Migrate to the New McAfee Endpoint Security (ENS)

By on Jul 06, 2017

The traditional IT model of waiting for early adopters to work through any bugs before you install new software makes sense in many cases. In cybersecurity, however, each day’s delay extends the window of opportunity for zero-day malware to wreak havoc on your endpoints.

During the recent Wannacry ransomware attack, customers running the latest McAfee Endpoint Security with Advanced Threat Protection never had a hiccup. Their endpoints immediately classified the file as greyware, subject to deeper analysis and containment. Like border collies so smart they don’t need a command, McAfee Dynamic Application Containment herded unknown files away from crucial areas, allowing them to run but not take actions that malware typically attempts— like encrypting files or overwriting directories.

All of this happened in seconds, without human intervention, and without waiting for a signature. While some organizations scrambled to contain a massive outbreak, McAfee Endpoint Security customers continued working as usual. Even if the attack made it onto an endpoint, it was severely limited in any damage it could cause to that endpoint or user. And with McAfee Threat Intelligence Exchange, the first endpoint to get hit communicated with every other system in the environment.

Stay Current, Stay Protected

Cases like this prove you can’t afford to wait. While signature-based security still plays an important role in endpoint security, it now functions best when used as part of a multi-layer defense, filtering out less sophisticated, “commodity” malware. Signature-based defenses depend on the endpoint security vendor identifying a new attack and creating a DAT file so endpoints can block it. Even when vendors discover a new threat immediately, it still takes hours or days to create and distribute that signature. And during that gap, thousands—even millions—of endpoints can get hit.

The more advanced modern malware threats, however, are designed to disguise their nature and exploit the windows of vulnerability that signature-only defenses leave open. That’s why the industry is moving to next-generation, signature-less approaches.

Move to the Latest McAfee Endpoint Security

With the latest McAfee Endpoint Security, you don’t have to wait for a signature. If an executable has never been seen before, your endpoints automatically classify it as “greyware” and treat it with appropriate suspicion. Your endpoints first conduct pre-execution scanning of its code base—essentially a static look at the code (before it runs). Then, they perform dynamic analysis of the behavior during execution. All of these capabilities, and others, are part of protection at each endpoint that limits the damage and spread of greyware to other endpoints. And they’re designed and integrated to close that window of vulnerability—to stop malware even before security systems know exactly what it is.

Learn More

No matter who your endpoint security vendor is, check to see if you’re running their latest software version—and if not, update it. Hint: If you’re running VirusScan Enterprise (VSE), McAfee Host IPS Firewall, or McAfee SiteAdvisor web filtering, you’re not using the latest McAfee Endpoint Security.

McAfee Endpoint Security is an integrated solution that replaces several individual legacy endpoint products, including McAfee VirusScan Enterprise, McAfee Host IPS Firewall, and McAfee SiteAdvisor web filtering. If you’re an existing customer with one of our Endpoint Security suites, McAfee Endpoint Security is a free security upgrade.

Learn more about migrating to the latest McAfee Endpoint Security



About the Author

McAfee Enterprise

McAfee offers industry-leading cybersecurity solutions for all business and enterprise needs. See our blog to stay up-to-date with the latest security trends

Read more posts from McAfee Enterprise

Subscribe to McAfee Securing Tomorrow Blogs