Transcription
DATA SHEETMcAfee MVISION Cloud for Office 365McAfee MVISION Cloud for Office 365 helps organizations securely accelerate theirbusiness by providing total control over data and user activity in Office 365Key Use CasesEnforce sensitive data policies across Office 365Prevent sensitive data that cannot be stored in the cloudfrom being uploaded to or created in Office 365.Build sharing and collaboration guardrailsPrevent sharing of sensitive or regulated data in Office365 with unauthorized parties in real-time.Limit download/sync to unmanaged devicesGain total control over user access to Office 365 byenforcing context-specific policies limiting specific enduser actions.Perform forensic investigations with full contextCapture a complete audit trail of all user activityenriched with threat intelligence to facilitate postincident forensic investigations.Detect and correct user threats and malwareDetect threats from compromised accounts, insiderthreats, privileged access misuse, and malware infection.Connect With Us1McAfee MVISION Cloud for Office 365
DATA SHEETData Loss Prevention (DLP)Prevent regulated data from being stored in Office 365.Leverage McAfee’s content analytics engine to discoversensitive data created in or uploaded to Office 365based on: Keywords and phrases indicative of sensitive orregulated informationPre-defined alpha-numeric patterns with validation(e.g. credit card numbers)Regular expressions to detect custom alpha-numericpatterns (e.g. part numbers)File metadata such as file name, size, and file typeFingerprints of unstructured files with exact andpartial or derivative matchFingerprints of structured databases or otherstructured data filesKeyword dictionaries of industry-specific terms (e.g.stock symbols)“McAfee’s Cloud-Native Data Securitytechnology is helping CaesarsEntertainment protect our valuablecompany data as we move from legacyapplications to cloud applications.”—Les Ottolenghi, Executive Vice President and CIO, CaesarsEntertainment2McAfee MVISION Cloud for Office 365DLP remediation options: Notify the end user Notify an administrator Quarantine the file Delete the file
DATA SHEETCollaboration ControlPrevent sharing of sensitive data with unauthorizedparties via OneDrive/SharePoint Online file and foldercollaboration, as well as Exchange Online in real-time.Common collaboration policies McAfee can enforce: McAfee can enforce secure collaboration based on:Files/foldersEmail Content Internal users/user groups Approved business partners Personal accounts (e.g. gmail.com) Links open to the internet Links accessible to internal users Content Internal users Revoke shared links that can be forwarded andaccessed by anyone with the linkBlock file/folder sharing with personal email accountsLimit file/folder collaboration to internal users orwhitelisted business partnersRemove excessive owner/editor permissions ofexternal users on corporate dataPrevent sending sensitive data via email to external orunauthorized recipientsRemediate collaboration policy violations through: Revoking a shared linkApproved business partners Downgrading permissions to view/editPersonal accounts (e.g. gmail.com) Removing access permissions Blocking delivery of an email Notifying the end user in Office 365“We use McAfee to layer security controlslike data loss prevention and access controlso that the easy path to collaboration isalso the secure path.”—Tim Tompkins, Senior Director of Security Innovation, Aetna3 Prevent file/folder permissions that are open to theinternet or the entire companyMcAfee MVISION Cloud for Office 365
DATA SHEETAccess ControlProtect corporate data from unauthorized access byenforcing granular, context-aware access policies such aspreventing download of sensitive data from Office 365 tounmanaged devices.Control access to Office 365 based on: Device type (e.g. managed, unmanaged) Activity type (e.g. download, upload) Specific user (e.g. David Carter) User attributes (e.g. role, department) IP address range (e.g. network, proxy) Geographic location (e.g. Ukraine)Enforce granular access policies such as: Allow/block access to Office 365 Allow/block specific Office 365 user actions Force step-up authentication“We now have the visibility and control weneed to be able to allow access to thecloud-based tools our employees needto be competitive and efficient, withoutcompromising our security standards.”—Rick Hopfer, Chief Information Officer, Molina Healthcare4McAfee MVISION Cloud for Office 365
DATA SHEETActivity MonitoringGain visibility into Office 365 usage and acceleratepost-incident forensic investigations by capturing acomprehensive audit trail of all activity. McAfee captureshundreds of unique activity types and groups them into14 categories for streamlined navigation. With McAfee,organizations can monitor: Who is accessing Office 365, their role, device type,geographic location, and IP addressHow much data is being shared, accessed, created orupdated, uploaded, downloaded, or deletedSuccessful/failed login attemptsUser account creation/deletion as well as updates toaccounts by administratorsDrill down further into activity streams toinvestigate: A specific activity and all its associated users All activities generated by a single user 5All activities performed by users accessing via TOR oranonymizing proxyAll activities generated by a specific source IP addressor geographic locationAll access of and actions performed on a filecontaining sensitive dataMcAfee MVISION Cloud for Office 365
DATA SHEETUser Behavior Analytics and Malware DetectionSupervised Machine LearningMcAfee uses data science and machine learning toautomatically build models of typical user behavior andidentifies behavior that may be indicative of a threat.McAfee incorporates security analyst input into machinelearning models to improve accuracy. As analysts markfalse positives and adjust detection sensitivity, McAfeetunes detection models. Insider threats: Detect anomalous behavior acrossmultiple dimensions including the amount of datauploaded/downloaded, volume of user action, accesscount, and frequency across time and cloud services.Compromised accounts: Analyze access attemptsto identify impossible cross-region access, bruteforce attacks, and suspicious locations indicative of acompromised account.Privileged user threats: Identify inappropriate userpermissions, dormant accounts, and unwarrantedescalation of user privileges and provisioning.Malware: Block known malware signatures, sandboxsuspicious files, and identify behavior indicative ofmalware data exfiltration or ransomware activity.“In an environment with millions of uniqueevents each day, McAfee does a nice job ofcutting through the noise and directing usto the areas of greatest security concern.”—Ralph Loura, Chief Information Officer, HP6McAfee MVISION Cloud for Office 365Network EffectsWith the largest installed base of any cloud securitysolution, McAfee leverages network effects othervendors cannot replicate. With more users, behaviormodels are able to more accurately detect threats.
DATA SHEETUnified Policy EngineMcAfee leverages a central policy engine to applyconsistent policies to all cloud services. There are threeways to define policies that can be enforced on new andpre-existing content, user activity, and malware threats.Policy templatesOperationalize Office 365 policyenforcement with pre-built templatesbased on industry, security use case,and benchmark.Policy importImport policies from existing securitysolutions or policies from otherMcAfee customers or partners.Policy creation wizardCreate a custom policy with Booleanlogic to conform to any corporate orregulatory requirement. 7Combine DLP, collaboration, and access rules toenforce granular policiesFlexible policy framework leverages triggers andresponse actionsBuild policies using Boolean logic and nested rules andrule groupsEnforce multi-tier remediation based on the severity ofthe incidentSelectively target or exclude specific users and defineexception rulesMcAfee MVISION Cloud for Office 365“With McAfee we were able to implementcloud security policies without impactingbusiness user productivity.”—Brian Lillie, Chief Information Officer, Equinix
DATA SHEETIncident Response ManagementIntegrationsMcAfee’s incident response management console offersa unified interface to triage and resolve incidents. WithMcAfee, organizations can:McAfee integrates with your existing security solutionsincluding the leading vendors in:Data loss prevention (DLP) Identify a single policy and all users violating it Security information and event management (SIEM) Analyze all policy violations by a single user Secure web gateway (SWG) Review the exact content that triggered a violation Next-generation firewall (NGFW) Take manual action, such as quarantining a file Access management (AM) Information rights management (IRM) Enterprise mobility management (EMM/MDM) Rollback an automatic remediation action to restore afile and its permissionsMcAfee streamlines incident response throughautonomous remediation that: 8 Provides end-user coaching and in-app notifications ofattempted policy violationsEnables end users to self-correct the policy violationand resolve the incident alertDramatically reduces manual incident review bysecurity analysts by 97%McAfee MVISION Cloud for Office 365
DATA SHEETMcAfee Sky GatewayEnforces policies inline for data in motion in real-time.Email modeLeverages the native mail flow to enforce policies acrossall messages sent by Exchange Online inline or in passivemonitoring mode.Universal modeSits inline between the user and Office 365 and steerstraffic after authentication to cover all users and alldevices, without agents.McAfee Sky LinkConnects to Office 365 APIs to gain visibility into dataand user activity, and enforce policies across datauploaded or shared in near real-time and data at rest.McAfee Lightning LinkEstablishes a direct out-of-band connection to Office365 to enforce policies in real-time with comprehensivedata, user, and device coverage.McAfee Sky LinkMcAfee Lightning LinkMcAfee Sky GatewayUniversal ModeMcAfee Sky GatewayEmail ModeMcAfee Ground LinkMcAfee Ground LinkBrokers the connection between McAfee and onpremises LDAP directory services, DLP solutions,proxies, firewalls, and key management services.Visit us at www.mcafee.com.2821 Mission College Blvd.Santa Clara, CA 95054888.847.8766www.mcafee.com9McAfee MVISION Cloud for Office 365McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Othermarks and brands may be claimed as the property of others. Copyright 2018 McAfee, LLC. 3750 1018OCTOBER 2018
6 McAfee MVISION Cloud for Office 365 DATA SHEET Supervised Machine Learning McAfee incorporates security analyst input into machine learning models to improve accuracy. As analysts mark false positives and adjust detection sensitivity, McAfee tunes detection models. Network Effects With the largest installed base of any cloud security
