Comprehensive Threat Protection

The Security Connected way to find, freeze, and fix advanced threats and targeted attacks…fast

Next Steps:


Time traditionally favors attackers. You need defenses that act without boundaries or delays, moving from encounter to containment in milliseconds, not months. Sharing data and learning as they protect, cutting-edge countermeasures in the Security Connected platform benefit from contextualized threat intelligence, analytics, and centralized security management. We knit together endpoints, network, and the cloud for the only comprehensive, automated approach to find, freeze, and fix advanced threats — fast.

Most threats are blocked at first encounter by our advanced endpoint, web, email, and network detection. Contextual SmartListing within McAfee Threat Intelligence Exchange also shares local, global, third-party, and manually entered threat intelligence and organizational rules in real time to stop threats. For extra confidence, system and application controls thwart any malicious code that gets through. Remaining suspicious files flow directly to McAfee Advanced Threat Defense for dynamic and static analysis, including sandboxing, that quickly reveals the full intent of the file. Going beyond malware analysis, endpoint- and network-based systems instantly analyze traffic to detect activity that could indicate a compromised host.

If a host is compromised, containment is crucial. The Security Connected platform facilitates automated intervention. Sharing threat intelligence among management, network, and endpoint systems, McAfee immediately shuts down command and control communications and quarantines compromised systems. For example, McAfee Network Security Platform uses guidance from McAfee Enterprise Security Manager to block communication with infected hosts. Via McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange, details like dynamic file and IP reputation, prevalence, and malware artifacts educate each countermeasure to recognize and block emerging and targeted threats.

Event data and threat intelligence flows into our security information and event management (SIEM). While watchlists prevent the recurrence of an event, incident responders can delve into your current and historic security situation. Looking across endpoints and network, you can manipulate data, logs, and analytics to quickly outline the attack scope, track its path and impact, and select the best remediation or risk mitigation. Off-the-shelf integrations with countermeasures and policy- and rules-based management remove steps, repetition, and errors that handicap response and multiply costs.

The Security Connected platform converts the phases of the fight — find, freeze, and fix — from separate battles into a concerted defense. With data correlated, contextualized, and linked to countermeasures, time is your ally. A real-time data exchange layer and the McAfee Threat Intelligence Exchange mean McAfee defenses can act autonomously, applying your rules and risk posture, immunizing systems with updated intelligence, and keeping networks available and secure. This expedites detection, incident response, and investigations, preventing attackers from entering, persisting, or exfiltrating data.

Understanding AETs and APTs

Learn More

Advanced targeted attacks: It takes a system

Read White Paper

Key Benefits

  • Uncover advanced evasion techniques
    McAfee Next Generation Firewall combines full stack traffic normalization on all protocol layers with stream-based data inspection that reveals a malicious payload disguised and delivered simultaneously across multiple protocols. Next Generation Firewall can send to and receive intelligence from the McAfee Global Threat Intelligence cloud to teach endpoints and other network products about new malware using advanced evasive techniques.
  • Improve protection against spear phishing
    McAfee Email Protection now guards enterprises against phishing attacks more effectively through “click-time” anti-malware scanning of links within email, detecting changes in URL intent between when a message is received and when the user clicks a link. Integration between McAfee Email Gateway and McAfee Advanced Threat Defense enables in-depth analysis of stealthy and evasive malware received via email.
  • Layer malware analytics to balance security and performance
    Block attacks efficiently using an optimized system of hardware-enhanced security, low-touch antivirus signatures, reputation, real-time emulation defenses, in-depth static code, and dynamic malware analysis (sandboxing) deployed at and integrated across gateways, endpoints, and network countermeasures.
  • Use every available data source to drive defenses everywhere
    Optimize defenses against designer attacks using local, global, third-party (such as indicators of compromise (IOCs) and VirusTotal), and manually entered threat intelligence to automatically direct the actions of endpoints and network systems.
  • Use context and risk tolerance to drive automated defenses
    Implement custom risk preferences through reputation and blocking based on your rules, prevalence, industry threat feeds, and organization (applications, certificates, and files).
  • Link endpoints and network to detect unusual activity
    Identify suspicious activity that could show compromised systems within the network being used in botnets or advanced persistent threats; block abnormal application traffic attempting to disguise stolen data as approved application traffic.
  • Create actionable intelligence to shorten response time
    Unleash real-time event analytics under high-event-rate conditions to quickly see the enterprise-wide context surrounding an event, leveraging event and forensic information from collective threat intelligence and throughout the technology stack to guide live response. Correlate and prioritize big security data with McAfee Enterprise Security Manager to facilitate mitigation, remediation, and reconstruction of attacks.
  • Reduce operational costs while improving visibility
    Unified management across the Security Connected platform helps you rapidly deploy and consistently maintain effective security policies, automate tasks, and streamline processes and reporting across your McAfee and third-party products.

Customer Stories


A.T.U safeguards employee web and email communications with centrally managed McAfee security solutions.

  • Reduced influx of spam by 99% and maximized employee time and productivity
  • Proactively protected against malicious emails, viruses, and malware
  • Enabled smooth, easy-to-manage implementation and testing process

Alcatel-Lucent Shanghai Bell

Alcatel-Lucent Shanghai Bell uses McAfee Network Security Platform to secure 100 Mbps to 10 Gbps corporate networks against threats and attacks.

  • Increased identification and interception of up to 99% of the threats
  • Improved the work efficiency and allowed the information security and network departments to cooperate with each other in monitoring security threats and risks


Cardnet eliminates malware infections with comprehensive network, email, and endpoint security from McAfee.

  • Total absence of known infections of any kind
  • Protected the entire IT infrastructure
  • Maintained IT security with a staff of three, versus 20 or more if the McAfee suite was not in place

Community South Bank

McAfee Total Protection for Secure Business provides Community South Bank with comprehensive server and desktop protection, while safeguarding data and defending against threats.

  • Slashed time spent on security administration, especially compared to multiple point products
  • Saved more than 30% in license fees
  • Simplified management while providing comprehensive security
  • Prevented users from accidentally or maliciously exposing data

Mairie de Saint Nazaire

McAfee simplifies security management for French city’s local government.

  • Simplified security management with single, integrated central console
  • Deployed quickly and easily
  • Freed up time to focus on nonsecurity issues
  • Reduced spam significantly

MidWestOne Financial Group

McAfee Firewall Enterprise, McAfee Web Gateway, and McAfee Email Gateway provide the foundation for MidWestOne’s Internet security strategy.

  • Comprehensive inbound threat protection and outbound data loss prevention for 250 email users
  • Strong antivirus protection for 550 desktops and laptops
  • Centrally managed security infrastructure through “single pane of glass” with McAfee ePO software
  • Significantly reduces helpdesk calls for spyware infections by half
  • Creates an improved standing with auditors and regulators

SIM University

SIM University uses McAfee Firewall Enterprise to protect its data center.

  • Provide a multilayered defense against security threats
  • Amplify network bandwidth and dramatically improve throughput
  • Increase availability of learning management system to more than 99.9 percent
  • Free up IT administration time of security staff

Transend Networks

McAfee delivers comprehensive protection for Transend Networks' virtualized infrastructure, enabling high network availability.

  • Delivered incident-free network protection with low false positive rate
  • Fit with virtualization and cloud computing approach, providing flexibility and cost savings
  • Provided up-to-date protection against emerging forms of malware


Network Security

McAfee Advanced Threat Defense
McAfee Advanced Threat Defense

Finds advanced malware and zero-day threats, and seamlessly integrates with McAfee network security solutions to freeze the threat while Real Time for McAfee ePolicy Orchestrator initiates a fix or remediation actions.

McAfee Next Generation Firewall
McAfee Next Generation Firewall

Provides innovative evasion prevention, centralized management, and built-in high availability and scalability to meet the complex, high-performance needs of demanding data centers and distributed enterprises.

McAfee Network Security Platform
McAfee Network Security Platform

Aggregates powerful malware detection techniques including global file reputation, custom malware signatures, file anomaly analysis, heuristics, emulations, cloud lookups, and static file analysis to identify and block threats travelling over the network, from worms to bots. Tools, weighted alerts, and forensic dashboards reduce the expertise and time required to understand and act on relevant events.

McAfee Web Protection
McAfee Web Protection

Monitors web traffic for malicious content, suspicious memory activities, and known bad URLs, using advanced content and behavior analytics to accurately and preemptively detect and block modern blended attacks and complex malware. Includes full browser emulation and multi-layer analysis that detects malicious active content and reveals the malware’s final intent, reflecting dynamic changes that occur in real time, as well as scareware.

McAfee Email Protection
McAfee Email Protection

Offers hybrid deployment options, multiple scanning engines, and click-time URL analysis to provide defense in depth for the email vector against phishing attacks, viruses, malware, directory harvest, denial of service (DoS), bounceback attacks, zero-hour threats, and spam surges with the leverage of network, file, and message reputation. Integration with McAfee Advanced Threat Defense enables detection of stealthy, zero-day malware files that attempt to breach the network via email.

McAfee Firewall Enterprise
McAfee Firewall Enterprise

Fends off hackers attempting to enter the network or manipulate bots and compromised systems within your infrastructure. Strong next-generation firewall capabilities, including application visibility and deep application controls, reduce the attack surface, block the latest attacks, and eliminate unwanted traffic.

Security Management

McAfee ePolicy Orchestrator
McAfee ePolicy Orchestrator (McAfee ePO)

Unifies security management and policy enforcement for consistent control across the McAfee portfolio of endpoint, network, and data security. Helps security professionals make better security management decisions based on a holistic view of security posture, actionable dashboards, automated responses, and integrated workflows.

McAfee Enterprise Security Manager (SIEM)
McAfee Enterprise Security Manager (SIEM)

Collects and correlates event, behavior, and alert information from all your sources, delivering a full depiction of the attack with context awareness for rapid, decisive action based on a crisp understanding of event sequences and scope. Integrates with McAfee ePO software to automatically adjust system security settings for attacks or potential attacks in progress. Can send quarantine commands to McAfee Network Security Platform to shut down suspicious communications.

McAfee Threat Intelligence Exchange
McAfee Threat Intelligence Exchange

McAfee Threat Intelligence Exchange significantly optimizes threat prevention, closing the gap from encounter to containment for advanced targeted attacks from days, weeks, and months down to milliseconds.

Endpoint Protection

McAfee Application Control
McAfee Application Control

Restrict the applications that can be installed or run on your endpoints to limit vulnerabilities and prevent execution of malicious software binaries, kernel components, DLLs, ActiveX controls, scripts, or Java components.

McAfee Change Control
McAfee Change Control

Prevents tampering with critical system files, directories, and registry keys to block all unauthorized changes, whether malicious or inadvertent, that could permit compromise and persistence, such as creation of backdoors and escalation of privileges.

McAfee Deep Defender
McAfee Deep Defender

Monitors system behavior at the kernel-level to expose and remove stealthy and unknown threats, including master boot record (MBR) bootkits and kernel rootkits, and preempt zero-day malware; utilizes integration with Intel technology to remove low-level threats that traditional OS-based protection cannot detect.

McAfee Device Control
McAfee Device Control

Lets you lock down ports to limit the chance that portable storage devices can introduce malicious code into your systems or exfiltrate sensitive data.

McAfee Host Intrusion Prevention for Desktop
McAfee Host Intrusion Prevention for Desktop

Imposes three layers of protection (signature analysis, behavioral analysis, and dynamic stateful firewall with global reputation technology) to prevent intrusions, protect mobile assets, and defend your organization against known and emerging exploits, including zero-day attacks.

McAfee Host Intrusion Prevention for Server
McAfee Host Intrusion Prevention for Server

Offers specialized protection to secure critical servers against attacks, including directory traversal and SQL injection attacks, and block threats such as botnets and denial of service before attacks can occur.

McAfee SiteAdvisor Enterprise
McAfee SiteAdvisor Enterprise

Blocks access to dangerous or forbidden websites and flags potentially risky websites to educate users and reduce the chance for malware to enter through vulnerable browsers and endpoints.

McAfee VirusScan Enterprise
McAfee VirusScan Enterprise

Combines antivirus, antispyware, firewall, and intrusion prevention technologies to stop and remove malicious software and guard against buffer overflow exploits, spam, phishing attacks, malicious websites, and other threats that often evade standard antivirus and URL filtering systems.

Mobile Security

McAfee Enterprise Mobility Management (McAfee EMM)
McAfee Enterprise Mobility Management (McAfee EMM)

Provides malware protection for Android and secures corporate email, calendar, and contacts to prevent interaction with personal data or malicious apps.

News / Events


Data Sheets

McAfee Anti-Malware Product Enhancements

For product enhancements, please view the data sheet listed above.


McAfee Advanced Threat Defense Test Results

AV-TEST performed a test of the McAfee Advanced Threat Defense appliance to determine its malware detection capabilities.

Advanced Evasion Techniques for Dummies

Welcome to Advanced Evasion Techniques For Dummies, your guide to the security evasion techniques that have become a serious preoccupation of the IT industry.

The Economic Impact of Cybercrime and Cyber Espionage

This report discusses how to estimate the cost of malicious cyber activity, and its effect on trade, technology and competitiveness.

Proactive Rootkit Protection Comparison Test

In January 2013, AV-TEST performed a comparative review of McAfee Deep Defender, Microsoft System Center Endpoint Protection, and Symantec Endpoint Protection to determine their capabilities to proactively protect against kernel-mode and MBR rootkits, also known as day zero attacks.

NSS Labs Corporate AV/EPP Comparative Analysis, Exploit Evasion Defenses

McAfee endpoint protection scored the highest in a test of protection against evasion attacks.

NSS Labs Corporate AV/EPP Comparative Analysis, Exploit Protection Defenses

McAfee core endpoint anti-malware products (McAfee VirusScan Enterprise, McAfee Host Intrusion Prevention, and McAfee SiteAdvisor Enterprise) achieved the highest block rate and an overall score of 97% for all threats blocked in the exploit protection test.

Solution Briefs

Deny and Defuse Designer Threats

Each month brings new media coverage of a targeted attack against a business, government, or critical infrastructure operator previously considered “invulnerable.” As more organizations encounter the cost, disruption, and public humiliation of data breaches, advanced targeted attacks become an executive-level discussion. Comprehensive threat protection requires orchestration of countermeasures and collective intelligence deployed with sensitivity to performance and risk.

Counter Stealthy Malware

The most menacing type of cyberattack is invisible. Using sophisticated techniques to hide its presence, stealthy malware may operate outside of the OS or move dynamically across endpoints to conceal the attackers’ actions. The risk to enterprises is real, with high-profile attacks such as Operation High Roller impacting companies around the globe. Traditional antivirus or intrusion prevention systems are no match for this new breed of stealthy malware; instead, enterprises need layered security controls that work together to detect the presence and actions of stealthy malware and attackers.

Advanced Malware: Nowhere to Hide with a Layered Defense Strategy

Smart and malicious advanced malware is targeted stealthy, evasive, and adaptive. Sandboxing and other stand-alone products can't do the job on their own. This editorial brief explains why you need an arsenal of layered, integrated defenses to protect against these sophisticated threats.

Operationalize Intelligence-Driven Response

Learn about the three frameworks required for intelligence-driven response to be effective — decision, detection, and analysis.

The Evolving Landscape of Desktop Security

Learn how application whitelisting and recent technology enhancements make it easier to implement whitelisting.

Protecting Information

There are several solutions for protecting information that offer the added benefit of reducing costs and complexity.

Protecting the Data Center

The data center operations team is being tasked with responsibilities from building solutions for continuous compliance and virtualization to consolidation and leveraging the cloud.

White Papers

Advanced Targeted Attacks: It Takes a System

Adaptive intelligence and real-time communications orchestrate protection in the McAfee Security Connected Platform.

Protect Against Advanced Evasion Techniques — Essential Design Principles

Cybercriminals are increasingly exploiting vulnerabilities in network security systems at a greater rate than ever before. Learn how to protect against advanced evasion techniques (AETs) and avoid becoming a victim.

New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection

The McAfee Gateway Anti-Malware engine is a powerful, next-generation technology designed to protect against contemporary threats delivered via HTTP and HTTPS channels. Leveraging new, patent pending techniques, McAfee Gateway Anti-Malware takes web exploit detection, zero-day, and targeted threat prevention to the next level, protecting customers from web-delivered threats and exploits.

Root Out Rootkits

This paper describes how McAfee Deep Defender moves endpoint security beyond the operating system. McAfee Deep Defender gets hardware assistance from Intel and uses a privileged early load position to uncloak, block, and remove the kernel-mode activities of stealthy rootkits.

McAfee Network Security Platform: The Next-Generation Network IPS

This white paper discusses how the McAfee Network Security Platform can help organizations unify network security across physical and virtual environments, streamline security operations, and protect themselves from emerging malware, zero-day attacks, denial-of-service exploits and advanced targeted attacks.

Threats and Risks