Audit Azure security and compliance configuration with Cloud Security Posture Management (CSPM)
McAfee continuously monitors and audits the security configuration of all managed and unmanaged Azure subscriptions to reduce risk and ensure compliance with external regulations and internal policies. McAfee uses field-tested industry best practices to suggest corrective measures to harden Azure security settings.
Prevent unauthorized regulated data from being stored in Azure storage services
McAfee MVISION Cloud for Azure enforces DLP policies across data at rest and in motion to ensure compliance with regulations and internal policies. McAfee supports DLP rules based on keywords, data identifiers, user groups, and regular expressions. Enforcement actions include coach users, notify administrator, block, quarantine, and delete. Leverage pre-built industry templates, create custom policies in McAfee, or leverage policies in an existing on-premises DLP solution.
Standardize on a corporate Azure subscription
McAfee identifies all Azure subscriptions in use by employees and enables enterprises to standardize on their corporate Azure subscriptions. Using McAfee, you can enforce governance controls and coach users to corporate Azure subscriptions for centralized visibility and policy enforcement.
Azure Usage Discovery
Identifies Azure usage across unmanaged and corporate subscriptions and enables enterprises to enforce a uniform set of policies on all Azure subscriptions.
Continuously monitors Azure configuration against regulatory requirements to streamline internal and external audits.
User Permissions Audit
Audits the identity and access management (IAM) permissions assigned individually to each user account and inherited from group membership.
Delivers a threat dashboard and incident-response workflow to review and remediate insider threats, privileged user threats, and compromised accounts.
User Behavior Analytics
Automatically builds a self-learning model based on multiple heuristics and identifies patterns of activity indicative of a malicious or negligent insider threat.
Account Compromise Analytics
Analyzes login attempts to identify impossible cross-region access, brute-force attacks, and untrusted locations indicative of compromised accounts.
Facilitates integration with firewalls, proxies, SIEMs, directory services via LDAP, on-premises DLP, HSMs, and EMM/MDM solutions and tokenizes sensitive data.
Integration with SIEMs
Collects log files from SIEMs and provides the ability to report on incidents and events from MVISION in SIEM solutions via syslog and API integration.
Cloud Security Posture Management (CSPM)
Discovers current cloud application security settings and suggests modifications to improve security based on industry best practices.
Cloud Activity Monitoring
Leverages Azure APIs to capture a complete audit trail of all user and administrator activities to support post-incident investigations and forensics.
Account Access Analytics
Identifies inactive user accounts and former employees who retain access to Azure so their accounts can be deleted to reduce latent risk.
Correlates multiple anomalous events within Azure or across Azure and other cloud services to accurately separate true threats from simple anomalies.
Privileged User Analytics
Identifies excessive user permissions, inactive accounts, inappropriate access, and unwarranted escalation of privileges and user provisioning.
Provides human input to machine-learning models with real-time preview showing the impact of a sensitivity change on anomalies detected by the system.
Leverages an irreversible one-way process to tokenize user identifying information on premises and obfuscate enterprise identity.
Integration with IDM
Leverages identity management (IDM) solutions for pervasive and seamless traffic steering through MVISION Gateway and contextual authentication.