McAfee is thrilled to announce the availability of Unified Cloud Edge, the most complete security solution for Secure Access Service Edge (SASE) architectures. Enterprises today have lost visibility and control over their data as it travels from any device, in any location, directly to cloud services. Unified Cloud Edge addresses this challenge with a unified security architecture that protects data from device-to-cloud while protecting against cloud-native breach attempts that are invisible to the corporate network.
McAfee Unified Cloud Edge is part of MVISION, the cloud-native security platform from McAfee. It begins with three core technologies converged into a single solution:
- Cloud Access Security Broker (CASB): Direct API and reverse proxy-based visibility and control for cloud services
- Secure Web Gateway (SWG): Proxy-based advanced protection against web-based attacks; visibility and control over web traffic and unsanctioned cloud services
- Data Loss Prevention (DLP): Agent- and network-based visibility and control over sensitive data
Simplified architecture for McAfee Unified Cloud Edge
These technologies create a secure environment for the adoption of cloud services and enablement of access to the cloud from any device for ultimate workforce productivity. Companies can accelerate their business through faster adoption of transformative cloud services by protecting their data and assets with Unified Cloud Edge.
There are two prominent areas of convergence engineered to create this solution:
- CASB and Cloud-based SWG are now managed together. We converged our cloud-based Web Gateway technology into our industry-leading CASB, giving customers one location to protect data and defend against threats in the cloud, along with traffic to and from the cloud. The cloud-based web gateway has been re-architected to enterprise scale, with an industry-high 99.999% availability. New capabilities are enabled by cross-referencing web and cloud intelligence in a single policy.
Policy example: Our cloud-native secure web gateway using CASB risk ratings to block all high-risk cloud services.
- All data loss prevention (DLP) enforcement points share the same classifications, reporting, and workflows. DLP at the device, in motion through the network, and in the cloud now share one source for data classifications and a single location for reporting and remediation workflows. McAfee ePO is the starting point, where classifications built for on-premises DLP are pushed to the cloud in one click for use in any cloud service. All incidents then flow back to ePO for a single location to conduct reporting and remediation workflows. This eliminates the need to query multiple sources for incident data and to manually join search results for incident response.
Policy example: One-click push for all DLP content rules to go to CASB.
McAfee Unified Cloud Edge Solution Brief
Protect data from device to cloud, and prevent cloud-native threats invisible to the corporate networks.
Expanding the Threat Prevention Capabilities of Unified Cloud Edge with Light Point Security
To deliver a complete security architecture for a Secure Access Service Edge (SASE), we have not only dedicated internal teams to innovation, but also looked to the market for pioneers to join our team and contribute their technology and expertise. McAfee has agreed to acquire Light Point Security, a pioneer in browser isolation founded by former employees of the National Security Agency (NSA) to expand the threat prevention capabilities of Unified Cloud Edge.
Here’s why we decided to bring Light Point Security into the McAfee family. The web remains a primary source of malware infiltration for every enterprise. Today, our secure web gateway technology has a unique, industry–leading approach to malware prevention – real-time emulation. This is a highly effective, high-performance approach. Emulation removes the vast majority of malware in milliseconds as traffic is processed. The next evolution is removing the ability for malicious code to reach an end-user altogether.
Light Point Security’s browser isolation technology takes the end user’s web browsing session and isolates the page remotely in a secure location, then replicates an interactive image of the session in the user’s browser with a technique called pixel mapping. This provides the end user with protection against web-based threats because malicious code can’t leave the isolated browser, which is remote from their endpoint. We plan to integrate this technology into our cloud-native secure web gateway for use in any web security policy.
How Does Unified Cloud Edge Reduce the Cost and Complexity of Security in a Secure Access Service Edge (SASE) Architecture?
Secure Access Service Edge (SASE) is an architectural framework that dissolves the data center perimeter and creates a new edge formed dynamically by any cloud service and devices in any location. Security policy shifts to the user session and data, away from a defined perimeter of control. This is a critical evolution that addresses the unpredictable nature of cloud service adoption and mobile users.
In a SASE architecture there are two distinct elements. How data is routed to the cloud, and how it is secured. At McAfee, we are focused on securing data and preventing threats from device-to-cloud. With Unified Cloud Edge, we are releasing the most complete, cloud-native, solution for security in a SASE architecture.
At the device, Unified Cloud Edge applies industry-leading data protection technologies, including encryption, to monitor sensitive data in use, at rest, and in motion.
Through the web, we route traffic from managed devices in any location and from physical networks through our cloud-native proxy to apply access control, data protection, and threat prevention policies.
In the cloud, Unified Cloud Edge integrates directly with cloud services to again apply industry-leading data protection to monitor sensitive data entering the cloud, created in the cloud, and attempting to leave cloud services. With User and Entity Behavior Analytics (UEBA), cloud-native threats can be detected within and across multiple cloud service providers.
Enterprises have a clear choice. They can either stitch together CASB, DLP and SWG solutions from different vendors, which increases operational overhead from added cost and complexity. Or, they can choose a solution which converges these enforcement points into unified experiences with singular context from device-to-cloud. With Unified Cloud Edge, enterprises have a converged approach to security in a SASE architecture which dramatically reduces their cost and complexity, delivering maximum business agility from the cloud.
Learn more about Unified Cloud Edge here: www.mcafee.com/unifiedcloud
About the Author
Categories: Cloud Security