complete endpoint protection
TRANSCRIPT
Complete Endpoint Protection
Ahmed Sharaf – Managing Director, Xband Enterprises, Inc.
Malware Continues to Grow…
2
Source: McAfee Labs, 2013
Malware continues to grow and get more sophisticated…
\
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
Q12010
Q22010
Q32010
Q42010
Q12011
Q22011
Q32011
Q42011
Q12012
Q22012
Q32012
Q42012
Q12013
14,000,000
New Malware Samples
2012 new malware sample discoveries increased 50% over 2011
New malware samples grew 22% from Q4’12 to Q1‘13
Four Phases of an Attack
3
Example: Fake AV
How the attacker first crosses path with target.
First Contact
Malicious Website
Network Access
Physical Access
Unsolicited Message
How the attacker gets code running first time on target machine.
Local Execution
Configuration Error
Exploit
Social Engineering
How the attacker persists code on the system, to survive reboot, stay hidden, hide from user and security software.
Establish Presence
Persist on System
Self-Preservation
Download Malware
Escalate Privilege
The business logic, what the attacker wants to accomplish, steal passwords, bank fraud, purchase Fake AV.
Malicious Activity
Adware & Scareware
Identity &Financial Fraud
Propagation
Bot Activities
Tampering
Malicious Website
Exploit
Persist on System
Adware & Scareware
Removable Media Storage
Laptop
Desktop
ATM’s
Medical Devices
Servers (Physical and Virtual)
Databases
Storage
The Evolving Endpoint
WORKSPACE FIXED FUNCTIONDATACENTER
4
Mobile Devices Systems Management Agent
Traditional Architecture for Endpoint Security
HIPSAgent Encryption
DLPAgent
Every SOLUTION has a CONSOLE
Every CONSOLErequires a SERVER
Every SERVER requiresa OS and a DATABASE
Every OS/DB requires PEOPLE, MAINTENANCE, PATCHING
WHERE DOES IT END?
5
McAfee Endpoint Protection Platform Strategy
6
Complete endpoint security
Cloud
Application
Database
OSHW-Enhanced
Security Information and EventsRisk and Compliance
Unified Security Operations
Desktop
Laptop
Mobile
Server
Virtual
Embedded
Data C
enter
Desktop/Laptop
Windows Only
Blacklist Files
Focus on Devices
Static Device Policy
Disparate, Disconnected Management
COMPLETE ENDPOINT SECURITYFIRST-GENERATION
LOCAL EXECUTION ESTABLISH PRESENCE MALICIOUS ACTIVITYFIRST CONTACT
4 Phase Protection Methods
McAfee® SiteAdvisor®
Website Filtering
McAfee Device Control
Physical File Transfer
McAfee Desktop Firewall
McAfee Desktop Firewall
McAfee Web Gateway and McAfee Email Gateway
Web Filtering Email Filtering
McAfee VirusScan® Enterprise
On-Access Scanning File Scanning Write Blocking
McAfee Database Activity Monitor
Database Vulnerability Blocking
McAfee VirusScan® Enterprise
Rootkit Detection
McAfee Host Intrusion Prevention
Buffer Overflow Prevention Behavioral Prevention
McAfee Application Control for Servers or Desktops
Install and Execution Prevention Change Protection
7
Intel Security - A Proven Leader in Endpoint Security
8
Gartner Magic Quadrant Leader for 7 straight years!
• Placed furthest on Completeness of Vision axis
• Superior Manageability with ePO
• Next Generation Endpoint Platform
• Security Connected Vision attainable for customers
• Advancing Protection Rankings
• Comprehensive Solution
• Strength of Intel / McAfee Together
Gartner DisclaimerThis graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from http://www.gartner.com/technology/reprints.do?id=1-26F1285&ct=141223&st=sb. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Complete Endpoint Protection—EnterpriseComplete Simplicity
• Unified, open security management for all endpoints
• One solution for PC, Mac, Linux, or virtual
• Turnkey simple installation in minutes
• Use less resources to manage security with single console
Complete Performance
• Security optimized for high performance across all platforms
• Dynamic whitelisting offers a no -scanning, small desktop footprint
• Real-time visibility reducing time to reaction by 10 to 1000 times
• Smart scanning technology optimizes CPU and memory usage
Complete Protection
• The market’s broadest set of security technologies
• Proven leader in blocking exploits, evasion and stealthy threats
• Application Whitelisting shown to provide 100% protection
9
Endpoint Protection Windows & Unix AV
Mac & Linux AV
Endpoint Firewall
Host Intrusion Prevention
Application Blocking
Application Control – Desktop
Web/Messaging SecuritySiteAdvisor with Web Filter
Anti-malware Email
Data ProtectionDevice Control
Management & DeploymentePO
Complete Endpoint Protection—BusinessComplete Simplicity
• Unified, open security management for all endpoints
• One solution for PC, Mac, Linux, or virtual
• Turnkey simple installation in minutes
• Use less resources to manage security with single console
Complete Performance
• Security optimized for ultimate performance on any platform
• Real-time visibility reducing time to reaction 10x to 1000x
• Smart scanning technology optimizes CPU and memory usage
Complete Protection
• The market’s broadest set of security technologies
• Proven leader in blocking exploits and stealthy threats
10
Endpoint Protection Windows & Unix AV
Mac & Linux AV
Storage Server AV
SharePoint AV
Endpoint Firewall
Intrusion Prevention
Application Blocking
Web/Messaging SecurityAntimalware Email
SiteAdvisor with Web Filtering
Data ProtectionDevice Control
Drive Encryption
File & Removable Media Protection
Management & DeploymentePO
Complete Protection—Proven by Independent Testing
11
Collection Missed Detected Total Detected (%) Missed (%)Anti-Malware Desktop 0 4634 4634 100.000 0.000Spyware 0 1773 1773 100.000 0.000Trojan 0 910 910 100.000 0.000Overall 0 7317 7317 100.000 0.000
VSE On-Access, HIPS, and Dynamic Application Control
Source: Westcoast Labs 2012
Exploit Evasion CombinedMcAfee 97% 100% 99%Symantec 91% 100% 96%Sophos 88% 97% 93%Kaspersky 92% 92% 92%F-Secure 79% 88% 84%Microsoft 65% 100% 83%AVG 76% 88% 82%ESET 71% 92% 82%Trend 73% 53% 63%Norman 47% 75% 61%Panda 41% 75% 58%
Combined Detection Rates
Source: NSS Labs 2013
• Complete Data Protection• Encryption• Native Encryption Management• DLP: Endpoint and Network
DataProtection
Broad Solution Coverage for Enterprise Problems
12
• Data Center Suites• Application Control for Servers• MOVE (McAfee Optimized for Virtual Environments)• Database Security
ServerProtection
• Policy Auditor • Risk Analytics
RiskManagement
• ePO Deep Command• ePO Cloud
Security Management
For More Information: www.McAfee.com/endpoint
On The Web
Third Party Reviews
Whitepapers and Solution
Briefs
Four Phases Video
www.mcafee.com/endpoint
13
#1 in Exploit and Evasion Protection.Complete Protection
Complete Performance, Protection, Simplicity
14
Dynamic Whitelisting, Smart Scanning, Dynamic Risk Assessment.
Complete Performance
McAfee leads in Management, Scalability and Reaction time. Complete Simplicity
ePolicy Orchestrator McAfee ePolicy Orchestrator (McAfee ePO) Security Management Platform for unified management of endpoint, network, and data security.
• End-to-end visibility• An open, extensible architecture• Proven efficiencies
16
• Personalized Command Center
• Drag-and-Drop Dashboards and Actionable Reports
• Role-based Access Control• Powerful Workflows
• Enterprise-ready • Extensible Framework
Complete Management
McAfee Application Control for Desktop
17
McAfee Application Control software provides complete protection from unwanted applications and code—blocking threats without requiring signature updates.
• Protect against zero-day and APTs without signature updates• Strengthen security and lower ownership costs with dynamic whitelisting • Automatically accept new software added through your authorized processes• Provide flexibility to desktop users by optionally allowing them to approve new
applications
• Block known and unknown threats
• Use whitelisting to only allow approved applications to run
• Integrates with McAfee ePO console for centralized IT management
• Easily protect unsupported legacy systems, such as Microsoft Windows NT and 2000
Complete Endpoint Security
McAfee Data Center Suites
18
McAfee Data Center Suites provide complete protection for physical and virtualized server—superior threat blocking with minimal signature-based scans.
• Low overhead, increased security for demanding server environments• Use whitelisting to only allow approved applications to run, denies malware• Protect against zero-day and APTs without signature updates• Strengthen security and lower ownership costs with dynamic whitelisting • Integrates with GTI to classify binaries as Good, Bad and Unknown
• Integrates with McAfee ePO console for centralized IT management
• Integrates with VMware, Microsoft HyperV and Citrix
• Easily protect unsupported legacy systems, such as Microsoft Windows NT and 2000
McAfee Datacenter Security Suite for Server
McAfee Virus Scan Enterprise – Windows and Linux
McAfee Application Control – Server
McAfee MOVE – Virtual Desktop Infrastructure
McAfee ePO
Complete Endpoint Security
Performance
19
McAfee application control = low performance impact
50%
60%
40%
30%
20%
10%
Endpoint Resource Usage(for illustration only)
Util
izat
ion
70%
80%
90%
100%
McAfee App Control
AV + HIPs
McAfee VirusScan Enterprise
20
McAfee VirusScan Enterprise proactively stops and removes threats, extends coverage for new security risks, and reduces the cost of managing responses.
• Protect your files from viruses, worms, rootkits, Trojans, and other threats
• Proactive protection against new and unknown buffer-overflow exploits that target vulnerabilities in Microsoft applications
• Easily configure policies to manage and remove quarantined items
• Supports users who are using both Microsoft Outlook and Lotus Notes
• Supports Windows desktop OS (2000, XP, Vista, 7, 8) and Windows Server OS (2000, 2003, 2008, 2012)
Exploit Evasion Combined
McAfee 97% 100% 99%
Symantec 91% 100% 96%Sophos 88% 97% 93%Kaspersky 92% 92% 92%F-Secure 79% 88% 84%Microsoft 65% 100% 83%AVG 76% 88% 82%ESET 71% 92% 82%Trend 73% 53% 63%Norman 47% 75% 61%Panda 41% 75% 58%
Combined Detection Rates
NSS Labs Protection & Evasion Test 2013: (VSE/HIPS/SAE)
• Unbeatable malware detection and removal
• Proactive protection from zero-day attacks
• Integrates with McAfee GTI for real-time defense
• Managed by ePO for deployment, configuration, enforcement and reporting
• Optimized for fast performance and educed system impact
Complete Endpoint Security
McAfee Host IPS
21
McAfee Host Intrusion Prevention for Desktop delivers unprecedented levels of protection from known and unknown zero-day threats by combining signature and behavioral intrusion prevention system (IPS).
• Enforce the broadest IPS and zero-day threat protection coverage across all levels: network, application, and system execution
• Advanced threat protection through dynamic, stateful desktop firewall
• Single, unified management by ePO• Patch endpoints less frequently and
with less urgency• Location aware policies provide
specific protection based on location• Behavioral Analysis - zero-day attack
protection• Mitigates patch deployment
urgency• Ensure applications only
perform legal operation• Vulnerability shielding capabilities for up
to 100% MS vulnerability coverage
Complete Endpoint Security
McAfee Endpoint Encryption
22
McAfee Endpoint Encryption solutions use industry-leading encryption algorithms and offers multiple layers of data protection to transparently secure a broader scope of confidential information.
• Drive and file/folder encryption for Microsoft Windows PCs or Mac OS X
• Enables automatic, transparent encryptionwithout hindering performance
• Enhanced performance through support for Intel AES-NI technology
• Remote out-of-band management with ePO Deep Command
• Supports: Windows 8, 7, Vista, XPServer 2008, 2003; (32- and 64-bit)
• Enforces strong access control with pre-boot authentication
• Prevents unauthorized access to information on PCs, laptops, network servers, and removable media
• Provides key-sharing mechanisms that allow users to share files securely
• Centrally managed with ePO
Complete Endpoint Security
McAfee Device Control
23
McAfee Device Control protects data from falling into the wrong hands via removable storage devices and media, such as USB drives, MP3 players, CDs, and DVDs.
• Control how users copy or retrieve data
• Supports USB drives, iPods, recordable CDs/DVDs, Bluetooth and infrared devices, imaging equipment, COM and LPT ports
• Centrally define, deploy, manage, and update security policies and agents
• Set device and data policies by user, group, or department.
• Support compliance with detailed user- and device-level logging
• Gather details such as device, time stamp, and data evidence for prompt and proper audits
• Protect your business from data loss
• Maintain control over your confidential data
• Enable productivity while ensuring data protection
• Centralize and simplify your security management
• Prove compliance with less effort
Complete Endpoint Security
McAfee VirusScan Enterprise for Storage
24
McAfee Enterprise VirusScan for Storage extends proven real-time threat protection to mission critical NAS environments.
• McAfee’s proven, award-winning scanning technology has been extended to storage environments
• Rely on always-on, up-to-date, real-time security
• High availability ensures business continuity in the unlikely event of a product failure
• Multi-vendor support saves time and IT overhead and eliminates the need for separate point products for each vendor
• Deploy ePO to manage all of your new security solutions or leverage your current investment by adding VSE for Storage to your ePO infrastructure
• Continuous protection for storage devices and their data
• Cost-effective solution
• Common security management with ePO
• Supports: IBM StoreWize V7000 Unified System, IBM Sonas,
• HP StorageWorks X9000 Network Storage Systems
• Sun Storage 7000 Unified Storage Systems
• Isilon
Complete Endpoint Security
McAfee VirusScan Enterprise for Linux
25
McAfee VirusScan Enterprise for Linux delivers always-on, real-time anti-virus protection for Linux environments. Its unique, Linux-based on-access scanner constantly monitors the system for potential attacks.
• Secure your enterprise with always-on protection
• Heuristic scanning
• Archive scanning
• Cross-platform protection
• Save time with automatic updates
• Make management easy with McAfee ePolicy Orchestrator (ePO)
• Deploy new kernels quickly and easily
• Supports various Linux distributions
• SuSE Linux 9, 10, 11• Novell Open Enterprise Server 1, 2• Red Hat Enterprise 4.x; 5.x; 6.x• CentOS 4.x, 5.x, 6.x• Fedora Core 10, 11, and 12• Ubuntu 8.04, 9.04, 9.10, 10.04, 10.10,
and 11.04
Complete Endpoint Security
McAfee SiteAdvisor Enterprise with Web Filtering
26
McAfee SiteAdvisor Enterprise rates website safety using comprehensive behavioral and web reputation tests.
• Advanced anti-phishing and blocking capabilities
• Websites are classified into 104 categories
• Secure web browsing and content filtering for business users
• GTI integration provides protection at a URL level instead of domain level
• Supports IE, Firefox, Chrome browsers
• Educate end users about the dangers of searching or surfing the Internet
• Browse safely - color-coded rating system lets users know which websites are safe and which are risky improve productivity
• Advanced customization to authorize or block websites based on overall site ratings or threat factors
• Integrated URL & content filtering• Manage with ePO for deployment,
configuration, and reporting
Complete Endpoint Security
McAfee ePO Deep Command
27
McAfee ePO Deep Command provides secure and remote out-of-band security management access to PCs that may be powered off or disabled.
• Utilizes Intel® vPro™ Active Management Technology (AMT)
• Discovers Intel vPro-based PCs in infrastructure
• Easily configure and provision Intel AMT from ePO console
• Put protection in place ahead of threats, even if systems are powered off or using encryption
• Ensure that powered-off and remote endpoints adhere to policies and configurations
• Connect to the keyboard, video, and mouse (KVM) capabilities of supporting Intel® vPro™ systems
• Securely extend the reach of remote remediation with IP-KVM functionality
• Remotely remediate PCs when disabled
• Conduct wake and patch• Access PCs at hardware level• Improve security to all PCs regardless of
state
• Remote out-of-band encryption management
• Supports Intel Core i5 vPro or Core i7 vPro
Complete Endpoint Security
McAfee Endpoint Protection for Mac
28
McAfee Endpoint Protection for Mac secures Apple endpoints with complete, advanced protection, including anti-virus, anti-spyware, firewall, and application protection.
• Educate On-access scanning - always-on protection to stop threats before they execute
• Scan archives & compressed files, Apple Mail messages & network volumes
• System firewall stops network-based attacks from infecting the Mac
• Application protection provides the ability to deny applications that are not approved to run
• Managed by ePO
• Adaptive Mode - Helps to learn network traffic and fine tuning the existing firewall policies
• Regular mode - Ensures your firewall policies are enforced strictly
• DNS Blocking - Blocks access to unwanted sites
• Location awareness - Ensures correct policies are enforced based on the location from where you are connecting to the network.
Complete Endpoint Security
McAfee Security for Email Servers
29
McAfee Security for Email Servers provides comprehensive content security for Microsoft Exchange and Lotus Domino servers.
• Comprehensive inbound security against all email-borne threats• Integrated encryption and data loss prevention capabilities for compliance
and policy enforcement• Security-as-a-Service (SaaS), on-premises,
and integrated hybrid deployment options• Cloud-based computing provides virtually
limitless capacity
• Platforms supported:
• Microsoft Exchange 2003, 2007, 2010, 2013
• Lotus Domino 8.0, 8.5• Windows Server 2003, 2008, 2012
• Linux (Domino 8.5) Server• Novell SUSE Linux Enterprise Server
10, 11
• Red Hat Enterprise Linux
Complete Endpoint Security
McAfee Security for Microsoft SharePoint
30
McAfee Security for Microsoft SharePoint ensures that your corporate SharePoint deployment does not spread malware, store inappropriate content, or lead to data loss.
• Prevent SharePoint from becoming a malware vector by blocking viruses, worms, Trojans, and other potentially unwanted programs
• Centralized and local reporting via the McAfee ePO• Prevent data loss through flexible content filtering• Store quarantined documents locally and
search the database by infection name, file name, and other parameters
• Prevent inappropriate and unauthorized documents from being stored on your SharePoint server
• Supported Platforms:
• Microsoft SharePoint Server 2003, 2007, 2010
• Microsoft SharePoint Services 2.0, 3.0• Microsoft Windows Server
Complete Endpoint Security
McAfee Policy Auditor
31
McAfee Policy Auditor software automates manual audit processes and helps you report consistently and accurately against internal and external policies.
• Unify management of policy audits and endpoint security• Run consolidated audits across both managed (agent-based) and unmanaged
(agentless) systems• Report against key industry mandates
and internal policies• Up-to-date data, powerful dashboards
and reports, and built-in waiver management simplify every step
• SCAP-FDCC validated• Validated by the National Institute of
Standards and Technology (NIST) as conforming to the SCAP standard
Supported operating systems.• Microsoft Windows XP, Vista, 7
• Windows Server 2000, 2003, 2008
• Red Hat Enterprise Linux 3.0,4.0, 5.0, 5.1
• MAC OS X 10.4, 10.5
• HP-UX (RISC) 11iv1, 11iv2
• AIX (Power5, Power6) 5.3 TL8 SP5, 6.1 TL2 SP
Complete Endpoint Security
McAfee Web Gateway
32
McAfee Web Gateway delivers comprehensive security for all aspects of web traffic, regardless of location or device. McAfee Web Gateway enables today’s web-centric enterprises with a powerful rules-based engine for optimal policy flexibility and control.
• Protect Geo-location (McAfee GTI)• Web reputation (McAfee GTI)
• Web filtering (McAfee GTI)
• Dynamic categorization
• File reputation (McAfee GTI)
• SSL scanning
• Media/file analysis
• Data loss prevention
• Signature-based antivirus
• Proactive anti-malware
• Common criteria EAL2+ and FIPS 140-2 Level 2-certified
• Leader in Gartner Magic Quadrant, Web Gateway for four years running
• Number one-rated antimalware solution on the market (AV-Test.org)
Complete Endpoint Security
Product Resources (click on image to browse to web)
33