Detect internal and external threats to AWS infrastructure
McAfee detects compromised account activity in AWS based on brute force login attempts, logins from new and untrusted locations for a specific user, and consecutive login attempts from two locations in a time period that implies impossible travel – even if the two logins occur across multiple cloud services – to support immediate remediation and limit exposure.
Insider and Privileged User Threats
McAfee automatically constructs a behavior model with dynamic and continuously updated thresholds for each user and group to identify activity indicative of insider threat. Privileged User Analytics identifies risk from inactive administrator accounts, excessive permissions, and unwarranted escalation of privileges and user provisioning.
Audit Identity and Access Management (IAM) permissions
McAfee audits the Identity and Access Management (IAM) permissions assigned to users and inherited from group membership, highlighting inactive user accounts that can be deleted to reduce the attack surface. IAM Group Analytics discovers groups without active members that can be deleted.
Audit AWS security and compliance configuration with cloud security posture management (CSPM)
McAfee continuously monitors and audits AWS security configuration settings to ensure compliance with external regulations and internal policies. McAfee uses field-tested industry best practices to suggest modifications to configuration settings to tighten security and ensure compliance.
Standardize on a corporate AWS account
McAfee identifies all AWS accounts in use by employees and enables enterprises to standardize on their corporate AWS account. Using McAfee, you can enforce governance controls and coach users to corporate AWS accounts for centralized visibility and policy enforcement.
Amazon Usage Discovery
Identifies AWS usage across unmanaged and corporate accounts and enables enterprises to enforce a uniform set of policies on all AWS accounts.
Continuously monitors AWS configuration against regulatory requirements to streamline internal and external audits.
User Permissions Audit
Audits the identity and access management (IAM) permissions assigned individually to each user account and inherited from group membership.
IAM Group Analytics
Identifies groups with no members and groups without active members that can be deleted to reduce risk.
Delivers a threat dashboard and incident-response workflow to review and remediate insider threats, privileged user threats, and compromised accounts.
User Behavior Analytics
Automatically builds a self-learning model based on multiple heuristics and identifies patterns of activity indicative of a malicious or negligent insider threat.
Account Compromise Analytics
Analyzes login attempts to identify impossible cross-region access, brute-force attacks, and untrusted locations indicative of compromised accounts.
Facilitates integration with firewalls, proxies, SIEMs, directory services via LDAP, on-premises DLP, HSMs, and EMM/MDM solutions and tokenizes sensitive data.
Integration with SIEMs
Collects log files from SIEMs and provides the ability to report on incidents and events from MVISION Cloud in SIEM solutions via syslog and API integration.
Cloud Security Posture Management
Discovers current cloud application security settings and suggests modifications to improve security based on industry best practices.
Cloud Activity Monitoring
Leverages AWS CloudTrail to capture a complete audit trail of all user and administrator activities to support post-incident investigations and forensics.
Account Access Analytics
Identifies inactive user accounts and former employees who retain access to AWS so their accounts can be deleted to reduce latent risk.
User Access Dashboard
Presents a unified view of IAM permissions assigned and access across AWS enterprise accounts to manage access policies.
Correlates multiple anomalous events within AWS or across AWS and other cloud services to accurately separate true threats from simple anomalies.
Privileged User Analytics
Identifies excessive user permissions, inactive accounts, inappropriate access, and unwarranted escalation of privileges and user provisioning.
Provides human input to machine learning models with real-time preview showing the impact of a sensitivity change on anomalies detected by the system.
Leverages an irreversible one-way process to tokenize user identifying information on premises and obfuscate enterprise identity.
Integration with IDM
Leverages identity management (IDM) solutions for pervasive and seamless traffic steering through MVISION Cloud Gateway and contextual authentication.