McAfee Data Exchange Layer (DXL) connects security technologies from multiple vendors through an open platform that builds deeper integration among products. The Intel® Security Innovation Alliance facilitates technology interoperability and streamlines the integration of security products. Innovation Alliance partners with McAfee DXL-ready solutions enable bi-directional threat information sharing that helps deliver immediate threat protection.
The following Innovation Alliance partners have integrated their solutions with McAfee DXL.
Avecto is a leader in Windows privilege management, helping organizations deploy secure and compliant desktops, laptops, and servers. Avecto’s Defendpoint solution is integrated onto DXL, receiving application reputation information from McAfee Threat Intelligence Exchange to inform application elevation and sandboxing configurations. This shared information reduces the risk of allowing potentially dangerous applications to run with elevated privileges. Avecto customers receive reports with timely updates to application reputation, a key factor in understanding the risk of application elevation and sandboxing policies that may prompt risk-based adjustments.
Boldon James software helps organizations with the most demanding communication requirements manage sensitive information securely and in compliance. Boldon James Classifier integrates with McAfee DXL, enhancing McAfee DLP and McAfee SIEM deployments. For example, using McAfee DXL, Classifier shares events in real time with McAfee Enterprise Security Manager (SIEM), which then monitors, correlates, and analyzes the classification and data handling actions of end users. This uncovers suspicious behavior and insider threats, and automatically launches remedial actions.
CloudHASH Security (InfoReliance) is an industry leader providing cybersecurity, software engineering, cloud computing, and IT support to the U.S. government. CloudHASH provides McAfee ePolicy Orchestrator and McAfee DXL with integrated capabilities for incident response, APT and polymorphic malware hunting, vulnerability remediation, compliance, and asset discovery. When CloudHASH Security Signatures trigger an event, it can be tagged with an action of “Quarantine,” sending out a message over McAfee DXL to all listening devices.
CloudHASH also interacts with ForeScout CounterACT when a threat or infection is detected, sending a message across McAfee DXL to ForeScout CounterACT. Machines with a suspected threat can be quarantined and disconnected from the network, while the incident is investigated. Once remediated, ForeScout CounterACT receives a message via McAfee DXL to remove the machines from quarantine and restore network access.
TITUS is a leading provider of security and compliance software that helps organizations share information securely while meeting policy and compliance requirements. When important data usage events occur, such as the printing or downgrade of classified documents, an event is triggered and shared over McAfee DXL to all listening devices. This shared information helps organizations identify contextual user behavior to uncover insider threats, identify employees who may need additional training, and most importantly, identify potential data leaks out of the organization.
TrapX is a leader in the delivery of deception-based cybersecurity defense with solutions that rapidly detect and defend against new zero-day and APT attacks in real time. Its DeceptionGrid solution automates the deployment of network-camouflaged malware traps that are intermingled with IT resources. Integration with McAfee DXL enables DeceptionGrid to work with McAfee Threat Intelligence Exchange, providing actionable threat information that drives quicker identification of advanced threats and remediation.