McAfee Vulnerability Manager, with its McAfee Asset Manager feature, delivers unrivaled scalability and performance, actively or passively canvassing everything on your network. Now you can uncover devices hidden on your network as well as smartphones, tablets, and laptops that come and go between scheduled scans. What you haven’t been seeing or scanning will surprise you — and could be jeopardizing your compliance. Thousands of organizations rely on Vulnerability Manager to quickly find and prioritize vulnerabilities, with deployments ranging from a few hundred nodes to one continuously scanning more than four million IP addresses. If it has an IP address or is using your network, Vulnerability Manager can discover and assess it, automatically or on a schedule, revealing the compliance of all assets on your network.
Vulnerability Manager gives you:
Priority-based auditing and remediation — Combines vulnerability, severity, and asset criticality information to quickly identify, rank, and address violations and vulnerabilities on networked systems and devices.
Active and passive network protection — Combines active and passive network discovery and monitoring to reveal virtualized, mobile and hidden devices on your network.
Proof of “not vulnerable” — A major requirement of auditors is to prove that you’re not vulnerable to threats, which is a significant attribute of McAfee Vulnerability Manager.
New threat identification and correlation — Automatically ranks the risk potential of new threats by correlating events to your asset and vulnerability data.
Policy auditing and compliance assessments — Defines values of policy checks and determines whether your organization complies with major regulations. Through an easy-to-use wizard it gives you templates for SOX, FISMA, HIPAA, PCI, and more.
Flexible reporting — Categorizes data by asset or network, and uses powerful filters to select and organize results in your reports. You can even create reports while scans are running.
Broad and deep content coverage — Performs authenticated and unauthenticated checks, automatically updated 24/7 by McAfee Labs, the world’s top threat research center. This helps you delve deep into operating systems and network devices to find vulnerabilities and policy violations.
Conduct deep scans of web applications that allow you to know where to focus your coding efforts before hackers can exploit your business-critical data. The scans include required checks for PCI, as well as coverage of the 2010 OWASP Top 10 and CWE-25 categories.
Choose an all-in-one or custom install on your physical or virtual hardware or our hardened appliances; use existing LDAP, Active Directory, or McAfee ePolicy Orchestrator (ePO) asset management systems, or let the first scan discover your assets.
Through the combination of active and passive monitoring, penetration testing, authenticated scanning, and non-credentialed scanning, McAfee Vulnerability Manager accurately scans everything on your network making comprehensive vulnerability management simpler than ever before.
Save hours with SCAP support and predefined, up-to-date policy templates. Our extensive checks validate alignment to federal and regulatory requirements and write custom scripts and checks to test proprietary and legacy systems.
Certify to EAL Common Criteria and validate to FIPS-140-2 encryption. McAfee Vulnerability Manager includes templates for the most popular compliance templates and standards.
Go beyond ports and configurations to inspect systems, databases, and applications on all networked assets — from smartphones to secure servers.
Tailor your deployment, scans, reporting, and management consoles, regardless of whether you centralize or segregate your operations, with the speed required for even multimillion node networks.
Generate conclusive evidence — such as expected and actual scan results, any systems not scanned, and any failed scans — to document that specific systems are “not vulnerable,” an increasingly common audit requirement.
Leverage millions of sensors around the world that direct hundreds of McAfee Labs researchers to the latest changes in the threat landscape, fueling real-time risk assessments and threat advisories.
Vulnerability Manager Software
Deploy Vulnerability Manager as software on your own hardware or in a virtualized environment. Software deployment has the following minimum requirements:
Vulnerability Manager MVM3100 Appliance
Choose this purpose-built, hardened appliance for even faster, more effortless deployment. It includes all necessary software and an enterprise-grade database. Hardware deployment has the following minimum requirements:
See how McAfee Asset Manager easily detects the presence of a new smartphone on a wireless network and interacts with McAfee Vulnerability Manager to instantly scan the device.
Learn how McAfee Vulnerability Manager can continuously discover, evaluate, and monitor evolving risks from devices on your network.
Learn how McAfee Risk and Compliance products scan your entire network, providing complete visibility and ensuring proper protection.
This video introduces you to the new vulnerability check editing/creation feature in McAfee Vulnerability Manager.
This video shows you how to create a vulnerability check, looking for a software application version installed on a Windows machine.
For guidance on how to use this McAfee product, watch the Quick Tips video listed above.
This collection of Quick Tips videos details some of the key features of McAfee Vulnerability Manager, including custom reports, asset discovery, and remediation workflow.
McAfee Vulnerability Manager, with its McAfee Asset Manager feature, delivers unrivaled scalability and performance, actively or passively canvassing everything on your network.
ESG Labs conducted hands-on testing of the McAfee Vulnerability Manager MVM3100 Appliance Learn more about Vulnerability Manager’s ease of deployment, efficiency at scaling to large networks, and a sampling of observed vulnerabilities, with lessons for corporate security teams.
The McAfee Vulnerability Manager is a powerful appliance-based tool that provides vulnerability assessment, penetration testing and web application scanning along with rogue device detection and plug-in capability to LDAP (Lightweight Directory Access Protocol) and Microsoft Active Directory for asset management.
The Cologne Bonn Airport optimizes its IT security with McAfee SIEM solutions.
Arab National Bank, one of the largest banks in the Middle East, relies on McAfee data protection and endpoint security solutions to protect sensitive data across multiple locations and comply with financial regulations.
Bank Central Asia, a regional public bank in Indonesia, centralizes security management with McAfee ePolicy Orchestrator.
Leveraging the Security Connected strategy, the California Department of Corrections and Rehabilitation implemented SIEM, network IPS, data protection, and endpoint security solutions to secure its distributed IT environment over 37 locations.
Chicago protects its critical infrastructure with an integrated solution from McAfee, combining SIEM, endpoint, and network security.
Topics : Security Management, SIEM
Topics : Risk & Compliance, Security Management, SIEM
Topics : Risk & Compliance, Security Management, SIEM
Topics : Mobile Security
For a technical summary on the McAfee product listed above, please view the product data sheet.
The top 20 critical controls for effective cyberdefense.
A recent SANS survey provides an in-depth look at the primary industries adopting critical security controls and how they approach implementation.
Trust is no longer present when the privacy, integrity, and authenticity of our information is called into question. Learn how you can protect your company against attacks that attempt to exploit the BERserk vulnerability.
Attackers prey upon the institution of trust in many ways, with exploiting unsuspecting victims the primary pursuit. Learn how McAfee security technology can help protect against attacks seeking to abuse the trust your company has in its day-to-day operations.
McAfee Vulnerability Manager and Skybox Risk Exposure Analyzer (REA) combine to give customers an advanced solution to identify IT vulnerabilities, prioritize and evaluate security risks and attack scenarios, and mitigate critical risks before they cause harm.
McAfee spoke with SIEM users and asked them to tell us about their primary issues with SIEM. This brief lists the top five issues along with corresponding customer case studies and use cases.
The combination of McAfee Firewall Enterprise and Skybox Firewall Assurance, Skybox Network Assurance, and Skybox Change Manager continuously validate that your McAfee Firewall Enterprise solutions are optimally and securely configured to ensure continuous compliance, block unauthorized activity, and securely automate change management.
Learn how you can move to real-time vulnerability management with always-on discovery and integrated risk assessment.
McAfee Vulnerability Manager has a new web scanning capability, allowing you to discover, crawl, assess, report, and manage the vulnerabilities discovered in any number of internal or external web applications.
Prevari’s Technology Risk Manager (TRM) solution uses existing enterprise data combined with actuarial risk information to provide repeatable, quantitative, and predictive risk analytics.
Raytheon SureView integration with McAfee ePolicy Orchestrator (McAfee ePO) software enables governmental and commercial enterprises to deploy and seamlessly manage command and control of SureView clients across the entire organization through their existing infrastructure, allowing for speedy implementation and efficient management of an effective cyberaudit program.
RedSeal Vulnerability Advisor analyzes the results of McAfee Vulnerability Manager in the context of the network to prioritize vulnerabilities requiring attention and offer network mitigation options.
McAfee integrates data and processes to make vulnerability management more effective and efficient. Our approach combines asset discovery and management, comprehensive vulnerability scanning, flexible reporting, and remediation workflows into a single vulnerability assessment solution.
This white paper discusses virtual patching and how using predictive threat coverage, automated vulnerability scanning, and risk visualization is a scalable and cost-effective approach to protecting critical assets.
Critical Security Controls (CSCs) help organizations break down operational silos by providing a pragmatic blueprint detailing where to focus efforts to achieve the greatest results. This white paper maps the quick wins within the first five CSCs to associated McAfee products, services, and partner solution capabilities — all part of the Security Connected platform.
Learn how automating and integrating Vulnerability Management Activities can reduce the operational cost of vulnerability management.
Learn how network attacks can be avoided by utilizing a SIEM platform that combines historical data with real-time data from network sources and security policies to provide context around application usage, user behaviors, and other operations — for better, more accurate reporting.
The McAfee virtual patching solution provides a layered approach to security risk management, while adding the ability to apply a virtual patching strategy to your existing change-management process. It combines proven defenses and security insight with real-time Global Threat Intelligence to close the vulnerability window until patching can occur through your regular change-management processes.
By Kent Landfield, Director of Standards and Technology Policy, Intel Security, and Malcolm Harkins, Chief Security and Privacy Officer at Intel When the Administration released the Framework for Improving Critical Infrastructure Cybersecurity (the Framework) on February 12, 2014, many of us at Intel and Intel Security were familiar with the details, as we had participated […]
BYOD, BYOA, BYOx. The IT industry is full of acronyms depicting its constant evolution and relationship with the professional world. First came the devices; employees saw the power of personal devices and insisted on using them in the workplace. And so the consumerisation of IT was born. After the devices came the apps. Companies reported […]
There’s been a lot of talk about the value of public-private partnerships in moving the U.S. toward a more robust cyber security posture. And let’s be honest: there’s also been a lot of private sector skepticism about how much the Administration really believed in the concept or how much they would do to make it […]
McAfee is based in Silicon Valley, but we know there’s more to tech than California. We recently joined the National Institute of Standards and Technology to launch the National Cybersecurity Center of Excellence, a joint effort among high-tech business, federal, state and local government and local universities located in Rockville, Md. The goal of the […]
The post Five Factors That Make D.C. Region a Cybersecurity Hub appeared first on McAfee.
Nothing is as frustrating as when something goes wrong, especially when you have time constraints. NIST has just released Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations where a few notable items have been added to increase the confidence that security, practices, procedures and architectures of information systems […]