Transcription
DATA SHEETMcAfee Endpoint SecurityPurpose-built security for operations investigations and security controlsEndpoint Security: What Are Your Priorities?Security can be owned by a single or several teamswithin today’s businesses. In the case of enterpriseorganizations, it is often a function shared by multipleteams such as IT administration and security operations.Whichever approach best describes the role you take inyour business, what matters most to you will naturallylead you to be more concerned with a different setof capabilities and outcomes when it comes to yourendpoint protection platform.The endpoint solution you depend on should alignwith the priorities that matter most to you. Regardlessof your role, McAfee Endpoint Security aligns to yourspecific critical needs—from preventing threats andhunting them to tailoring security controls. With McAfeeEndpoint Security, you can ensure system uptime forusers, find more opportunities for automation, andsimplify complex workflows.Ensure Uptime and VisibilityMcAfee Endpoint Security enables customers torespond to and manage the threat defense lifecycle withproactive defenses and remediation tools. Automaticrollback remediation returns systems to a healthy1McAfee Endpoint Securitystate to keep users and administrators productive,saving time that might otherwise be spent awaitingsystem remediation, performing recovery, or re-imagingan infected machine. Global threat intelligence andreal-time local event intelligence are shared betweenendpoints and integrated McAfee MVISION EDR tocollect threat event details, detect and prevent threatsattempting to evade detection, and map them to theMITRE ATT&CK framework for further investigation.Management is kept simple through a centralizedmanagement console that comes with a choice of local,SaaS, or virtual environment deployments.McAfee Endpoint Security gathers threat insights frommultiple layers of engagement using a single softwareagent to remove redundancies caused by multiplepoint products. The result is an integrated approach tosecurity that removes manual threat correlation and theability to elevate details that require further investigationto incident responders automatically. Threat eventdata is presented in an easy, at-a-glance format via theStory Graph, which visualizes threat details and allowsadministrators to easily drill down and investigate thesources of malicious actors.Connect With Us
DATA SHEETFigure 1. Story Graph.2Integrated Advanced Threat Defenses Automateand Speed Response Timesaction against greyware and other emerging malware,containing them to prevent infection.Additional advanced threat defenses, like DynamicApplication Containment (DAC), are also available as partof the integrated McAfee Endpoint Security frameworkto help organizations defend against the latest advancedthreats.1 For example, DAC will analyze and takeAnother technology for advanced threat is Real Protect,which uses machine-learning behavior classificationto detect zero-day malware and improve detection.The signature-less classification is performed in thecloud and maintains a small client footprint whileMcAfee Endpoint Security
DATA SHEETproviding near real-time detection. Actionable insightsare delivered and can be used to create indicatorsof attack and indicators of compromise. This can beparticularly useful for lateral movement detection,patient-zero discovery, threat actor attribution, forensicinvestigations, and remediation.Real Protect also speeds future analysis by automaticallyevolving behavior classification to identify behaviors andadding rules to identify future attacks that are similarusing both static and runtime features.Lastly, to immediately prevent infection and reduce thetime required for IT security administrators, the clientrepairs the endpoint following a conviction to the lastknown good state.Intelligent Endpoint Protection Lets You KnowWhat Attackers Are Doing NowBetter intelligence leads to better results. McAfeeEndpoint Security shares its observations in real timewith the multiple endpoint defense technologiesconnected to its framework to collaborate andaccelerate identification of suspicious behaviors,facilitate better coordination of defenses, and providebetter protection against targeted attacks and zeroday threats. Insights like file hash, source URL, AMSI,and PowerShell events are tracked and shared notonly with other defenses, but also with the client andmanagement interfaces to help users understandattacks and provide administrators with actionablethreat forensics.3McAfee Endpoint SecurityIn addition, McAfee Threat Intelligence Exchangetechnology empowers adaptive defenses to collaboratewith other McAfee solutions, including gateways,sandboxes, and our security information and eventmanagement (SIEM) solution. Gathering and distributinglocal, community, and global security intelligence shrinksthe time between attack, discovery, and containmentfrom weeks or months to milliseconds.Combined with McAfee Global Threat Intelligence(McAfee GTI), the McAfee Endpoint Security frameworkleverages the cloud to monitor and act on the fullspectrum of new and emerging threats in real timeacross all vectors—file, web, message, and network. Theexisting endpoint footprint and management system isenhanced with localized and global threat intelligenceto combat unknown and targeted malware instantly.Automatic actions against suspicious applications andprocesses quickly escalate responses against new andemerging forms of attack while informing other defensesand the global community.Customers using DAC and Real Protect get insights intomore advanced threats and the behaviors they exhibit.For example, DAC provides information on containedapplications and the type of access that they attempt togain, such as registry or memory.For organizations interested in collecting endpointprocess threat insights to hunt malware and equipincident responders, Real Protect provides insightsinto behaviors that have been deemed malicious and
DATA SHEETclassifies threats. These insights can be particularlyhelpful in uncovering how file-based malware attemptsto evade detection through techniques like packing,encryption, or misusing legitimate applications.Strong and Effective Performance Helps YouRespond in TimeIntelligent defenses are of little value if they impedeusers with slow scans, take a long time to install, orare complicated to manage. McAfee Endpoint Securityprotects the productivity of users with a commonservice layer and our new anti-malware core enginethat helps reduce the amount of resources and powerrequired by a user’s system. Endpoint scans won’timpact user productivity because they only occur whenthe device is idle, and they resume seamlessly after arestart or shutdown.An adaptive scanning process also helps reduce CPUdemands by learning which processes and sources aretrusted in order to focus resources on only those thatappear suspicious or that come from unknown sources.McAfee Endpoint Security possesses an integratedfirewall that uses McAfee GTI to protect endpoints frombotnets, distributed denial-of-service (DDoS) attacks,advanced persistent threats, and risky web connections.4McAfee Endpoint SecurityRelieve the Pressure with Reduced Complexityand Increased SustainabilityThe rapid growth of security products with overlappingfunctionality and separate management consoles hasmade it difficult for many to derive a clear picture ofpotential attacks. McAfee Endpoint Security deliversstrong, long-term protection thanks to its open andextensible framework, which serves as the foundationfor centralizing current and future endpoint solutionsmanagement. This framework leverages the DataExchange Layer for cross-technology collaboration withexisting security investments. The integrated architectureseamlessly integrates with other products from McAfee,further reducing security gaps, technology silos, andredundancies, while improving productivity by lo
Integrated Advanced Threat Defenses Automate and Speed Response Times Additional advanced threat defenses, like Dynamic Application Containment (DAC), are also available as part of the integrated McAfee Endpoint Security framework to help organizations defend against the latest advanced threats.1 For example, DAC will analyze and take
