epolicy orchestrator 4dot6overview -...
TRANSCRIPT
September 21, 2012
McAfee ePolicy Orchestrator 4.6 The Foundation of McAfee Security Management Platform
Name Title
2
Agenda
Current State of Security Management
Advantages of ePolicy Orchestrator
Overview of ePO 4.6
Demo
Today’s Security Landscape
Daily new malware threats 55,000 More Malware
Variations
Active new zombies per month 5M Attack Target
Users vs. Machines
New malicious website detected
30 Seconds
Malware is obfuscated 85%
Web 2.0 is the Catalyst!
Toolkits & Obfuscation
Of all threats are financially
motivated
90%
4
Cyber Crime Altering Threat Landscape
Password Stealers Malicious websites Email Attacks Autorun Malware
Value of Data on Black Market
$980–$4,900 Trojan to Steal Account Information
$490 Credit Card Number with Pin
$147 Birth Certificate
$78–$294 Billing Data
$147 Driver’s License
$98 Social Security Card
$6–$24 Credit Card Number
$6 PAyPal Account Logon and Password
End User = DATA
Cybercrime “Ecosystem”
Spammers Identity Thieves
BOT Herder
Malware Developer
Tool Developers
Vulnerability Discovers
Current Trends:
Botnets Zero-day exploits ‘Scareware’ Also Mac and Linux
September 21, 2012 5
Proliferation of Security Products from Multiple Vendors
IPS
NAC
Vulnerability Manager
Encryption
Policy & Remediation
EndPoint Firewall Web
NUBA
Data
Security Landscape
McAfee TippingPoint
Sourcefire Juniper
Cisco IBM
Entrasys NitroSecurity
DeepNines StillSecure
Check Point Stonesoft
McAfee Cisco
Juniper Symantec
Aruba Sophos
Check Point TippingPoint
Entrasys StillSecure
Nortel
McAfee Symantec
CodeGreen Credant
Lumension Cisco
WebSense
Lumension NetIQ Rapid7 WhiteHat Acunetix SourceForge Nikto (freeware)
McAfee Symantec
IBM Microsoft
ConfigureSoft BigFix Oracle
ThirdBrigade (TrendMicro)
McAfee Mazu Cisco Lancope ArborNetwork
SkyRecon Microsoft G data Trust Port eScan BitDefender Avira Dr Web F-Port BullGuard Arcabit Risisng Software Clam VBA AVG
McAfee SecureWave winMagic SafeNet Wave Systems Mobile Aromr Microsoft IBM TrendMicro
McAfee Cisco Juniper Check Point Fortinet Stonesoft SonicWALL Watchguard NETSQ Astaro Phion HP
Cisco Trend ScanSafe Symantec Websense BlueCoat Aladin Finjan Mi5(Symantec) Facetime CP Secure
McAfee Barracuda TrendMicro Symantec Cisco Google SonicWALL WebSense BorderWare Microsoft ProofPoint
McAfee Symantec
TrendMicro Sophos
Kaspersky Panda
Microsoft Eset
CA F-secure
eEye Digital Prevx
Check Point IBM
Landesk BigFix
McAfee Barracuda
ContentKeeper CA
Webroot Clearswift
8e6 (Marshal) Cymphonix
Check Point Sophos Credant
PGP GuardianEdge
Symantec Information
Security Corp. iAnyWhere
Solutions BeCrypt
Tumbleweed SoloBreaker Verdasys Oakley Fidelis BorderWare IBM WinMagic RSA Vericept
InfoExpress Insightx Impulse Point Forescout Bradford Consentry Trustwave
Top Layer Radware Snort HP McAfee
IBM Microsoft
nCircle Qualys Nessus
6
Security Landscape
Leads to Proliferation of Security Management Consoles and Reporting Tools
Anti-virus Management Tools 1
Network Access Control Management Tools
8
Anti-spyware Management Tools 2
Host Intrusion Prevention Management Tools
7
Desktop Firewall Management Tools 3
Data Protection (DLP, Encryption, etc.) Management Tools
6
Policy Auditing Management Tools 4
Web Security Management Tools 5
7
Leads to Proliferation of Security Management Consoles and Reporting Tools
• Lack of automation, reporting from disparate systems: resource drain
Maintenance & Audit Fatigue
• Siloed processes and management tools: slows incident response times
Operational Complexity
• Lack of integration, no correlation of data: increases effort, time to diagnose issues
Low Visibility
Pain Points
8
Leads to Proliferation of Security Management Consoles and Reporting Tools
Problems
Security Gaps
Higher Costs
9
McAfee ePolicy Orchestrator 4.6 ePolicy Orchestrator
McAfee ePolicy Orchestrator
• Automate solutions with open API
• Leverage ecosystem
• Connect to your IT infrastructure
• Streamline processes
• Speed incident responses
• Reduce audit fatigue
• Central point of reference
• Enterprise-wide visibility
• Reduce management complexity
• Distributed architecture supports deployments of any size
• Flexible reference architecture
Extensible Automated
Unified Enterprise-ready
10
McAfee ePolicy Orchestrator Key Feature Overview
McAfee ePolicy Orchestor
• End-to-End Visibility – Unified point of reference across
security solutions • Personalized Command Center
– Tune work environment to optimize efficiencies
• Drag-and-Drop Dashboards and Actionable Reports
– Immediate insight to action slashes response times
• Role-based Access Control – Distribute administration and
information
• Rogue System Detection – Identify and manage all networked
assets to lower risk • Powerful Workflows
– Automate common routines, streamline processes across systems
• Enterprise-ready – Flexible, scalable architecture minimizes
CAPex and OPex • Extensible Framework
– Increase value of existing security assets, optimize for future needs
Confidential McAfee Internal Use Only September 21, 2012 11
End-to-End Visibility
• Single version of the truth across systems, networks, compliance solutions
• Delivers real-time threat intelligence from McAfee Labs for contextual risk assessment
• Unified command center – Create, enforce, manage policies and workflows – Centralized reporting for endpoint, data, network, risk
management
• Access from anywhere – Web-based UI
• System of record
Achieve immediate insight into enterprise security and compliance postures
Confidential McAfee Internal Use Only September 21, 2012 12
Personalized Command Center
• Personalize views, navigation and action bar • Drag-and-drop controls to place most used
within easy reach • Create query groups and related workflows
based on your priorities automate common tasks
Tune your work environment to best suit your needs
Confidential McAfee Internal Use Only September 21, 2012 13
Role-based Access Control
• Distribute administrative tasks and information by role
• Roles defined by permission sets – Permission sets for functionality such as
Reporting, Automation, Configuration
– Upon login, user is presented only with the features that they have permission to access; everything else is hidden
• Increase management confidence in security posture and cut reporting time
– Create role-based dashboards for executive users
Permission sets determine what users can see and do to facilitate efficiencies
Confidential McAfee Internal Use Only September 21, 2012 14
Drillable Dashboards and Actionable Reports
• Dashboards provide at-a-glance understanding of security posture
– Dashboards display complex information quickly – Correlated threat intelligence provides risk
assessments – Drill to detail – Drag-and-drop editing – Share with others
• Actionable Information – Execute tasks directly from a dashboard or report
(update now task button) – Kick off workflows based on predefined reporting
thresholds
• Generate reports on-demand, on a schedule or with an event
– Schedule and email html, xml, csv, or pdf reports – Multiple queries within a single report – Parameter-based reports – develop on-demand
reports with user-driven filters
Dramatically slash incident response times
Confidential McAfee Internal Use Only September 21, 2012 15
Rogue System Detection
• Identifies rogue systems connecting to network
• Rogue sensors strategically deployed to detect rogue systems
• Detect all systems connecting to your network such as
– PC, routers, printers
• Provides system of record to identify assets
Identify assets to bring under control and to mitigate risk
Confidential McAfee Internal Use Only September 21, 2012 16
Powerful Automations & Workflows
• Automatic response system works with existing infrastructure
• ‘Tag’ assets and policies to take future actions based on tags
– Example - As new Exchange servers come into the system tree run task to deploy GroupShield protection
• Create tickets within HP OpenView and BMC Remedy ticketing systems
– Make security processes a transparent part of IT operations
• Connect to external systems and customize workflows with ePO Web API
– Supports business logic
Streamline workflows to eliminate security gaps and achieve efficiencies
MALWARE ATTACK
Report Sent to Team through phone and
issue is created
Issue sent to 3rd party help desk
Patch update sent; ePO and help desk synched in system
Event Trigger Report Help Desk Resolved
Confidential McAfee Internal Use Only September 21, 2012 17
Enterprise-class Scalability
• Dramatically improve scalability
• Improve security policy and DAT coverage for remote and roaming endpoints solutions
• Policy sharing and usage reporting across servers
Multi-tiered, distributed architecture elegantly scales
ePO Server ePO DB Web Console
McAfee Network Security
McAfee Update Servers
Agent Handler
Distributed Repository
Super Agents Distributed Repository
Notifications Ticketing Systems
Extensible Framework McAfee’s Open Platform for Security Risk Management
SIA Associate Partner SIA Technology Partner (McAfee Compatible)
19
McAfee ePO Users Manage More with Less
Simple. Flexible. Efficient.
MSI International, survey of 488 ePO & non-ePO users
• ePO users manage more – 30% more endpoints – Using 50% less hardware
• Spend less time managing security
– 38% less time on security reporting – 41% less time on developing security policies – 31% less time repairing endpoints after an infection
Confidential McAfee Internal Use Only September 21, 2012 Title of presentation 20
McAfee Strengthens Protection, Achieves Cost Efficiencies for the Agile Business
“We are extremely confident with ePO and all the threat protection managed by it. Using McAfee, our clients have not had a single outage by a security incident in that area in seven years.”
Martin Reindl, Business Unit Leader System Security, Atos Origin Germany
Confidential McAfee Internal Use Only September 21, 2012 Title of presentation 21
McAfee Strengthens Protection, Achieves Cost Efficiencies for the Agile Business
“With McAfee, I can provide better, more comprehensive protection for the Agency — and spend less time doing so. Best of all, I have much greater peace of mind.”
Rogelio Garcia, Systems Administrator, Agencia de Defensa de Competencia de Andalucia
Confidential McAfee Internal Use Only September 21, 2012 Title of presentation 22
McAfee Strengthens Protection, Achieves Cost Efficiencies for the Agile Business
“McAfee best meets our need for central managing, and we agreed with their future views on anti-virus technologies and policies. We knew we could evolve easily with McAfee over time.”
Kjell Larsson, Technical Product Manager for Security and Access, TeliaSonera AB
Confidential McAfee Internal Use Only September 21, 2012 Title of presentation 23
McAfee Strengthens Protection, Achieves Cost Efficiencies for the Agile Business
“I want to have more control in managing security as Draka expands globally, and ePO will play a very important role in that evolution.”
Aad Oudeman, Global Infrastructure Shared Services Manager, Draka Holding
Q&A Session
24
September 21, 2012
Customer Success
Maximum Protection with Minimal IT Resources at the Agencia de Defensa de la Competencia de Andalucia
26
Industry Government
Environment MS Windows 2003 environment with 23 desktops and five servers
McAfee Products Deployed Total Protection for Secure Business with ePolicy Orchestrator® (ePO®)
Challenges • Poor performance and inadequate administration tools for previous antivirus system
• Exposure to security threats through memory devices plugged into USB ports
Optimized Solution Summary • Time spent checking and updating systems reduced from one day to two minutes
• Prevents malware or other threats from entering the system via a USB device
• Saves money compared to multiple point security solutions; device control alone would have cost almost as much as the entire McAfee solution
• Blocks users’ access to harmful websites
“With McAfee, I can provide better, more comprehensive protection for the Agency— and spend less time doing so. Best of all, I have much greater peace of mind.” Rogelio Garcia, Systems Administrator, Agencia de Defensa de Competencia de Andalucia
Customer Success: TeliaSonera AB
“McAfee best meets our need for central managing, and we agreed with their future views on anti-virus technologies and policies. We knew we could evolve easily with McAfee over time.” Kjell Larsson, Technical Product Manager for Security and Access, TeliaSonera AB
•Challenge – Protect endpoints with a common, integrated security solution – Avoid system-wide outbreaks that could paralyze their customer service desk – Maintain control of and visibility into company’s network
•McAfee VirusScan Enterprise, AntiSpyware, Host Intrusion Prevention, and EPO
– Provides protection of its 23,000 desktops and 3,500 servers against malicious attacks
– Minimizes risk of malware intrusion on the desktops and laptops – Reduces time managing security via consolidated console
Customer Success: Draka Holding
“I want to have more control in managing security as Draka expands globally, and ePO will play a
very important role in that evolution.” Aad Oudeman, Global Infrastructure Shared Services Manager, Draka Holding • Challenge
– Global centralization of IT services forced 6th largest worldwide cable provider to update its security solutions for 9,000 employees in 29 countries
– Limited IT staff burdened the management of IT and security for 80 worldwide sites
• McAfee ToPS for Endpoint Simplifies Global Security Standardization – Enforces 24x7 centrally managed protection for 80 sites worldwide – Automates distribution of patches and software upgrades in minutes – Enables customization of new policies, rules and network access at local sites – Ensures IT services standardization and compliance in every country – Reduces administrative time for worldwide IT staff by intelligently monitoring
security
Customer Success: Scania AB
“We’ve stayed with McAfee for a few reasons. McAfee’s anti-virus coverage is very comprehensive, and McAfee’s industry reputation and solution knowledge are widespread.” Frederik Tomasson, IT Security Manager, Scania AB
•Challenge – Ensure overall Internet and desktop security for 35,000 employees worldwide – Manage specific user access policies across different countries – Increase security coverage without increasing administrative tasks or staff – Avoid downtime for employees during new anti-virus solution or upgrade rollouts
•McAfee Total Protection (ToPS) for Endpoint Strengthens Anti-virus Protection for Scania AB for the Long Haul
– Protects 15,000 endpoints against virus attacks – Saves 30% of IT manpower in managing anti-virus activities – Allows for customization of anti-virus usage policies within a distributed
organization – Simplifies and streamlines worldwide rollouts of upgrades, and new Internet and
desktop security solutions – Nearly zero downtime amongst users during upgrade rollouts
Customer Success: Abtran
• Challenge
– Ensure security of thousands of credit card transactions daily – Meet PCI DSS and ISO 27002 standards – Protect client information coming in and out of 2 call centers, 2 data centers, 500 desktops, and 30
servers – Prevent potential data loss on laptops – Provide multiple layers of security risk management protection without negatively impacting IT
administrator’s time
• McAfee ToPS for Endpoint, Network Security Platform, Endpoint Encryption, Vulnerability Manager,
and Email Security Service—Helps Abtran Save Time while Meeting Compliance Regulations – Cuts time to produce weekly security reports from 3 to 4 hours to less than 2 minutes – McAfee ePO 4.0 saves IT support hours each week in administering and monitoring endpoint security – Guards Abtran from risks of financial loss, brand damage, public disclosure, or noncompliance – Management of multiple solutions made easy—by gaining full visibility in the enterprise while
consolidating data, all through a centralized console that is transparent to users
“Because McAfee provides centrally managed anti-virus protection, encryption, intrusion detection and prevention, vulnerability management, and more, it plays a key role in our road to compliance with PCI, ISO, and other information security standards and customer requirements.” Robert Ravenscroft, IS Security Manager, Abtran
31
ePolicy Orchestrator
Large Enterprise (>10K) Mid-Sized Enterprise (1K-10K)
ePO Non ePO ePO Non ePO # of Security
Admin Servers
# of Security Administrators
Mean Hours per Week per Administrator Spent on IT
Security Operations
Total Full Time Employees (FTE)
2.1
7.9
3.9
0.8
7.2
15.8
9.5
3.7
5.3
15.3
10.3
4.0
10.7
27.1
16.2
10.9
387 survey interviews completed by Insight Express, dated June 2007 -- 176 ePO customers, 211 non-ePO -- Mid-sized avg 4,100 nodes, Larger avg 46,000 nodes
Footnote: Actual numeric values are based on the “means” calculated using the midpoints of the ranges used in the survey