Technology

Scanning and Risk Assessment

Simple, effective, and affordable website security

When it comes to vulnerability outbreaks, the time between identification and infection is very short. Trying to keep your network up-to-date on your own is tedious, time consuming, and expensive. McAfee solutions are effective because we approach your site through the eyes of the bad guys. The core of our service is our comprehensive website scanner. Our daily, non-invasive vulnerability scan quickly identifies vulnerabilities that could let hackers in and put you at risk. Our discovery and scan processes mimic the ways in which hackers search for vulnerabilities they can exploit. McAfee has the resources to provide you with enterprise-class technology at an affordable price. And our globally recognized brand can help reassure your customers that you're making their site experience safer and more secure.

Over 80,000 Websites Use McAfee SECURE

Scanning

Port discovery
Accurately determining which ports on an IP address are open is a crucial first step to a comprehensive security audit. Our discovery technology is designed to map any network, no matter how complex or large. Unlike most scanning solutions based on Nmap, our advanced dynamic port scanning handles all targets, from desktop PCs to the most aggressive firewalls, IDS, and intrusion prevention systems.

Network discovery
Our advanced scanning technology is designed to reduce the difficulty of managing the security of large, complex public IP networks. It allows you to quickly and accurately discover, identify, and monitor network devices, find rogue devices or identify unauthorized services across any specified IP sub-net range. Our smart scan can even root out stealth techniques used to overcome IDS, scan blocking, and packet delays.

Network services vulnerability scan
Once the network is mapped, we thoroughly interrogate each service on every available port to determine exactly what software is running and how it is configured. We then match this to our vulnerability knowledge base which is updated every 15 minutes. This allows us to launch additional, service-specific tests.

Web applications vulnerability scan
Web application testing is a critical piece of the vulnerability scan because traditional security mechanisms such as firewalls and IDS provide little or no protection against attacks on your web applications. During this testing phase, all HTTP services and virtual domains are checked for the existence of potentially dangerous modules, configurations settings, CGIs, and other scripts, as well as default installed files. The website is then "deep crawled" including flash-embedded links and password-protected pages, to find forms and other potentially dangerous interactive elements. These are then exercised in specific ways to disclose any application-level vulnerabilities, such as code revelation, cross-site scripting, and SQL injection. Both generic and software-specific tests are performed to uncover misconfigurations and coding error vulnerabilities.

Content scan
McAfee also scans your downloadable files, registration forms, and outbound links for risk. Files are scanned for accidental infection by malware. Forms are tested using unique, one-time-use email addresses to see if form data is properly protected. Outbound links are tested against a massive database to ensure your site does not inadvertently link to a malicious website. These scans are based on a database that is referenced nearly three billion times per day by McAfee customers.

Portal



Configurable scanning
Along with the daily or quarterly audits required for McAfee trustmark or PCI certification, you can launch additional on-demand audits from the portal at any time. You can configure these manual audits at the device (port) and domain (protocol) level, and you can direct manual scans at new vulnerabilities to help speed remediation efforts and patch verification.  Also, you can use manual scans for "denial of service" and "full exploit" vulnerabilities. Scanning may be scheduled by individual device or device group. You can also define separate schedules for web application and port-level scans for each device.

Alerts
After each daily scan, the portal alerts you whenever a vulnerability has been discovered. These alerts — which include patch information for rapid remediation — are configurable by user, device group, and severity level and are sent by email. You also receive immediate, preemptive alerts when a device in your network was targeted by a newly discovered vulnerability. This notification significantly reduces your exposure time to this new vulnerability.

Devices and device groups across large networks
Our vulnerability management portal enables you to effectively manage vulnerability data for large networks by assigning any network device, device group, or IP address to one or more specific groups and then assign these groups to individual or grouped users. Using our device and vulnerability classification capabilities, individual devices or entire IP blocks can be easily sorted and grouped by vulnerability, device type, business function, geographic location, or other criteria, and then assigned to a user or user profile group. You can then use the system flexibility to drive audit schedules, alerting remediation activities and compliance reporting throughout your organization.

Multiple-user roles
We provide a hierarchical multi-user environment with role-based access, alerting, and reporting. These powerful user management capabilities enable delegation of vulnerability assessment and remediation tasks to multiple users with pre-assigned device-level audit access, while maintaining centralized control and reporting for the Security Manager. This functionality simplifies delegation and management of network security maintenance, facilitates enterprise-wide compliance reporting, and provides all levels of staff and management with appropriate and up-to-date security information.

 

 

Remediation

Analysis and remediation
Interactive tools and wizards enable you to easily manage vulnerability information. For example, vulnerabilities can be sorted by device group, severity, or effort-to-patch. Configurable device grouping allows expedited remediation planning, delegation, and patch management. Complete and detailed easy-to-follow patch instructions are provided within the vulnerability management portal. Links to more information, such as CVE, CERT, BugTraq, and vendor resources are also provided. When additional advice is needed, McAfee is ready with prompt, knowledgeable and courteous support staff.

Expert support
Whatever your technical question, or level of expertise, our experienced staff is there to support you. With the unprecedented experience of scanning thousands of network devices every day, we can quickly provide accurate and authoritative assistance.

Unlimited support
All McAfee SECURE customers receive unlimited online and email customer support. In addition, customers of our McAfee SECURE Service and McAfee Vulnerability Assessment SaaS receive unlimited telephone customer support during office hours (7 a.m. - 7 p.m. Pacific Time).

Your data
McAfee is annually certified to the PCI Level One security standard. Our entire portal infrastructure and all customer data is maintained within redundant, highly secure Tier One data centers with SAS-70 security certification, 24/7 onsite guards, and biometric access control. The portal resides behind high-availability firewalls and intrusion monitoring systems. In addition, each server runs a localized firewall and IDS/IPS on top of a uniquely customized, hardened Linux distribution OS. You can configure secure access to each user account with options for IP address restriction, private key authentication, and two factor single-use password authentication.

Certification

Conversion rate improvement
Let the McAfee SECURE trustmark help turn browsers into buyers.  The McAfee SECURE trustmark has shown to increase confidence in 87% of shoppers.*

Trusting the trustmark
Sites that use the McAfee SECURE Service must maintain their security status to be eligible to display the trustmark. The status of the trustmark can be quickly verified by clicking on the mark. McAfee SECURE trustmarks always link through to a verification page hosted on a McAfee domain.

*As measured by Harris Research in a May 2011 study conducted for McAfee

 

 

 

 

 

 

 

 

 

Effectiveness

Vulnerability knowledge base
We update the knowledge base continuously with tests for newly discovered vulnerabilities from sources worldwide. McAfee has more than 125 million customer nodes across the world that supply us a continuous stream of security information, providing between-scan proactive alerts and ensuring our customers are always alerted of the latest vulnerabilities affecting their network.

More accurate, less load
Our approach to vulnerability auditing enables us to perform more accurate audits with less of a load on your servers. It also enables us to run any single test or test phase on a target to detect changes, test specific ports or vulnerabilities, or run web application-only tests on multiple websites residing on a single server. Our activity does not disrupt your network operations.

Our network of scan appliances
Our network of distributed proprietary scanning servers, located in multiple data centers in North America, Europe, and Asia, allows us to reliably perform daily security audits for thousands of worldwide clients. Each scan appliance is controlled by our central knowledge base and vulnerability management system, allowing the most suitable appliance to be automatically assigned to each device under test.

 

 


Our Standard

The McAfee SECURE standard is an aggregate of industry best practices, designed to provide a level of security that an online merchant can reasonably achieve to help provide consumers with better protection when interacting with websites and online shopping.

  Vulnerabilities Identified Required for Certification
Security Risk McAfee SECURE PCI DSS McAfee SECURE PCI DSS
Scan Frequency Daily Quarterly Daily Quarterly
SQL Injection
Blind SQL Injection
SQL Database Error Disclosure
Local File and Remote File Includes
Directory Traversals
Improper Error Handling Optional
Application Source Code Disclosure
Authentication Bypass
Insufficient Session Expiration Optional
Command Injection
SSL Injection
Malicious CGI Scripts
Buffer Overflows
Client-Side Vulnerabilities Optional
Directory Indexing Optional
Server Misconfigurations Optional
SSL Encryption Optional
Malicious Downloads Ongoing   Ongoing  
Malicious Affiliations (Links) Ongoing   Ongoing  
Phishing Scams Ongoing   Ongoing  
Browser Exploits Ongoing   Ongoing  
Misuse of Personal Information Ongoing   Ongoing  
Annoyances (Excessive Popups) Ongoing

 

Ongoing