 1)
Archive - August 22, 2012
At GFIRST in Atlanta, Georgia, I just gave an application and database hacking demonstration. I demonstrated various attacks such as: SQL Injection XSS Session Hijacking Parameter Tampering Database Protocol Hacking I also gave a demonstration of a targeted Phishing attack that brought together Metasploit, Stuxnet, Bit.ly, Facebook…oh, and Cameron Diaz. These demonstrations were meant Read more...
Meeting with the Pennsylvania Department of Community and Economic Development
Archive - August 16, 2012
A team from the Pennsylvania Governor Tom Corbett’s Department of Community and Economic Development recently joined us in Silicon Valley at McAfee HQ to discuss information security. Overall, state governments are taking a more proactive stance as is relates to information security; this is a welcome and much needed trend. One of topics we discussed Read more...
10 Days of Rain in Korea
Archive - July 05, 2011
On March 4th of this year, exactly 20 months to the day of a similar incident on US Independence Day in 2009, a botnet based out of South Korea launched Distributed Denial of Service (DDoS) attacks against 40 sites affiliated with South Korean government, military and civilian critical infrastructure as well as U.S. Forces Korea Read more...
My Recent Travels to Italy and Spain
Gert Jan Schenk - May 19, 2011
Recently I have been meeting with customers and resellers throughout Italy and Spain and it was interesting to hear that their needs from a security partner are very similar to those from the other countries I have recently visited. I have started to see strong interest in the McAfee DLP, Database Protection and Encryption technologies Read more...

View All