Protecting Critical Infrastructure

Provide resilience, efficient compliance measures, and instant intelligence for changing threat environments

Next Steps:

Overview

Organizations tasked with running critical infrastructure such as oil and gas, energy, water, and chemical must do so across three disparate yet interconnected zones: enterprise IT, SCADA, and Industrial Control Systems (ICS). Where gaps once existed between these zones and communication was conducted along serial connections on proprietary systems, today’s environments are more interconnected than ever, leveraging the older frameworks plus expanded communication channels across IP, wireless, and mobile, and running common operating systems and applications. This has created greater efficiencies and effectiveness in terms of overall operations and measurement, but it has also introduced risk.

Securing critical networks in the era of sophisticated cyber attacks means that multiple products must operate together without introducing complexity or impacting availability. By working with our customers and partners, we have defined four areas that are required for a successful security strategy:

  1. Situational awareness gives customers visibility into security and operations across enterprise IT, SCADA, and ICS zones.
  2. Multi-zone protection allows discovery, prevention, detection, response, audit, and management across data, network, and endpoint within enterprise IT, SCADA, and ICS zones.
  3. Native support means that McAfee customers have the broadest range of out-of-the-box support for traditional IT solutions, as well as SCADA and ICS applications and protocols for truly holistic security.
  4. Continuous compliance helps easily demonstrate adherence to multiple regulatory mandates.

McAfee solutions provide resilience, efficient compliance measures, and instant intelligence for changing threat environments, along with the power of real-time visibility and centralized management through a single platform.

Cloud Computing for Critical Infrastructure
Safeguarding Smart Grids: Sentient Cyber Security for Critical Infrastructure
EO 13636: Improving Critical Infrastructure Cybersecurity

Videos

Videos

EVP & CTO Mike Fey discusses how McAfee and Siemens are extending their partnership to enhance the security offerings for industrial customers to protect against rapidly evolving global cyber threats.

McAfee demonstrates, through a live video presentation, how our solutions are leveraged to protect substations within the utility industry.

In an age of ever-changing technology threats, McAfee helps protect critical infrastructure industries in all sectors with a cloud-to-endpoint security portfolio. Backed by the highest level of Global Threat Intelligence, McAfee delivers real-time visibility, the latest protections, and quick proof of compliance, plus optimized solutions for proprietary SCADA systems.

Customer Stories

Integral Energy

Integral Energy proactively assesses and manages vulnerabilities with McAfee Vulnerability Manager.

Highlights
  • Discovered and assessed system vulnerabilities quickly and accurately
  • Enabled threat prioritization and proactive, informed decision making
  • Provided in-depth visibility regarding network assets
  • Facilitated compliance with ISO 27001 standard

Large Oil Company

McAfee secures end-to-end critical infrastructure.

Highlights
  • Secures both critical and business infrastructures and securely transfers data between them
  • Saves millions of dollars by preventing production disruptions
  • Provides the benefits of digital/smart oil drilling with confidence

Mainova AG

McAfee powers network security for energy supplier Mainova AG.

Highlights
  • Delivered complete protection with lower operation cost — only three IT staff members required to monitor IDS/IPS solution
  • Deployed new system within three weeks of installation
  • Simplified and centralized administration of configuration and guidelines for handling threats
  • Precisely identified and blocked threats in real time
  • Provided full transparency when monitoring network traffic

Major Urban Utility Company

For more than a decade, a major urban utility has utilized McAfee Firewall Enterprise Edition to protect critical control systems.

Highlights
  • Allowed Independent Systems Operator (ISO) networks to interconnect without jeopardizing the control network
  • Conducted vulnerability tests and confirmed that McAfee Firewall Enterprise Edition cannot be penetrated
  • Permitted patches and upgrades to be delayed without a risk to security
  • Ensured the ability to add a new rule in minutes

Public Utility District, United States

McAfee strengthens the network perimeter for this large public utility district.

Highlights
  • Prevented 30,000 – 50,000 unwanted emails from entering the network each day
  • Increased user productivity without jeopardizing security
  • Provided strong security for both corporate IT and critical infrastructure networks
  • Protected against blended Internet and insider threats
  • Improved efficiency for the IT department, reducing administration, overhead, and costs

Products

Endpoint Protection

McAfee Embedded Control
McAfee Embedded Control

McAfee Embedded Control focuses on solving the problem of increased security risk arising from the adoption of commercial operating systems in embedded systems. Embedded Control is a small-footprint, low-overhead, application-independent solution that provides “deploy-and-forget” security.

McAfee Deep Defender
McAfee Deep Defender

McAfee Deep Defender helps stop advanced stealth attacks with the industry's first hardware-assisted security enabled by McAfee DeepSAFE technology. Unlike traditional security solutions, Deep Defender operates beyond the operating system to provide real-time kernel monitoring to reveal and remove advanced, hidden attacks.

McAfee Global Threat Intelligence
McAfee Global Threat Intelligence Proxy

McAfee Global Threat Intelligence Proxy (McAfee GTI Proxy) enables McAfee VirusScan Enterprise nodes to perform McAfee GTI file reputation queries from within the enterprise network — without requiring direct access to the public McAfee cloud.

Risk & Compliance

McAfee Integrity Control
McAfee Integrity Control

McAfee Integrity Control combines industry-leading whitelisting and change control technology, ensuring that only trusted applications run on fixed-function devices, such as point-of-service (POS) systems, ATMs, and kiosks.

McAfee Vulnerability Manager
McAfee Vulnerability Manager

McAfee Vulnerability Manager finds and prioritizes vulnerabilities and policy violations on your network. It balances asset criticality with vulnerability severity, enabling you to focus protection on your most important assets.

Database Security

McAfee Database Activity Monitoring
McAfee Database Activity Monitoring

Boost your overall database security with reliable, real-time protection against external and internal threats across physical, virtual, and cloud environments. McAfee's activity monitoring sensors require no costly hardware or changes to your existing system architecture, giving you an easy-to-deploy, highly scalable database security solution. The sensors immediately detect any kind of unauthorized or malicious behavior and terminate it without significant impact to overall system performance. McAfee Database Activity Monitoring greatly simplifies your database security management and helps ensure compliance with PCI DSS, SOX, HIPAA/HITECH, SAS 70, and many other types of regulations.

Data Protection

McAfee DLP Monitor
McAfee DLP Monitor

McAfee DLP Monitor enables you to find, track, and protect sensitive information from any application or location, in any format, over any protocol or port, over time. Unrivaled data analytics support easy, accurate policy creation and rapid, flexible response.

Network Security

McAfee Next Generation Firewall
McAfee Next Generation Firewall

McAfee Next Generation Firewall lets you add network security capabilities when and where you need them to get maximum value out of your investment. Innovative evasion prevention, centralized management, and built-in high availability and scalability meet the complex, high-performance needs of demanding data centers and distributed enterprises, both today and tomorrow. McAfee MIL-320 Next Generation Firewall is designed for failure-free, high- performance operation in extremes. It is small, portable, heavy duty, resistant to dust, water, and shocks, and available in black or military green livery.

McAfee Firewall Enterprise
McAfee Firewall Enterprise

McAfee Firewall Enterprise defends critical assets, including regulated data repositories (customer, financial, and healthcare data), email and web servers, extranets, and data centers. This proxy-based network firewall security offers a range of capabilities, including application visibility and deep application controls to defend against network security threats. It delivers strong user- and policy-based controls, blocks the latest attacks, and eliminates unwanted traffic. McAfee’s firewall protection integrates with McAfee Global Threat Intelligence (GTI) and McAfee ePolicy Orchestrator (McAfee ePO) software.

McAfee Network Security Platform
McAfee Network Security Platform

McAfee Network Security Platform is the industry's most secure network intrusion prevention system (IPS). Backed by McAfee Labs, it protects customers on average 80 days ahead of the threat. It blocks attacks in real time, before they can cause damage, and protects every network-connected device. With Network Security Platform, you can automatically manage risk and enforce compliance — while improving operational efficiency and reducing IT efforts.

Security Management

McAfee ePolicy Orchestrator (ePO)
McAfee ePolicy Orchestrator (ePO)

McAfee ePolicy Orchestrator (ePO) is a key component of the McAfee Security Management Platform, and the only enterprise-class software, to provide unified management of endpoint, network, and data security. With end-to-end visibility and powerful automations that slash incident response times, McAfee ePO software dramatically strengthens protection and drives down the cost and complexity of managing risk and security.

SIEM

McAfee Enterprise Security Manager
McAfee Enterprise Security Manager

McAfee Enterprise Security Manager provides the speed and rich context required to identify critical threats, respond quickly, and easily address compliance requirements. Continuous global threat and enterprise risk feeds deliver adaptive and autonomous risk management, allowing remediation of threats and compliance reporting in minutes instead of hours.

McAfee Enterprise Log Manager
McAfee Enterprise Log Manager

McAfee Enterprise Log Manager automates log management and analysis for all log types, including Windows Event logs, Database logs, Application logs, and Syslogs. Logs are signed and validated, ensuring authenticity and integrity — a necessity for regulatory compliance and forensics. Out-of-the-box compliance rule sets and reports make it simple to prove your organization is in compliance with regulations and internal policies.

McAfee Advanced Correlation Engine
McAfee Advanced Correlation Engine

McAfee Advanced Correlation Engine monitors real-time data, allowing you to simultaneously use both rule-based and rule-less correlation engines to detect risks and threats before they occur. You can deploy Advanced Correlation Engine in either real-time or historical modes.

McAfee Application Data Monitor
McAfee Application Data Monitor

McAfee Application Data Monitor decodes an entire application session to Layer 7, providing a full analysis of everything from the underlying protocols and session integrity all the way up to the actual contents of the application (such as the text of an email or its attachments). This level of detail supports accurate analysis of real application use, while also enabling you to enforce application use policies and detect malicious, covert traffic.

McAfee Database Event Monitor for SIEM
McAfee Database Event Monitor for SIEM

McAfee Database Event Monitor for SIEM delivers non-intrusive, detailed security logging of database transactions by monitoring access to database configurations and data. It not only consolidates database activity into a central audit repository, but integrates with McAfee Enterprise Security Manager to intelligently analyze and detect suspicious activity.

Services

Critical Infrastructure Security Assessment

Foundstone’s expert team of consultants identify weaknesses in your security posture and develop actionable recommendations to mitigate the risks your environment faces from external attackers, insider threats, automated worms, and network management errors.

SCADA Emergency Incident Response

A security breach has been identified on your network, and the compromise could result in disruption of service, instability of control systems, or even loss of human lives. How can you reduce these risks by being prepared?

Resources

Brochures

Seriously Powerful Solutions: Security Connected for Critical Infrastructure

The Security Connected framework from McAfee integrates multiple products, services, and partnerships to provide centralized, efficient, and effective risk mitigation. Across IT, SCADA, and ICS, Security Connected addresses endpoint, data, and network security.

Focus on 5: DoD Critical Infrastructure Requirements

McAfee has a tremendous amount of experience securing critical infrastructure and working with the DoD. McAfee solutions protect endpoint, network, and data throughout the IT and ICS zones, including SCADA, and deliver a more resilient security posture.

Security Connected for Public Sector: Situation Under Control

Through its optimized, connected security architecture and global threat intelligence, learn how McAfee delivers security that addresses the needs of the military, civilian government organizations, critical sectors, and systems integrators.

Reports

Technology Security Assessment for Capabilities and Applicability in Energy Sector Industrial Control Systems

Pacific Northwest National Laboratory and McAfee will continue to challenge the cybersecurity threat landscape by diligently assessing the applicability, value, and effectiveness of the security solutions necessary to support the national security mission to secure critical energy resources.

In the Dark — Crucial Industries Confront Cyberattacks

Learn about protecting critical infrastructures — power, oil, and water industrial control systems — and the security gaps that still remain.

Solution Briefs

EO 13636: Improving Critical Infrastructure Cybersecurity

This solution brief describes the core Executive Order activities, progress to date, and McAfee contributions toward the success of this initiative. It should help affected entities — owners and operators of critical infrastructure — participate in the process, drive positive incentives rather than punitive regulations, and show innovation in securing these crucial systems.

Protect Critical Infrastructure

Securing critical infrastructure requires protecting multiple zones, including enterprise IT, SCADA, and industrial control systems (ICS), to meet compliance regulations and ensure continuous system availability. The Security Connected framework from McAfee enables you to establish a robust security posture with integrated solutions that protect endpoint, network, and data across IT, SCADA, and ICS — without impacting system availability.

Technology Blueprints

Protect Your Databases

The McAfee approach to database security monitors database activity and changes, offers protected auditing tools, enables virtual patching to avoid database downtime, and provides compliance and regulatory templates.

Achieve Situational Awareness

The McAfee solution has two primary components: McAfee ePolicy Orchestrator (McAfee ePO) software and McAfee Enterprise Security Manager, with additional integrations to extend visibility and control across the entire security and compliance management environment.

Deliver Continuous Compliance

McAfee interconnects components to allow you to define compliance benchmarks and audit for compliance, detect and prevent compliance drift, manage the workflow associated with audit remediation, and provide central management and reporting for the entire solution.

White Papers

Evolving HBSS to Protect and Enable the Modern Warfighter’s Mission

This paper will examine the future of HBSS and make measurable, tangible recommendations to not only increase overall security and capabilities, but also to lessen the management burden, lower the overall total cost of ownership, allow for better results, particularly in D-DIL environments, and allow JIE real-time operational control over HBSS assets.

Smart Grid Deployment Requires a New End-to-End Security Approach

Cyber security is a growing concern and a key success factor for smart grid deployment. Alstom Grid, Intel, and McAfee have teamed up to move on smart grid opportunities in a secure and effective way.

The 7 Deadly Threats to 4G - 4G LTE Security Roadmap and Reference Design

This paper provides a detailed review of seven threats that take on unique profiles within 4G networks. It also offers a security reference architecture to efficiently counter these threats with minimal cost or service disruption.

Strategies to Mitigate Targeted Cyber Intrusions McAfee Capabilities

Strategies to mitigate targeted cyber institutions are mapped to McAfee capabilities — addressing the Top 35 Mitigation Strategies from the Australian Defence Signals Directorate (DSD).

Global Energy Cyberattacks: “Night Dragon”

This white paper examines the Night Dragon attacks, a series of coordinated covert and targeted cyberattacks that are being conducted against global oil, energy, and petrochemical companies. These attacks involve social engineering, spearphishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations information. In this paper, McAfee analyzes the techniques used in these continuing attacks and identifies features to assist companies with detection and investigation.

Threats and Risks