Chris T. is the lead information security engineer on a team that oversees a host of McAfee endpoint and network products at his U.S. insurance company with approximately 8,000 endpoints. The company recently migrated endpoints to ENS 10.2 and plans to migrate to ENS 10.5 in the next three months.
Q. What was the driving factor in the decision to migrate to McAfee Endpoint Security (ENS)?
A. About five years ago we desired to consolidate our information security solutions and create a more manageable security footprint. We had products all over the place, each with its own agent; it worked, but it wasn’t the ideal situation. So when ENS came along, we seized the opportunity to simplify security management and shrink our security footprint. Implementing McAfee Endpoint Security represents our first step toward establishing a more refined, smaller security footprint and easier management.
Q. Did you wait until you had an upcoming endpoint renewal?
A. No. We migrated mid-contract. We don’t base our technology upgrades on contract dates; we do what makes the most sense when it makes the most sense. So the fact that the upgrade was free for us (and many users of McAfee legacy endpoint protection) didn’t make that big a difference for us; we just wanted to reap the benefits of the newer, better endpoint protection as soon as possible.
Q. What was your migration experience like?
A. After a very positive experience beta-testing McAfee Endpoint Security 10.2, we deployed it, including its three core components—Threat Prevention, Web Control, and Firewall—to the majority of our approximately 8,000 Windows-based nodes. We used the McAfee migration tool to copy security policies from our Complete Endpoint Threat Protection suite to Endpoint Security. We could have migrated much faster—migration itself is fairly straightforward—but we took advantage of the migration to “clean house”—to eliminate extra legacy baggage and extraneous files and fine tuning policies and settings.
In the next three months, we plan to migrate all of our 8,000 Windows nodes to ENS version 10.5 as part of our enterprise rollout of Windows 10. McAfee ENS version 10.5 will be a core component of our desktop image. In version 10.5, we are looking forward to even better performance.
Q. What has been the biggest benefit so far from deploying McAfee Endpoint Security?
A. In my mind the biggest benefit of migrating to McAfee Endpoint Security has been improved performance. Users who didn’t have issues with virus scan impact beforehand don’t even realize a change has been made. But for the users who complained, the difference is enormous. On machines with tens of thousands of archive files and some other legacy devices, anti-malware scans could run for days. We targeted those vocal complainers as some of our first for migration to the new endpoint security framework. As soon as their machines were upgraded, their calls [to the IT help desk] stopped.
The overall performance [gain] by consolidating the tools has been rather dramatic. For example, desktops that used to experience 90-95 percent spikes in CPU utilization during anti-virus scans now reach at most 30-35 percent utilization. The customer experience, which is really our end game, has just been dramatically improved.
Q. End users are obviously happier and more productive now. What about security operations?
A. We save a tremendous amount of time. With improved protection at the endpoint, we spend fewer hours reimaging desktops and performing other remediation. Furthermore, by eliminating the need to troubleshoot issues related to legacy software, McAfee Endpoint Security has saved our team countless man-hours each week.
Q. What would you tell other companies who are considering whether to migrate from legacy endpoint protection?
A. McAfee Endpoint Security is, to use an overused but apt term, ‘state of the art.’ It represents the next evolution of endpoint protection. It’s more stable, more efficient, and more accurate. It is definitely worth migrating to.