WIXLIB

Service Data SheetDecember 2018Endpoint Security for DeltaV Systems Decrease risk with intelligent, adaptive scanning Utilize advanced anti-malware protection Identify, remediate and secure your DeltaVsystem from cybersecurity risks throughactionable threat forensics Centralize cybersecurity management withoptional McAfee ePolicy Orchestrator Open, extensible endpoint security frameworkEndpoint Security for DeltaV Systems allows for ease in respondingto and managing of the threat defense lifecycle.IntroductionEndpoint Security for DeltaV Systems software utilizeselements of the McAfee Endpoint Protection Suite of productsto provide endpoint protection (antivirus protection) for keyDeltaV system components.Endpoint Security for DeltaV Systems integrates core functionssuch as essential security to block advanced malware, controldata loss and compliance risks caused by removable mediainto a single, manageable environment ideal for safeguardingtraditional desktops and other systems that have limitedexposure to Internet threats.With the Managed Version, you can correlate threats, attacks,and events from the endpoint, network, data security as wellas compliance audits to improve the relevance and efficiencyof security efforts and compliance reports a single integratedmanagement platform across all these security domains.Accelerated time to protection, improved performance, andeffective management empower security teams to resolvemore threats faster with fewer resources.Two different versions of Endpoint Security for DeltaV Systemsmay be ordered: Managed or Unmanaged. The ManagedVersion includes the ePolicy Orchestrator (ePO). We also offerthis solution in the Unmanaged Version, which does not includethe ePO and is targeted for smaller DeltaV systems. Please readon for more details on both options.BenefitsDecrease risk with intelligent, adaptive scanning: Improvesperformance and productivity by bypassing scanning oftrusted processes and prioritizing suspicious processes andapplications. Adaptive behavioral scanning monitors, targets,and escalates as warranted by suspicious activity.Utilize advanced anti-malware protection: Protects, detects,and corrects malware fast with a new anti-malware engine thatis efficient across multiple devices and operating systems.Identify, remediate and secure your DeltaV system fromcybersecurity risks through actionable threat forensics:With the Managed Version, administrators can quickly seewhere infections are, why they are occurring, and the length ofexposure to understand the threat and react more quickly.Centralize cybersecurity management with McAfee (ePO):True centralized management with a single local console offersgreater visibility, simplifies operations, boosts IT productivity,unifies security, and reduces costs. As a result, you save timeand money—with a more effective security program.

Endpoint Security for DeltaV SystemsDecember tionsPeriodicAuditsCybersecurity Solutions Automated/Manual Patch ManagementServices (WSUS & antivirus) Application Whitelisting Security Information & EventManagement (SIEM) DeltaV ACN Network Security Monitor Backup & Recovery Smart Firewalls, Smart Switches andController Firewalls Incident Response (IR) Services Development Services for IR Plans andPolicy & ProceduresPeriodic Audits Annual or semi-annual follow-up audit Reviews adherence to previousassessment results/remediation Reviews cybersecurity real-worldchanges and suggests any remediationnecessary to protect from these changesCybersecurity Assessments Basic Cybersecurity Assessment& Report Custom Cybersecurity Assessment& Report Cybersecurity Remediation &Consultation ServicesOpen, extensible endpoint security framework: Integratedarchitecture allows endpoint defenses to collaborate andcommunicate for a stronger defense. Results in loweroperational costs by eliminating redundancies and optimizingprocesses. McAfee Endpoint Security for DeltaV Systemsseamlessly integrates with other Intel Security and third-partyproducts to reduce protection gaps.Endpoint Security for DeltaV Systems includes thefollowing elements: yy Enables customers to respond to and manage the threatdefense lifecycle of protected devices.yy Proves for the automated downloading of approvedsignature files to DeltaV workstations and servers basedon your site’s update policies.Solution DescriptionWhat does Endpoint Security for DeltaV Systems provide?Figure 2 illustrates the process by which Endpoint Security forDeltaV Systems handles the introduction of new executablesand how it protects your DeltaV workstations and servers.Once files have been downloaded to a workstation or server,these files are published to the antivirus software resident onthe agent. The software scans the new file and determineswhether it is a malicious file or not. Malicious files are deletedand action logged while “clean” files are available for use. Configuration is driven through the optional McAfee ePOmanagement console.McAfee ePO provides visibility through dashboardsand reports.McAfee Unmanaged Version will still have the McAfee agentbut each endpoint’s policy is individually enforced directly atthe endpoint.www.emerson.com/endpointMcAfee ePO Software(included with Managed Version only)yy McAfee ePO software provides flexible, automatedmanagement capabilities so you identify, manage,and respond to security issues and threats withoutcompromising active process controls. McAfee Agentsyy An agent downloads and enforces policies, and executesclient-side tasks such as deployment and updating. TheAgent also uploads events and provides additional dataregarding each system’s status and must be installedon each system node in your network that you wishto manage.Service DescriptionAgent-based policy auditing scans your endpoints to ensurethat all policies are up to date. Organizations can measurecompliance to best practice policies as well as to keyindustry regulations.Endpoint Security Software Emerson Support Service throughGuardian Support Serviceyy Support service is supplied through Emerson’s GlobalSupport Center (GSC).yy Delivers a monthly Emerson-tested and approvedsignature file for use with DeltaV systems.yy Delivers all software/updates and complete support for theEmerson delivered Endpoint Security for DeltaV Systems.2

Endpoint Security for DeltaV SystemsDecember 2018What is McAfee ePolicy Orchestrator(McAfee ePO)?McAfee ePO Managed Version is a true centralizedmanagement platform with a single local console offeringgreater visibility, simplified operations, boosting ITproductivity, unifying security operations for process control,and reducing overall cybersecurity costs. McAfee ePO providesa unified view of your security posture with drag-and-dropdashboards that provide security intelligence across endpointsand networks.FileDownloadedMcAfee ePO simplifies security operations with streamlinedworkflows for proven efficiencies.You define how McAfee ePO software should direct alerts andsecurity responses based on the type and criticality of securityevents in your environment, as well as create automatedworkflows between your IT/security and process operationssystems to quickly remediate outstanding issues. As aresult, you save time and money — with a more effectivecybersecurity program.McAfee ePO shortens the time from insight to responsethrough actionable dashboards with advanced queriesand reports.Finally, McAfee ePO allows IT personnel to observe/verifycybersecurity elements located on the control system withoutrequiring assistance from operations personnel.Just as secure as the solution described above you may noworder that same protection and security without the (ePO).When deploying Endpoint Security for DeltaV Unmanaged atsite you still benefit from the same industry leading defensebut with a smaller footprint. The McAfee Unmanaged optionis targeted for the smaller DeltaV systems and won’t need theseparate server class machines required for the ePO andAgent Handler.Publishes eventto antivirusAntivirusscans fileFile identifiedas maliciousand deletedForensicsdata captured(Source URL, filehash, etc)Figure 2. How McAfee Endpoint Security 10 handles malicious filedownloads from the Internet.www.emerson.com/endpoint3

Endpoint Security for DeltaV SystemsDecember 2018DeltaV System CompatibilityThe deployment of Endpoint Security for DeltaV Systems software is compatible with 64-bit DeltaV versions v12.3.1 and above.SoftwareInternetGeneric FTPApplicationFirewallAV– Antivirus: McAfee Endpoint SecurityE– McAfee ePO: Management console(optional)A– McAfee AgentLevel 4 - Local LANHistorianServerePO Console(optional)DataServerFirewallLevel 3 - DMZ LayerA AV EEmersonSmart FirewallLevel 2.5Pro PlusStationApplicationStationA AVA AVOperatorStationA AVA AVePO Agent Handler(for ePO only)Level 2 - ACNExample reference architecture for Endpoint Management for Managed DeltaV Systems on a typical DeltaV system.Pro PlusStationApplicationStationA AVA AVOperatorStationA AVLevel 2 - ACNExample reference architecture for Endpoint Management for Unmanaged DeltaV Systems on a typical DeltaV system.www.emerson.com/endpoint4

Endpoint Security for DeltaV SystemsDecember 2018Ordering InformationDescriptionModel NumberEndpoint Security Management Service for DeltaV SystemsEndpoint Security Management Service for DeltaV Systems(1st-Year License/Subscription Service*)For Workstations and Servers with an active Guardian Support ContractFor Workstations and Servers without an active Guardian Support ContractFor Workstations and Servers Unmanaged with an active Guardian Support ContractFor Workstations and Servers Unmanaged without an active Guardian Support nt Security Management Service for DeltaV Systems Media PackEndpoint Security for DeltaV Systems, Media Pack Only **Endpoint Security Unmanaged for DeltaV Systems, Media Pack Only **VE9126MVE9126UMEndpoint Security Management Service for DeltaV Systems Annual License/Subscription Service RenewalFor Workstations and Servers with an active Guardian Support ContractFor Workstations and Servers without an active Guardian Support ContractFor Workstations and Servers Unmanaged with an active Guardian Support ContractFor Workstations and Servers Unmanaged without an active Guardian Support EWVE9126WNUM-RENEW*1st-Year subscription service pricing cannot be pro-rated. Any pro-rating will be done in the renewal year.**1 media pack is required per site.Related ProductsProducts Not SupportedApplication Whitelisting for DeltaV Systems - This Emersonsolution includes McAfee Application Whitelisting softwareconfigured to work specifically with DeltaV out-of-the-box. Thissolution, when properly installed on DeltaV workstations andservers, blocks unauthorized executables on servers, corporatedesktops, and fixed-function devices. Non-Emerson supplied McAfee Endpoint Security versions(i.e. Non-DeltaV versions) are not supported by Emerson. This product cannot be used in conjunction with Symantec Endpoint Protection antivirus solutions. This product cannot be used with 32-bit DeltaV versions.This product and/or service is expected to provide an additional layer of protection to your DeltaV system to help avoid certain types of undesired actions. This product and/orservice represents only one portion of an overall DeltaV system security solution. Emerson does not warrant that the product and/or service or the use of the product and/or serviceprotects the DeltaV system from cyber-attacks, intrusion attempts, unauthorized access, or other malicious activity (“Cyber Attacks”). Emerson shall not be liable for damages,non-performance, or delay caused by Cyber Attack. Users are solely and completely responsible for their control system security, practices and processes, and for the properconfiguration and use of the security products.To learn more, contact your local Emerson sales office or representative, or visit www.emerson.com/endpoint.www.emerson.com/endpoint5