Better Malware Protection, Help for Endpoints in McAfee Web Gateway Release

By on Feb 26, 2016

Every few months, our development team releases a new version of Web Gateway software with multiple improvements they’ve been working towards in their agile development process. This time around, Web Gateway continues to evolve in the critical area of malware protection, expands its capabilities to share threat information, and more. For those less familiar, McAfee Web Gateway and its SaaS counterpart are a critical protection measure in the pursuit of conquering the threat defense lifecycle, stopping a remarkable quantity of both known and zero-day, never-before-seen malware in-line with traffic flow before these threats have a chance to hit an endpoint. Let’s take a look more specifically at what we’ve added:

  • New Gateway Anti-Malware Engine (GAM) v2015. The GAM engine is our powerhouse of real-time zero-day malware protection, and is a constantly evolving technology that allows us to keep up with contemporary exploits and threat behavior. This release, we updated Windows executable emulation with support for advanced instruction sets used in malware obfuscation and evasion techniques, added support for behavioral scanning of 64-bit executable files, overhauled how we scan both Java bytecode and Flash ActionScript, and introduced a new patent-pending content analysis technology to improve classification of JavaScript. All this goes above and beyond AV to stop malware we don’t have a signature for from hitting your endpoints.
  • Publishing Malware Reputations to Threat Intelligence Exchange (TIE). As I just touched on, the GAM engine in Web Gateway has a remarkable ability to detect malicious behavior in never-before-seen files and convict them as new malware. This type of fresh threat intelligence is quite useful, but only if it can be shared! We’ve been sharing our zero-day convictions with the Global Threat Intelligence cloud for years. Now, with TIE, we have the ability to share these zero-day malware reputations in real time with endpoints and other sensors connected to the TIE ecosystem. This means right when Web Gateway finds zero-day malware, endpoints protected by McAfee know about it too. That results in shortened time to protection, and with the fast-paced nature of polymorphic malware (think Mystique from X-Men, same on the inside, different on the outside), means even less endpoints getting hit with new malware thanks to Web Gateway.

Remember, all Web Gateway releases are replicated in our SaaS platform as well. It’s built on the same technology so you can share one policy for both. If you’re using SaaS, remember you have a live-updated status portal here at to view current status, maintenance periods, and more.

Attending RSA 2016 in San Francisco? Visit the McAfee booth (N3705) station titled “The Resilient Digital Enterprise” to learn more about McAfee Web Gateway and additional McAfee technologies connected through the Threat Intelligence Exchange. 

About the Author

Daniel Flaherty

Daniel Flaherty is a member of the product team for McAfee MVISION Cloud, our Cloud Access Security Broker (CASB) solution, focused on developing educational and product-related content. He has been with McAfee since 2010.

Read more posts from Daniel Flaherty

Subscribe to McAfee Securing Tomorrow Blogs