WIXLIB

Secure Your Endpoints and DataWith McAfee ePO Deep Command, you canmonitor and control remote endpoints atthe hardware level, even if the device ispowered off, disabled, or encrypted. Fromone central control panel, you can enforcesecurity and compliance policies, deploypower management programs to conserveenergy, and remediate unresponsive PCs.McAfee ePO Deep Command uses Intel Active Management Technology (Intel AMT), found in systems powered by IntelCore vPro processors, to access endpointswithout relying on the operating system.6By accessing McAfee ePO Deep Commandentirely through the simple, comprehensiveMcAfee ePO control panel, administratorscan schedule policies to power on groupsof remote systems, execute security tasks,and then return the endpoints to theirprevious power states. Intel AMT alsoprovides centralized remote keyboard,video, and mouse (KVM) controls and bootredirection. Through the power of IntelAMT, you can even securely initiate theboot process and unlock endpoints runningMcAfee Endpoint Encryption in order toconduct remote security tasks without theneed for user authentication.Remediate Disabled EndpointsIntel AMT integration with McAfeeEndpoint Encryption and McAfee ePODeep Command can significantly reduceremediation costs by allowing a helpdesk technician to remotely repair aPC anywhere in the world through anetwork connection. Users with disabledPCs don’t have to wait for a personal,off-site visit because administratorscan quickly and conveniently remediateproblems or restore infected systemsfrom a central location.4By using the McAfee KVM Viewer, youcan securely and fully control a remotePC’s keyboard, video, and mouse togreatly simplify remediation. With McAfeeePO Deep Command communicatingdirectly to the hardware, you can controlthe remote PC through power cyclesand operating system reboots withoutbreaking the connection.By providing centralized, secureremediation and management ofendpoints, McAfee ePO Deep Commandhelps you reduce support, remediation,and maintenance costs, strengthen yoursecurity posture, and maintain efficiencyand productivity for your users.Schedule Off-Hours Patching andPower Management with Secure,Remote Pre-BootMcAfee ePO Deep Command allows you toconnect to remote computers to conductsecurity maintenance or time-intensiveupdates during off hours, when users willnot be disrupted.In the past, the primary way to wake PCsremotely was by using the wake-on-LANfeature, where a wakeup call was sentto the network card and passed on tothe PC. But this method would leave thePC stuck at the pre-boot authenticationscreen, requiring a user at the remotelocation to authenticate.Today, McAfee ePO Deep Command andIntel AMT simplify the remote connectionprocess and enable secure remoteaccess—even to encrypted PCs. McAfeeePO Deep Command initiates the processwith a wake request to the client, whichwill then contact McAfee ePO DeepCommand to request permission to boot.Intel vPro TechnologyBuilt-in security for greaterprotectionToday’s rapidly evolving businessenvironment is creating a new setof security challenges. To quicklyrespond to these challenges andstay ahead of high-level securitythreats, businesses need acomprehensive suite of securitysolutions that address critical areasof IT security.Intel vPro technology is a setof security and manageabilitycapabilities built into the Intel Core vPro processor family.Intel Active ManagementTechnology (Intel AMT) enablesIntel vPro technology capabilitiesto be accessed and administeredseparately from the harddrive, operating system, andsoftware applications—in a preboot environment. This makesmanagement less susceptible toissues affecting these areas andallows remote access to the PC,regardless of the system’s powerstate or operating system condition.Intel vPro technology alsoaccelerates data encryption/decryption using Intel Advanced Encryption StandardNew Instructions (Intel AES-NI),which can encrypt data up tofour times faster than standardencryption without interferingwith user productivity.

Secure Your Endpoints and DataBased on configured policies, McAfee ePOwill deny or allow the request. If McAfeeePO sends a denial or can’t be reached, theclient will remain at the pre-boot screenand will not start the operating systemwithout authentication from a user. IfMcAfee ePO approves the request, it willalso return cryptographic information toMcAfee Endpoint Encryption to unlock preboot securely and allow the PC to startthe operating system.the password to a one-time passwordthat is sent to the remote PC using IntelAMT. The user can authenticate with theone-time password, and then immediatelychange it to a new one. With remotepassword reset, a distracting, timeconsuming task can now be completed inlittle more than the time it takes your userto call IT for help.Once the connection is establishedand authenticated, you can securelypatch, reset user passwords, or performremote remediation. With the integratedcapabilities of McAfee ePO DeepCommand, Intel AMT, and McAfee EndpointEncryption, routine scans, updates, andother tasks can be scheduled for individualPCs, groups of PCs, or all computersin your enterprise, regardless of theirlocation or operating system state, evenif they are encrypted. The secure wakeand sleep capabilities also allow you toimplement energy savings programsfor your business and pursue industryincentives to cut power consumptionwithout compromising security.If you need to support shared computersin areas such as office meeting rooms orhospitals, you know how difficult it can befor different users to log on each time theyneed access. The joint Intel and McAfeesolution includes a location-aware pre-bootoption that enables a PC to boot directlyinto the operating system seeminglywithout a pre-boot environment, whilestill retaining the protections a pre-bootenvironment provides. This configuration isalso useful for streamlining authenticationin an office when a managed device is onthe internal, corporate network. When thePC is in the office, there is no need to showthe pre-boot. But as soon as it leaves theoffice for an insecure area, the user will berequired to authenticate normally.Securely Reset PasswordsImagine that one of your remote userscomes back from a two week vacationand discovers she can’t remember herpassword. She’s now stuck in pre-bootmode, calling the IT administrator for help.In the past, she’d have to call from thecomputer, exchange a 16-character stringwith the help desk, and hope neitherperson misreads or mistypes a character.With McAfee Endpoint Encryption, theadministrator can easily locate the user inthe McAfee ePO console and changeConfigure PCs to Boot AutomaticallyBased on LocationWhen a device is configured for locationaware pre-boot, it reaches out to McAfeeePO during startup and asks for bootpermission. If a positive response isreceived, it simply boots into the operatingsystem. However, if the device cannotreach McAfee ePO or is not on an allowednetwork location, it will automatically showthe pre-boot authentication environment.This unique feature combines convenienceand usability with the secure protectionsof the pre-boot environment.Powerful, Secure RemoteAccess from Intel ActiveManagement Technology(Intel AMT)Intel AMT allows IT or managedservice providers to better discover,repair, and protect their networkedcomputing assets by usingintegrated platform capabilities andpopular third-party managementand security applications. Intel AMTenables IT to remotely diagnoseand repair PCs, ultimately loweringIT support costs.Intel AMT is a feature of Intel Core processors with Intel vPro technology.Simplify and Unify Your EnterpriseSecurity Management and ReportingMcAfee ePO provides a softwaremanagement framework that is capableof scaling to hundreds of thousands ofendpoints. Designed to support distributedarchitectures and security managementteams, McAfee ePO software provides aunified security policy management andreporting environment for your entireMcAfee security infrastructure. Now, bytaking advantage of Intel AMT capabilities,it can take your policies and complianceinitiatives beyond the operating system. Byextending the information you can includein McAfee ePO software dashboards andreports, you can increase your visibility intoeach endpoint’s compliance in addition tothe organization’s overall security posture.5

Secure Your Endpoints and DataProtect Your Business withEfficiency, Manageability, and aLower TCOIntel and McAfee deliver hardwareenhanced security solutions thatprovide deeper levels of protection withunprecedented efficiency, scalability,and control. By combining the hardwarefoundation of security from Intel CorevPro processors with strong management,protection, and encryption software fromMcAfee and Intel, you can help loweryour security operations’ costs whileenhancing your overall security postureand maintaining high performance andproductivity for your users.With this broad, centralized control,security teams have stronger, moreefficient options for protecting endpointsahead of emerging threats. Systems can beupdated before a potential threat reachesthem, and countermeasures can beinitiated remotely, reducing any impact onusers while keeping data safer. The result?Easier, more comprehensive managementfor IT, stronger, proactive protections withgreater compliance for your business, animproved experience for your users, and alower TCO for your company.Learn MoreFor more information on comprehensive hardware-based security solutions from Intel and McAfee, visit the following web sites:McAfee Endpoint ryption.aspxMcAfee ePO Deep d.aspxIntel /data-protection-aes-generaltechnology.htmlIntel vPro:www.intel.com/vproIntel AMT:www.intel.com/amt1Intel vPro Technology is sophisticated and requires setup and configuration. Availability of features and results will depend upon the setup and configuration of your hardware, software, and IT environment. To learn more about the breadth ofsecurity features, visit http://www.intel.com/technology/vpro.2IDC Worldwide Mobile Worker Population 2011-2015 Forecast, doc #232073, December 2011.3Intel Advanced Encryption Standard–New Instructions (Intel AES-NI) requires a computer system with an AES-NI-enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available onselect Intel Core processors. For availability, consult your system manufacturer. For more information, Gartner, “Comparing Endpoint Encryption Technologies,” ID:G00250256. March 2013. http://www.gartner.com/id 2397415.5No system can provide absolute security. Requires an Intel Secure Key-enabled platform, available on select Intel processors, and software optimized to support Intel Secure Key. Consult your system manufacturer for more information.6Security features enabled by Intel AMT require an enabled chipset, network hardware and software, and a corporate network connection. Intel AMT may not be available or certain capabilities may be limited over a host OS-based VPN or whenconnecting wirelessly, on battery power, sleeping, hibernating, or powered off. Setup requires configuration and may require scripting with the management console or further integration into existing security frameworks, and modifications orimplementation of new business processes. For more information, see y/intel-amt/.Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components,software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products.McAfee, the McAfee logo, McAfee ePolicy Orchestrator, and McAfee ePO are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as theproperty of others. The product plans, specifications, and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2013 McAfee, Inc.Intel, the Intel logo, Intel Core, Ultrabook, and vPro are trademarks of Intel Corporation in the U.S. and/or other countries.Copyright 2013 Intel Corporation. All rights reserved. Intel Corporation, 2200 Mission College Blvd., Santa Clara, CA 95052-8119, USA.* Other names and brands may be claimed as the property of others.Printed in USA0713/JL/PRW/PDFPlease Recycle328939-001US

tions.Learnmore

McAfee Endpoint Encryption includes new features that make it easier to identify and activate compatible devices. With the offline activation feature, you can install McAfee Endpoint Encryption, apply a preconfigured policy, and encrypt a device that does not currently have a connection to McAfee ePO. Any machine activated