McAfee Vulnerability Manager

McAfee Vulnerability Manager

Real-time asset detection, risk-based scanning, and performance combine for continuous asset monitoring

Next Steps:

Overview

McAfee Vulnerability Manager, with its McAfee Asset Manager feature, delivers unrivaled scalability and performance, actively or passively canvassing everything on your network. Now you can uncover devices hidden on your network as well as smartphones, tablets, and laptops that come and go between scheduled scans. What you haven’t been seeing or scanning will surprise you — and could be jeopardizing your compliance. Thousands of organizations rely on Vulnerability Manager to quickly find and prioritize vulnerabilities, with deployments ranging from a few hundred nodes to one continuously scanning more than four million IP addresses. If it has an IP address or is using your network, Vulnerability Manager can discover and assess it, automatically or on a schedule, revealing the compliance of all assets on your network.

Vulnerability Manager gives you:

Priority-based auditing and remediation — Combines vulnerability, severity, and asset criticality information to quickly identify, rank, and address violations and vulnerabilities on networked systems and devices.

Active and passive network protection — Combines active and passive network discovery and monitoring to reveal virtualized, mobile and hidden devices on your network.

Proof of “not vulnerable” — A major requirement of auditors is to prove that you’re not vulnerable to threats, which is a significant attribute of McAfee Vulnerability Manager.

New threat identification and correlation — Automatically ranks the risk potential of new threats by correlating events to your asset and vulnerability data.

Policy auditing and compliance assessments — Defines values of policy checks and determines whether your organization complies with major regulations. Through an easy-to-use wizard it gives you templates for SOX, FISMA, HIPAA, PCI, and more.

Flexible reporting — Categorizes data by asset or network, and uses powerful filters to select and organize results in your reports. You can even create reports while scans are running.

Broad and deep content coverage — Performs authenticated and unauthenticated checks, automatically updated 24/7 by McAfee Labs, the world’s top threat research center. This helps you delve deep into operating systems and network devices to find vulnerabilities and policy violations.

2014 ESG Lab Review: McAfee Vulnerability Manager Earns Strong Evaluation
Download McAfee Asset Manager Free Trial
Gartner MarketScope for Vulnerability Assessment: McAfee rated Strong Positive

Features & Benefits

Drill deep into web applications

Conduct deep scans of web applications that allow you to know where to focus your coding efforts before hackers can exploit your business-critical data. The scans include required checks for PCI, as well as coverage of the 2010 OWASP Top 10 and CWE-25 categories.

Start scanning within minutes

Choose an all-in-one or custom install on your physical or virtual hardware or our hardened appliances; use existing LDAP, Active Directory, or McAfee ePolicy Orchestrator (ePO) asset management systems, or let the first scan discover your assets.

Pinpoint vulnerabilities and policy violations with the highest level of precision

Through the combination of active and passive monitoring, penetration testing, authenticated scanning, and non-credentialed scanning, McAfee Vulnerability Manager accurately scans everything on your network making comprehensive vulnerability management simpler than ever before.

Use comprehensive and customizable content for checks and reports

Save hours with SCAP support and predefined, up-to-date policy templates. Our extensive checks validate alignment to federal and regulatory requirements and write custom scripts and checks to test proprietary and legacy systems.

Meet demanding federal and industry requirements

Certify to EAL Common Criteria and validate to FIPS-140-2 encryption. McAfee Vulnerability Manager includes templates for the most popular compliance templates and standards.

Gain unmatched vulnerability coverage, scanning accuracy, and malware protection

Go beyond ports and configurations to inspect systems, databases, and applications on all networked assets — from smartphones to secure servers.

Increase flexibility and performance

Tailor your deployment, scans, reporting, and management consoles, regardless of whether you centralize or segregate your operations, with the speed required for even multimillion node networks.

Prove “not vulnerable” to threats

Generate conclusive evidence — such as expected and actual scan results, any systems not scanned, and any failed scans — to document that specific systems are “not vulnerable,” an increasingly common audit requirement.

Respond to threats via McAfee Global Threat Intelligence

Leverage millions of sensors around the world that direct hundreds of McAfee Labs researchers to the latest changes in the threat landscape, fueling real-time risk assessments and threat advisories.

System Requirements

Vulnerability Manager Software
Deploy Vulnerability Manager as software on your own hardware or in a virtualized environment. Software deployment has the following minimum requirements:

  • Hardware
    • CPU: x86 multi-core, 2 GHz or higher (quad-core recommended)
    • RAM: 2 GB minimum (4 GB recommended)
    • Disk space: 80 GB minimum (200 GB for database)
  • Virtual host
    • VMware Virtual Infrastructure 3, vSphere (ESX/ESXi)
    • VMware Workstation
  • Operating system
    • Microsoft Windows 2003 Server (32-bit) with Service Pack 2 (SP2) or higher
  • Database
    • Microsoft SQL Server 2005 with SP2 or higher (any edition)
    • All SQL hotfixes and patches

Vulnerability Manager MVM3100 Appliance
Choose this purpose-built, hardened appliance for even faster, more effortless deployment. It includes all necessary software and an enterprise-grade database. Hardware deployment has the following minimum requirements:

  • Hardware
    • 1U rack mount chassis
    • Quad-core Xeon
    • 4 GB RAM
    • 2 x 500 GB RAID 1
    • Redundant power supplies
    • Lights-out management
    • 4 GbE scanning ports (VLANs supported)

Demos / Tutorials / Videos

Demos

See how McAfee Asset Manager easily detects the presence of a new smartphone on a wireless network and interacts with McAfee Vulnerability Manager to instantly scan the device.

Learn how McAfee Vulnerability Manager can continuously discover, evaluate, and monitor evolving risks from devices on your network.

Learn how McAfee Risk and Compliance products scan your entire network, providing complete visibility and ensuring proper protection.

Tutorials

This video introduces you to the new vulnerability check editing/creation feature in McAfee Vulnerability Manager.

This video shows you how to create a vulnerability check, looking for a software application version installed on a Windows machine.

For guidance on how to use this McAfee product, watch the Quick Tips video listed above.

This collection of Quick Tips videos details some of the key features of McAfee Vulnerability Manager, including custom reports, asset discovery, and remediation workflow.

Videos

McAfee Vulnerability Manager, with its McAfee Asset Manager feature, delivers unrivaled scalability and performance, actively or passively canvassing everything on your network.

Awards / Reviews

Scanning One Million IP Addresses with McAfee Vulnerability Manager

ESG Labs conducted hands-on testing of the McAfee Vulnerability Manager MVM3100 Appliance Learn more about Vulnerability Manager’s ease of deployment, efficiency at scaling to large networks, and a sampling of observed vulnerabilities, with lessons for corporate security teams.

Gartner MarketScope for Vulnerability Assessment

"McAfee Vulnerability Manager provides agentless security configuration assessment, plus integration with the agent-based McAfee Policy Auditor, with coverage of DISA STIG, NSA, FDCC, and CIS controls. McAfee Vulnerability Manager has flexible asset management, remediation reporting, and workflow capabilities."

McAfee Vulnerability Manager Product Review

In an independent evaluation conducted by S3KUR3 Inc., McAfee Vulnerability Manager was assessed as "No other solution combines the flexibility, comprehensive scanning, and powerful remediation capabilities in a single package."

SC Magazine Best Buy
Vulnerability Manager Rated Best Buy by SC Magazine

The McAfee Vulnerability Manager is a powerful appliance-based tool that provides vulnerability assessment, penetration testing and web application scanning along with rogue device detection and plug-in capability to LDAP (Lightweight Directory Access Protocol) and Microsoft Active Directory for asset management.

Customer Stories

Abtran

McAfee security risk management solutions help Abtran meet clients’ increasing security requirements.

Highlights
  • Provided multiple layers of security risk management protection for Abtran’s clients
  • Reduced IT hours spent supporting, administering, and monitoring endpoint security
  • Cut time to produce weekly security reports from three or four hours to less than two minutes
  • Migrated easily and seamlessly from existing anti-virus solutions

Alcatel-Lucent Shanghai Bell

Alcatel-Lucent Shanghai Bell uses McAfee Network Security Platform to secure 100 Mbps to 10 Gbps corporate networks against threats and attacks.

Highlights
  • Increased identification and interception of up to 99% of the threats
  • Improved the work efficiency and allowed the information security and network departments to cooperate with each other in monitoring security threats and risks

Arab National Bank

Arab National Bank uses McAfee ePolicy Orchestrator (ePO) software to manage endpoint protection across 5,500 endpoints.

Highlights
  • Reduces manpower required to manage endpoint security from six people to two
  • Accelerates deployment of data loss protection—70 percent faster than competitive solutions faster than competitive solutions
  • Cuts administrative reporting from several days to minutes
  • Saves $152,000 in reduced manual intervention, thanks to integration with third-party security solutions

Bank Central Asia

Bank Central Asia achieves compliance and saves time with McAfee ePO Software.

Highlights
  • Eased compliance with internal and industry regulations
  • Saved time through centralized management
  • Provided protection to computers, network, and data through integrated solutions

Cardnet

Cardnet eliminates malware infections with comprehensive network, email, and endpoint security from McAfee.

Highlights
  • Total absence of known infections of any kind
  • Protected the entire IT infrastructure
  • Maintained IT security with a staff of three, versus 20 or more if the McAfee suite was not in place

CEMEX

CEMEX relies on McAfee to find system vulnerabilities and prevent data loss.

Highlights
  • Discovered and assessed systems vulnerabilities
  • Provided in-depth visibility regarding network assets
  • Reduced vulnerability false positives by 80%
  • Saved IT hours each week thanks to easy-to-use reports and minimal false positives
  • Prioritized threat response

Citrix Systems

Citrix reduces risk with McAfee’s integrated security risk management platform.

Highlights
  • Deployed quickly and easily, saving $40,000 in deployment costs
  • Reduced incident response rate by 40% and overall TCO of security risk management
  • Dramatically eased security administration and accelerated patch deployment
  • Reduced remediation time by 70%

Dongfeng Nissan Passenger Vehicle Co., Ltd.

With robust integration features built into ePO, users can handle data events and achieve stronger monitoring and control easily and quickly through the platform.

Highlights
  • Protected intellectual property

DSM

DSM enlists McAfee to strengthen enterprise network security control and compliance.

Highlights
  • Provided full visibility into network traffic and connected systems
  • Simplified patch management
  • Improved compliance with regulations and policies
  • Increased efficiencies for significant cost savings

HCF

HCF gets comprehensive anti-malware protection and streamlined security management with McAfee.

Highlights
  • Smooth implementation
  • Easy identification of vulnerable areas
  • Meaningful reports for IT administrators who are only advised about attacks that are relevant to the environment
  • Enabled automatic enforcement of security policies; ensuring network integrity
  • Automation of patch management freed up IT staff to focus on strategic work

Idaho State Tax Commission

Idaho State Tax Commission chooses McAfee to embed security in a new network infrastructure.

Highlights
  • Identified vulnerabilities and blocked threats
  • Delivered reliable endpoint protection
  • Enabled compliance with National Institute of Standards and Technology (NIST) security guidelines
  • Provided support for the commission’s defense-in-depth security strategy
  • Helped increase security awareness among network users

Integral Energy

Integral Energy proactively assesses and manages vulnerabilities with McAfee Vulnerability Manager.

Highlights
  • Discovered and assessed system vulnerabilities quickly and accurately
  • Enabled threat prioritization and proactive, informed decision making
  • Provided in-depth visibility regarding network assets
  • Facilitated compliance with ISO 27001 standard

Intelsat

Intelsat trusts McAfee to protect user and network devices globally.

Highlights
  • Protected a diverse environment from internal and external threats, including the inherent risks of a fluctuating population of 250 to 500 contractors
  • Managed the entire server system with 1.5 full-time employees (FTEs)
  • Reduced solution cost by 75% over a la carte purchases from separate vendors
  • Standardized a security environment that previously required five vendors
  • Complied with regulations, including SOX, HIPAA, and Department of Defense (DoD)

Volvo Group

Volvo Group uses McAfee for for worldwide vulnerability management.

Highlights
  • Delivered vulnerability management to a global network that spans over 180 countries
  • Scans more than 100,000 nodes
  • Protected 14 large data centers and 5,500 servers
  • Combined vulnerability, asset, and countermeasure information
  • Provided agentless policy compliance auditing
  • Enabled Volvo to write custom scans and maintain data securely within the organization

Xinjiang Mobile

Xinjiang Mobile's comprehensive assessment of data protection products in the market lead them to choose and deploy McAfee’s solution.

Highlights
  • Keeps data in Xinjiang Mobile’s core network safe and free from risks of financial loss, brand damage, lost customers, competitive disadvantage and other risk factors
  • Tightens management and control of removable media and ensures security of corporate data

News / Events

Resources

Data Sheets

McAfee Vulnerability Manager

For a technical summary on the McAfee product listed above, please view the product data sheet.

Reports

Gartner MarketScope for Vulnerability Assessment

McAfee receives the highest possible rating of "Strong Positive" in the latest MarketScope for Vulnerability Assessment (VA) where VA vendors compete on management features, configuration assessment, price, reporting, and integration with other security products.

Solution Briefs

Prioritize and Remediate Critical Risks Found by McAfee Vulnerability Manager

McAfee Vulnerability Manager and Skybox Risk Exposure Analyzer (REA) combine to give customers an advanced solution to identify IT vulnerabilities, prioritize and evaluate security risks and attack scenarios, and mitigate critical risks before they cause harm.

SIEM: Five Requirements that Solve the Bigger Business Issues

McAfee spoke with SIEM users and asked them to tell us about their primary issues with SIEM. This brief lists the top five issues along with corresponding customer case studies and use cases.

Ensure Compliance and Automate Change Management of McAfee Enterprise Firewalls

The combination of McAfee Firewall Enterprise and Skybox Firewall Assurance, Skybox Network Assurance, and Skybox Change Manager continuously validate that your McAfee Firewall Enterprise solutions are optimally and securely configured to ensure continuous compliance, block unauthorized activity, and securely automate change management.

Continuous, Comprehensive Monitoring

Learn how you can move to real-time vulnerability management with always-on discovery and integrated risk assessment.

Scanning Web Applications for Vulnerabilities

McAfee Vulnerability Manager has a new web scanning capability, allowing you to discover, crawl, assess, report, and manage the vulnerabilities discovered in any number of internal or external web applications.

Quantitative Metrics to Measure, Model, and Manage IT Risk

Prevari’s Technology Risk Manager (TRM) solution uses existing enterprise data combined with actuarial risk information to provide repeatable, quantitative, and predictive risk analytics.

Preventing Information Leaks

Raytheon SureView integration with McAfee ePolicy Orchestrator (McAfee ePO) software enables governmental and commercial enterprises to deploy and seamlessly manage command and control of SureView clients across the entire organization through their existing infrastructure, allowing for speedy implementation and efficient management of an effective cyberaudit program.

Security Posture and Risk Management

RedSeal Vulnerability Advisor analyzes the results of McAfee Vulnerability Manager in the context of the network to prioritize vulnerabilities requiring attention and offer network mitigation options.

Technology Blueprints

Assess Your Vulnerabilities

McAfee integrates data and processes to make vulnerability management more effective and efficient. Our approach combines asset discovery and management, comprehensive vulnerability scanning, flexible reporting, and remediation workflows into a single vulnerability assessment solution.

White Papers

Conquer the Top 20 Critical Security Controls

The strength of the Critical Security Controls (CSCs) is their ability to reflect the consensus of successful experiences captured and refined over multiple revisions. The CSCs help organizations break down operational silos by providing a pragmatic blueprint detailing where to focus efforts to achieve the greatest results. This white paper maps the quick wins within the first five CSCs to associated McAfee products, services, and partner solution capabilities — all part of the Security Connected platform.

Operational Efficiencies of Proactive Vulnerability Management

Learn how automating and integrating Vulnerability Management Activities can reduce the operational cost of vulnerability management.

SANS Institute: Correlating Event Data for Vulnerability Detection & Remediation

Learn how network attacks can be avoided by utilizing a SIEM platform that combines historical data with real-time data from network sources and security policies to provide context around application usage, user behaviors, and other operations — for better, more accurate reporting.

Discover. Evaluate. Act.

This paper explains how to apply McAfee Vulnerability Manager with the McAfee Asset Manager feature to discover, evaluate, and promptly manage evolving risk. Through continuous network-based monitoring and the application of enterprise security intelligence, enterprises can mitigate security and compliance risks from IP-enabled devices that users install without administrator support, including servers, desktops, smartphones, tablets, virtualized systems, printers, and networking equipment.

Protect Critical Assets with Virtual Patching—Closing the Vulnerability Window Using Predictive Threat Protection

The McAfee virtual patching solution provides a layered approach to security risk management, while adding the ability to apply a virtual patching strategy to your existing change-management process. It combines proven defenses and security insight with real-time Global Threat Intelligence to close the vulnerability window until patching can occur through your regular change-management processes.

Community

Blogs

  • Shedding light on ‘Shadow IT’
    David Small - January 9, 2014

    BYOD, BYOA, BYOx. The IT industry is full of acronyms depicting its constant evolution and relationship with the professional world. First came the devices; employees saw the power of personal devices and insisted on using them in the workplace. And so the consumerisation of IT was born. After the devices came the apps. Companies reported […]

    The post Shedding light on ‘Shadow IT’ appeared first on McAfee.

  • Walking the Talk on Public-Private Partnerships
    Tom Gann - August 16, 2013

    There’s been a lot of talk about the value of public-private partnerships in moving the U.S. toward a more robust cyber security posture. And let’s be honest:  there’s also been a lot of private sector skepticism about how much the Administration really believed in the concept or how much they would do to make it […]

    The post Walking the Talk on Public-Private Partnerships appeared first on McAfee.

  • Five Factors That Make D.C. Region a Cybersecurity Hub
    Tom Gann - May 29, 2013

    McAfee is based in Silicon Valley, but we know there’s more to tech than California. We recently joined the National Institute of Standards and Technology to launch the National Cybersecurity Center of Excellence, a joint effort among high-tech business, federal, state and local government and local universities located in Rockville, Md. The goal of the […]

    The post Five Factors That Make D.C. Region a Cybersecurity Hub appeared first on McAfee.

  • Getting Assurance in a Time Constrained World
    McAfee - May 20, 2013

    Nothing is as frustrating as when something goes wrong, especially when you have time constraints.  NIST has just released Special Publication 800-53, Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations where a few notable items have been added to increase the confidence that security, practices, procedures and architectures of information systems […]

    The post Getting Assurance in a Time Constrained World appeared first on McAfee.

  • Response Now as Important as Prevention
    Leon Erlanger - February 24, 2012

    The National Institute of Standards and Technology (NIST) has updated its Computer Security Incident Handling Guide to take into account the increasingly dire state of cyber security. As anyone who has followed the rush of high-profile incursions over the past year knows, it’s looking less and less possible to prevent the inevitable attack, no matter […]

    The post Response Now as Important as Prevention appeared first on McAfee.