Security Engineer Scott M. knows that for organizations like his, a large North American healthcare company, information security defenses must continually adapt to face new threats and to accommodate business or industry changes—else risk dire consequences.
That is why his company is beefing up its endpoint defenses by migrating from another vendor’s endpoint protection solution to Complete Endpoint Protection- Business and McAfee Endpoint Security (ENS), a more collaborative, more intelligent endpoint protection framework. Some of the company’s Windows-based desktops were migrated to ENS version 10.2 before an end-of-the-year freeze on IT changes, but the rest will be migrated directly to ENS 10.5, which will be a key component of the standard physical desktop build going forward.
Scott anticipates that ENS 10.5 will provide a huge leap in performance and protection against advanced malware. “[McAfee] ENS 10.5 looks like it is going to be amazing,” says Scott. “It reflects a long-term vision of how to address endpoint protection…The technology behind it is very solid.”
Scott also values the modular “blade” design of ENS: “It’s exactly what we’re looking for. Install what you need as opposed to a single program that has all the features and you turn some of them off. As an administrator, that’s very useful [and] adds a lot of flexibility.” Modularity also makes it easier for Scott to add functionality to ENS in the future as needed or as new capabilities become available.
Securing Virtualized Environment with Minimal Resource Consumption
In addition, as the company seeks to reap cost efficiencies by increasing the size of its virtualized environment, it is making sure that all of its virtualized endpoints are as secure as its physical endpoints.
In the next six months, the company will add 13,000 virtual workstations, bringing its total to more than 55,000—in addition to 55,000 physical workstations and 7,500 virtual and physical servers. To protect all those virtual machines, Scott deployed McAfee Management for Optimized Virtual Environments (MOVE) Antivirus 4.0. With the same McAfee ePolicy Orchestrator® (ePO™) central console used to manage the company’s McAfee Complete Endpoint Protection- Business, he can easily manage endpoint protection across the company’s entire physical and VDI environments, ensuring that all endpoints share the same unified security policies, and view the “full security picture across platforms.”
What Scott appreciates most about McAfee MOVE AntiVirus is its efficiency. The company’s previous anti-virus protection for VDI consumed 30 percent of I/O operations just in updating definitions and pushing them out—a process that Scott had to spread across eight hours before a new update would begin. But with MOVE AntiVirus, vastly more efficient resource utilization results in minimal impact on virtual machine performance, much faster scans, and freed up resources.
To eliminate scanning bottlenecks and delays, McAfee MOVE AntiVirus offloads scanning, configuration, and .DAT update operations to an offload scan server which maintains a global cache of files that have already been scanned, thereby avoiding the need for duplicate scans. In an environment of 40,000+ virtual desktops (soon to be 50,000+), only having to scan a given file once—instead of 40,000 or 50,000 times—results in enormous resource savings.
McAfee MOVE AntiVirus also allowed the healthcare company to dramatically reduce the impact of security on storage and eliminate the need to constantly chase resources. “Previously we had to actually stop updates before they had finished when we had less than full capacity—for instance, if we had a failed drive controller on an array,” explains Scott. “In the past, security was taking a back seat to performance. With McAfee MOVE AntiVirus, however, we no longer have to make that compromise.”
In addition, since McAfee MOVE version 4.0 and McAfee ENS are built to leverage the open McAfee Data Exchange Layer (DXL) application framework, they enable the healthcare company’s VDI environment to supplement McAfee Global Threat Intelligence with local threat information from McAfee Threat Intelligence Exchange and other security solutions, such as McAfee Advanced Threat Defense, to enhance detection and prevention of zero-day, unknown threats across the entire environment, including VDI.
Together, McAfee Endpoint Security and McAfee MOVE AntiVirus are strengthening the company’s ability to protect, detect, and correct across its entire endpoint base, physical and virtual, and to continue to adapt in these, to quote Scott, “interesting times” in which we live.