Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Size: px
Start display at page:

Download "Product Guide Revision B. McAfee Cloud Workload Security 5.0.0"

Transcription

1 Product Guide Revision B McAfee Cloud Workload Security 5.0.0

2 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone, McAfee LiveSafe, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, True Key, TrustedSource, VirusScan are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee Cloud Workload Security Product Guide

3 Contents 1 Overview of Cloud Workload Security 5 Key features of Cloud Workload Security How Cloud Workload Security works Managing policies with McAfee epo 9 Cloud Workload Security policies on McAfee epo Finding policies Create an assessment policy Create a firewall policy Assign custom policies to systems in your network Visualization of your cloud accounts 13 Viewing Cloud Workload Security and Workload properties Viewing information about traffic Viewing traffic flow logs View information about Security Groups Viewing information about Threat Prevention Viewing information about Application Control software Viewing information about Change Control software Viewing information about volume encryption Assign assessment policy for your workload Automatic responses Set up automatic responses Manage responses to trigger actions for threat events Remediation 23 Install McAfee Agent on your instances Installing Threat Prevention Install McAfee Endpoint Security Install Application Control on your instances Install Change Control Install Network Intrusion Prevention System on your instances Install Adaptive Threat Protection on your instances Remediate firewall rules Edit the security group rules Detach the security group from an instance Shut down workload Tag workloads Queries and reports 31 Predefined queries View default queries Create custom queries Dashboards and monitors McAfee Cloud Workload Security Product Guide 3

4 Contents 6 Best Practices for using McAfee epo and Cloud Workload Security with AWS 39 How McAfee epo server and clients communicate Scaling McAfee epo installed on AWS Considerations for scalability Managing and remediating workloads using Chef Managing and remediating workloads using Puppet Managing AWS clients using McAfee epo installed on AWS Managing instances in one geographic region Managing instances in one geographic region with one VPC One geographic region deployment with multiple VPCs Multiple geographic region deployment Set up McAfee epo and client communication Managing AWS clients using McAfee epo installed on-premise Using McAfee Agent deployment URL feature Set up McAfee epo and client communication Using Cloud Workload Security Deploying McAfee security products on AWS cloud Deploy McAfee security products on AWS instances using AMIs Deploying McAfee security products on AWS using Cloud Workload Security Frequently asked questions 53 Index 57 4 McAfee Cloud Workload Security Product Guide

5 1 Overview 1 of Cloud Workload Security McAfee Cloud Workload Security helps you discover, import, manage, and secure your Amazon Web Services (AWS), Microsoft Azure, and VMware vcenter virtual infrastructure using McAfee epolicy Orchestrator (McAfee epo ). Cloud Workload Security offers improved visibility and control to address the unique requirements of public cloud server security. It detects and imports virtual infrastructure details, security groups, and virtual networks to the McAfee epo server. It provides control over cloud infrastructure and insight into the threat information across clouds. It also offers infrastructure visibility and security alerts so that you can quickly assess security issues and take immediate actions. Contents Key features of Cloud Workload Security How Cloud Workload Security works Key features of Cloud Workload Security Cloud Workload Security integrates the management feature of McAfee epo with the configured cloud, which hosts and manages VMs and synchronizes periodically with the cloud accounts, and imports the virtual infrastructure details to McAfee epo. It has an innovative dashboard to view and monitor security compliance of your cloud assets. You can flag systems at risk and take corrective actions. You can deploy McAfee Agent and install other McAfee Agent products on the discovered instances. Visualization of your cloud workloads The user interface gives you a complete view into your cloud accounts and their assets with security status. You can view your virtual workload group list, security risk and threat details, other security product installation status, firewall (security group), and other system information of your virtual machines (VM). You can discover your VMs and network traffic even if the machine is inactive or turned off. Compliance and security posture assessment You can view potential threats and unsafe settings so that you can take appropriate actions. You can define compliance policies for security assessment. You can view all high and low compliance events in the Cloud Workload Security dashboard. You can view these details in your network configuration. Security settings that include unsafe firewall settings for AWS and Microsoft Azure accounts. Systems without Threat Prevention, Change Control, Application Control, or Adaptive Threat Protection products installed. McAfee Cloud Workload Security Product Guide 5

6 1 Overview of Cloud Workload Security How Cloud Workload Security works Security group management You can view security group information of your virtual instances across your cloud accounts. You can see how many instances are associated with any firewall (security group) or network security. You can also manage these firewall (security groups) by adding, editing, or deleting rules. You can detach a firewall (security group) from an instance. Network visualization and anomaly detection Cloud Workload Security assesses your cloud configuration and flags systems, which are at risk. You can immediately take appropriate actions and secure your assets. Easy activation of missing protection with a few clicks After visualizing your cloud account structure, and seeing which systems are at risk, you can secure your instances with a few clicks. 1 Manage your instances by installing McAfee Agent. 2 After installing the agent, you can install these McAfee products on your instances. McAfee Endpoint Security McAfee Endpoint Security for Linux McAfee Host Intrusion Prevention for Linux McAfee Application Control McAfee Change Control McAfee Endpoint Security Adaptive Threat Protection (ATP) Support for VMware vcenter cloud instances View your VMware vcenter cloud infrastructure details. You can secure your instances by installing McAfee security products on them. Volume discovery for AWS instances View the encryption status of your AWS volumes. Support for Microsoft Azure Resource Manager Discover, manage, and secure the Microsoft Azure Resource Manager virtual infrastructure with McAfee epo. Cloud usage metering You can track the usage of AWS and Microsoft Azure running cloud VMs with the metering feature. The usage of VMs is tracked in the sum of CPU hours that an account uses on a monthly basis. How Cloud Workload Security works Cloud Workload Security has a variety of components that perform specific functions to discover, manage, and secure your cloud assets. Amazon Web Services (AWS) Collection of web services that make up the cloud computing solution offered by Amazon. Microsoft Azure Cloud computing platform and infrastructure for building, deploying, and managing applications and services through a global network of Microsoft-managed datacenters. 6 McAfee Cloud Workload Security Product Guide

7 Overview of Cloud Workload Security How Cloud Workload Security works 1 Virtual Machines (VMs) An isolated guest operating system installation in a normal host operating system that supports both virtual desktops and virtual servers. Security Groups A virtual firewall for your instances to control inbound and outbound traffic. Network Security Groups A list of rules in Microsoft Azure cloud network that allow or deny network traffic to your instances. Azure Virtual Network A logical isolation of your Azure cloud dedicated to your subscription. AWS Virtual Private Cloud A logically isolated section of Amazon Web Services cloud to launch your AWS resources in a virtual network. McAfee epo Management software that allows you to register a cloud account, so that you can import your VMs and view them. McAfee Agent The client-side component providing secure communication between McAfee epo and managed products. Hypervisor (ESXi) A virtual operating platform that manages the execution of the guest operating systems. They allow multiple operating systems to run concurrently on a hosted system. ESXi are embedded hypervisors for servers that run directly on server hardware, without requiring another underlying operating system. VMware vcenter Console that manages the ESXi servers, which host the guest VMs that require protection. McAfee Cloud Workload Security Product Guide 7

8 1 Overview of Cloud Workload Security How Cloud Workload Security works 8 McAfee Cloud Workload Security Product Guide

9 2 Managing policies with McAfee epo You can integrate and manage assessment policies using McAfee epo. McAfee epo provides centralized policy management and enforcement of your McAfee security products and the systems where they are installed. It also provides comprehensive reporting and product deployment capabilities through a single point of control. Contents Cloud Workload Security policies on McAfee epo Finding policies Create an assessment policy Create a firewall policy Assign custom policies to systems in your network Cloud Workload Security policies on McAfee epo The default policies fit the broadest set of customer environments. You can tune these policies to fit your environment. Cloud Workload Security adds these categories in the Policy Catalog. Category Assessment Rules Firewall Assessment Rules General Description This policy defines the firewall settings for the systems. You can set inbound rules for the systems. It also defines how the systems are flagged if they violate the specified rules. This policy defines how the systems are flagged if the products aren't installed. Assessment Rules General, has Core Protection, Full Compliance, McAfee Default, and My Default policies. Assessment Rules Firewall, has McAfee Default and My Default policies. You can use these policies as is or you can edit My Default policies. Policy Description McAfee Default Defines the out-of-the-box policy that takes effect if no other policy is applied. You can duplicate this policy, but you can't delete or change it. My Default Defines the customizable default policy for your environment. Modify this policy to create your own customized default policy. Core Protection Full Compliance Defines the core or important protection that you can have in your environment. Defines the strongest protection that you can have in your environment. McAfee Cloud Workload Security Product Guide 9

10 2 Managing policies with McAfee epo Finding policies Finding policies View and manage your firewall policies from three locations in the McAfee epo console. You can assign policies to your cloud accounts using the Assigned Policies tab (Systems System Tree Assigned Policies for a selected group in the System Tree), and the Policy Catalog tab (Systems Policy Catalog). You can also assign policies from Cloud Workload Security user interface when you register your cloud accounts. Use the Policy Catalog to: Create policies. View and edit policy information. View where a policy is assigned. View the settings and owner of a policy. View assignments where policy enforcement is disabled. Import and export policies. Duplicate policies. Share policies. Use the Assigned Policies tab to: View the available policies of a particular feature of the product. View details of the policy. View inheritance information. Edit policy assignment. Edit custom policies. Create an assessment policy Create a custom assessment policy to suit your environment. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Policy Policy Catalog, then from the Product list, select Cloud Workload Security. 3 From the Category list, select Assessment Rules - General. 4 Click the name of an editable policy. You can edit the My Default policies, or any policies that you create. McAfee Default policies aren't editable. 10 McAfee Cloud Workload Security Product Guide

11 Managing policies with McAfee epo Create a firewall policy 2 5 Set the product flags to Must Have, Good to Have, or Optional. If Must Have products are missing, critical alerts (red) are flagged. If Good to Have products are missing, warnings (yellow) are flagged. If Optional products are missing, no alerts are flagged. You can set these flags for Strong Security Groups, Volume Encryption, Intrusion Prevention, Threat Prevention, Application Control, Change Control (FIM), and Adaptive Threat Prevention. Strong Security Groups are always set as Must Have for your AWS and Microsoft Azure accounts. You cannot change this setting for AWS and Microsoft Azure accounts. 6 Click Save. The new policy appears in the Policy Catalog. Create a firewall policy Create a custom firewall policy to suit your environment. Task 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Policy Policy Catalog, then from the Product list, select Cloud Workload Security. 3 From the Category list, select Assessment Rules - Firewall. 4 Select New Policy, type a name for the policy, then click OK. 5 Click the name of an editable policy. You can edit the My Default policies, or any policies that you create. McAfee Default policies aren't editable. McAfee Cloud Workload Security Product Guide 11

12 2 Managing policies with McAfee epo Assign custom policies to systems in your network 6 Specify which inbound firewall rules can come from which IP addresses and their severities. Option If inbound firewall rule to port Then flag as Severity Select the inbound port from the list. Select the flag value from Safe or Critical. If you don't specify a rule for a port, it is flagged as Warning. Critical alerts are flagged for unrestricted IP addresses (with suffix /0) only. For example, a firewall policy is set in Cloud Workload Security (RDP) Critical 80 SAFE These are the assessment results Anywhere RED 3389 <Custom IP> SAFE 80 Anywhere SAFE 80 <Custom IP> SAFE 8082 Anywhere YELLOW 8082 <Custom IP> YELLOW 7 Click Save. The new policy appears in the Policy Catalog. Assign custom policies to systems in your network When you assign custom policies to a set of systems, they are effective after the next synchronization. If you want them to be effective immediately, schedule a manual sync. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems System Tree, then select your group of systems from the hierarchy. You can go to the Policy Catalog page from the Register Cloud Account pane of Cloud Workload Security user interface 3 From the Assigned Policies, you can see policies assigned to these systems. Click Edit Assignment. 4 Select Break inheritance and assign the policy and settings below for Inherit from. 5 Select your custom policy from the Assigned Policy list, then specify the values for other fields. 6 Click Save. 12 McAfee Cloud Workload Security Product Guide

13 3 Visualization of your cloud accounts Cloud Workload Security enables you to see your cloud infrastructure assets and their hierarchy. Configure and register the cloud accounts with McAfee epo using Menu Systems Cloud Workload Security. You can view your cloud account information, security issues, risks, and other threat details. Contents Viewing Cloud Workload Security and Workload properties Viewing information about traffic View information about Security Groups Viewing information about Threat Prevention Viewing information about Application Control software Viewing information about Change Control software Viewing information about volume encryption Assign assessment policy for your workload Automatic responses Viewing Cloud Workload Security and Workload properties The new Cloud Workload Security dashboard gives a detailed view of your cloud account and all its aspects. The Cloud Workload Security panels display Total Workloads, Compliance Events, and Threat Events. Compliance Events displays the compliance summary of all powered-on instances. Threat Events displays the threat summary of powered-on and powered-off instances. You can see the threats in your environment irrespective of the machine status. You can view: Total Workloads Accounts Compliance Events Workload Details McAfee Cloud Workload Security Product Guide 13

14 3 Visualization of your cloud accounts Viewing Cloud Workload Security and Workload properties Threat Events Event Details Systems All account properties are color-coded to reflect their security status. Events and workloads are classified as critical or warning if they violate the security policies. The policy definitions in the McAfee epo Policy Catalog determine the severity of the threat. Red Critical Yellow Warning Cloud accounts The Accounts panel lists the cloud vendor accounts registered in McAfee epo. Select your account and you can see list of virtual networks in your account. For a VMware vcenter account, you can see the list of datacenters or clusters in the account. Select the virtual network and you can see the workloads under that virtual network. Select a datacenter or cluster to see the list of hypervisors in it. Select a hypervisor to see the list of workloads in the hypervisor. If you select the VM, you can see the security status, management status, and system properties for that VM. If you have any VMs which aren't grouped under any VPC, they are placed under Ungrouped VMs for AWS instances. You can see if the VM is managed. If it isn't managed, you can install McAfee Agent. Network security accounts The Network Security panel lists the Network Security Manager (NSM) accounts registered in McAfee epo. You must install McAfee License extension to register the NSM account. 14 McAfee Cloud Workload Security Product Guide

15 Visualization of your cloud accounts Viewing information about traffic 3 Viewing information about traffic You can view a number of blocked internal connections, and the accepted suspicious and malicious external connections to and from your AWS and Azure instances. The internal and external traffic is captured as East-West and North-South traffic respectively You can view traffic details of your instances under the Threat Events pane. A number of products are deployed in Cloud Workload Security to detect threat events. The traffic displayed is the data accumulated for a maximum of seven days. You must install McAfee License extension to view the traffic details of your cloud accounts. Product Traffic Anomalies Detection Threat Protection Adaptive Threat Protection Network Intrusion Prevention Issues Malicious Connection Risk Port Assessment Suspicious Connection Blocked Connection Malware Detected Exploit Prevention Malicious Behavior Detected Advanced Malware Detected Network Prevention Alerts Traffic discovery After you register your cloud accounts, you can discover traffic details for your instances. You must set the required privileges and rules for your AWS account and Microsoft Azure account to enable network traffic flow logs at VPC levels and to discover Network Security Group traffic discovery respectively. These policies and rules allow Cloud Workload Security to discover network traffic logs. Traffic assessment Global Threat Intelligence (GTI) Detects malicious and suspicious North-South connections. Cloud Workload Security performs IP/connection reputation to determine the severity of the risk. The malicious and suspicious connections are categorized to high and medium risks, and color-coded in red and yellow respectively. Risk port assessment Identifies the ports with security risks based on the firewall policies. Your connections are classified in to malicious and suspicious connections based on risk port assessment. For example, The port 3389 is identified as a risk port based on firewall (security group) policies. A North-South inbound traffic trying to approach your workload through port 3389 is assessed as a malicious connection. You can set the safe and critical ports in your firewall (security group) policy for to remediate workloads. McAfee Cloud Workload Security Product Guide 15

16 3 Visualization of your cloud accounts Viewing information about traffic Network prevention alerts You can view the network prevention alerts for your instances from your registered Network Security Manager (NSM) account. When you enable traffic discovery for your Azure account, Cloud Workload Security create storage accounts for each geographical location. You can only create 200 storage accounts for one subscription. Azure traffic sync fails if the storage account number exceeds 200 per subscription. You will be charged when a storage account is created. For more information about the pricing, see Azure pricing for storage accounts. For one traffic sync, you can view only 8000 records. Viewing traffic flow logs You can view the graphical representation of your traffic in the Traffic pane when you click the Graph button. You can view the East-West and North-South traffic on your workload using the filters present in the Traffic pane. The Cloud Workload Security traffic card has filters to view the flow logs based on time intervals. The traffic card has filters to display inbound traffic, outbound traffic, and blocked connections. Inbound connections are traffic flowing towards the workload whereas, outbound connections are traffic flowing from the workload. Blocked connections are blocked inbound and outbound connections. Time Displays the date and time of occurrence of the selected event. Time Range(+/-) Filters the issues based on time intervals. 1 minute Filter issues occurred a minute before and after the time of occurrence of the selected event. 5 minutes Filter issues occurred 5 minutes before and after the time of occurrence of the selected event. 15 minutes Filter issues occurred 15 minutes before and after the time of occurrence of the selected event. 30 minutes Filter issues occurred 20 minutes before and after the time of occurrence of the selected event. Show Filter inbound, outbound, and blocked connections based on traffic flow. By default, the inbound and outbound connections are selected. 16 McAfee Cloud Workload Security Product Guide

17 Visualization of your cloud accounts View information about Security Groups 3 In addition to the filters, you can view the direction of traffic flow by selecting any issue under the Traffic pane. The direction of flow is highlighted for the selected issue. You can view information about the security groups associated with your instance by selecting the Show Security Groups option from the menu in the Workload block. You can shut down your workload as a remediation measure by selecting the Shut Down Workload option from the menu in the Workload block. The Table button will take you back to the instance details. View information about Security Groups You can view all security groups associated with your instances. Based on the enterprise rules set, the security group status is either red or yellow. Select an instance from the Compliance Events or Threat Events pane to view more information about the security groups under Workload Details or Event Details respectively. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. 3 Select your workload from Systems. Select an instance from the instance list under Compliance Events. Select an instance from the instance list under Threat Events. 4 To view more information of your security groups. For instances under Compliance Events, select Show Security Groups from the Take Action combo box. For instances under Threat Events: Click Graph. Click the menu icon in the Workload block. Select Show Security Groups. McAfee Cloud Workload Security Product Guide 17

18 3 Visualization of your cloud accounts View information about Security Groups Table 3-1 Security Groups Property Security Groups ID Association Definition Displays the name of the security or network security group. Displays the ID of the security or network security group. Displays the number of instances associated with this security group or the network security group. Some VMs in Microsoft Azure accounts might not be associated with any security groups. 5 Click Edit Rules or double-click the security group to view the rules in each security group. For threat events, you can edit the security group rules by clicking the workload name under Edit Inbound Rules for under the Event Details. Table 3-2 Rules Property Security Group Associated Workloads Type Protocol Port Range Priority Definition Name of the security group rule. For Azure instances, every security group rule has a name. Not applicable to AWS instances. Displays other instances that are associated with this security group (firewall). Displays the Protocol type, which you can change. Displays the protocol allowed. Displays the port range allowed. Displays the priority of this rule in the security group. Priority applies only to Microsoft Azure Network Security Groups. 18 McAfee Cloud Workload Security Product Guide

19 Visualization of your cloud accounts Viewing information about Threat Prevention 3 Table 3-2 Rules (continued) Property Access Source Definition Displays if this is allow rule or deny rule for Microsoft Azure instances. You can't edit deny rules. Deny rules aren't assessed. Displays the source IP address. You can choose Anywhere to allow connections from all traffic or Custom IP to provide an IP address that you want to allow. For AWS instances, you can also provide the security group for which you want to allow traffic. Viewing information about Threat Prevention To protect your instances from attacks, make sure that you install and configure the appropriate McAfee anti-malware software such as McAfee VirusScan Enterprise and McAfee Endpoint Security. Your instance is color-coded and classified according to the anti-malware policy that you set in the McAfee epo Policy Catalog. When checking for the presence of anti-malware software, the results depend on the cloud environment and operating system. Install McAfee Endpoint Security on your Windows instances and McAfee Endpoint Security for Linux on your Linux instances. Depending on the Threat Prevention products installed, you can view these product properties. Product McAfee Endpoint Security for Windows McAfee Endpoint Security for Linux Properties On-Access General On-Access ScriptScan Access Protection Exploit Prevention DAT On-Access General On-Access ScriptScan DAT You can: See if any properties are enabled or disabled. For details, see the product guides for the anti-malware products. Install McAfee Endpoint Security on your instances. Tag this system with the McAfee epo tags related to product deployment tasks. See the product guide for your version of McAfee epo. All Threat Prevention properties should be enabled, and DAT should not be older than 7 days. If the DAT for any workload is older than 7 days, then the Threat Prevention status is noncompliant. Viewing information about Application Control software Install McAfee Application Control to protect your system from unauthorized applications. You can see if your instance has McAfee Application Control software installed. Your instance is color-coded and classified according to the policy that you set in the McAfee epo Policy Catalog. McAfee Cloud Workload Security Product Guide 19

20 3 Visualization of your cloud accounts Viewing information about Change Control software You can see if McAfee Application Control is installed and enabled on the instance. For details, see the product guide for McAfee Application Control. Viewing information about Change Control software Install McAfee Change Control file integrity monitoring solution to prevent any changes made in your environment that may lead to a security breach. You can see if your instance has McAfee Change Control software installed. Your instance is color-coded and classified according to the policy that you set in the McAfee epo Policy Catalog. You can see if Change Control is installed and enabled on the instance. For details, see the product guide for McAfee Change Control. Viewing information about volume encryption You can view if your AWS volumes encrypted or not. You can view the number of root and data volumes for your instances. Though both root and data volumes are shown, only data volumes are assessed for your AWS instances. Your instances are color-coded and classified according to the policy that you set in the McAfee epo Policy Catalog for volume encryption. You can view these details for your volumes. Property Status Type ID Definition The encryption status of the volumes. The type of the volume (root or data volume). The volume ID. Assign assessment policy for your workload Select or create an assessment policy from the Workload Details pane to assign policy to the selected workload. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. 3 Select Workload Group or Account from the Systems pane, then select any category from the Event list. 4 Select the workload for which you have to assign the assessment policy. 5 Select a policy from the Assessment Policy drop-down list. You can create your own policy or select an existing policy from the Workload Details pane. Click Policy Catalog to go to the Policy Catalog page to create or select a policy. next to 6 Click Save. 20 McAfee Cloud Workload Security Product Guide

21 Visualization of your cloud accounts Automatic responses 3 Automatic responses Configure your McAfee epo server to trigger an action in response to critical or warning issues. Set automatic responses from Menu Automation Automatic Responses if you want a notification sent to you. The standard templates for Cloud Workload Security are: Noncompliant critical workloads for AWS and Azure Noncompliant warning workloads for AWS and Azure Noncompliant critical workloads for vsphere Noncompliant warning workloads for vsphere You can set up responses for other events also as needed. Set up automatic responses Configure McAfee epo server to receive automatic responses through . Before you begin Specify the SMTP server name and the SMTP server port in Server from Menu Configuration Server Settings. For details about automatic responses and specifying the server, see the product guide for your version of McAfee epo. Task 1 Click Menu Automation Automatic Responses. 2 Select Preset as Cloud Workload Security. 3 Click New Response or click Edit next to an existing template. 4 On the Description page, type a unique name and any notes for the rule, if you are creating a template. 5 In the Event field, select: Event Group Cloud Workload Security Event Type Critical Issues or Warning Issues 6 Click Next. 7 On the Filter page, select: Account Name Filter the cloud account name. Datacenter Filter the datacenter name. This is applicable for vsphere. epo Tags Filter McAfee epo tags assigned to instances. Instance ID Filter AWS or Azure workload ID. Issue Subtype Select any option from the drop-down list. Issue Type Select any option from the drop-down list. Platform Filter the operating system running on the instance. Region Filter the region. Type the name of the region or the location of the instance. For example, if you want instances in the ap-southeast-1 location, type ap-southeast-1/asia Pacific (Singapore). McAfee Cloud Workload Security Product Guide 21

22 3 Visualization of your cloud accounts Automatic responses UUID Filter UUID of the vsphere workload. Vendor Type Filter the cloud service provider. Type AWS, Azure, or vsphere. 8 Click Next. 9 Define when the event triggers the rule on the Aggregation page. For details, see Set thresholds for the rule in the McAfee epolicy Orchestrator Product Guide. 10 Click Next. 11 On the Actions page, compose the and select the recipients. For details, see Configure the action for Automatic Response rules in the McAfee epolicy Orchestrator Product Guide. 12 On the Summary page, verify the information, then click Save. The new response template for Cloud Workload Security appears in the Automatic Responses list. Manage responses to trigger actions for threat events You can set up an automatic response in McAfee epo that is triggered for every ENS/ENSL event. This response updates the threat count in the Cloud Workload Security console. The threat count displays the number of threat instances discovered in the last 7 days. The threat instances are categorized based on the virtual private cloud on the Workload Group List. The threat instance details of the selected workload group appears in the Workload Groups Overview pane. Before you begin You installed the Cloud Workload Security extension on McAfee epo. You downloaded the Rule _ThreatEventTriggerforENS_ENSL file. Task By default, the threat event response for ENS/ENSL is configured. The administrator can configure the automatic responses, if it is configured incorrectly. 1 Select Menu Automation Automatic Responses. 2 Click Import Response. 3 Click Choose File on the Automatic Responses page. 4 Select Rule_ThreatEventTriggerforENS_ENSL and click OK. 5 Click Enable Response in the Import Response Details dialog box, then click OK. The new response template for epo Notification Events appears in the Automatic Responses list. The previous threat event response also appears in the Automatic Responses list. You must disable or delete the duplicate response. 6 To disable or delete a response: Select the response Click Actions drop-down list Select Disable Responses to disable the response Select Delete Responses to delete the response 22 McAfee Cloud Workload Security Product Guide

23 4 Remediation 4 After viewing the details of your cloud accounts, and seeing which systems are at risk, activate missing protection by installing McAfee products and correcting firewall settings. You can manage your instances by installing McAfee Agent. You can install other McAfee products after installing McAfee Agent. Contents Install McAfee Agent on your instances Installing Threat Prevention Install Application Control on your instances Install Change Control Install Network Intrusion Prevention System on your instances Install Adaptive Threat Protection on your instances Remediate firewall rules Shut down workload Tag workloads Install McAfee Agent on your instances To manage your unmanaged instances with McAfee epo, install McAfee Agent. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. 3 Select your workload from Systems pane, then select an instance from the instance list under Compliance Events. 4 Select Install McAfee Agent from the Take Action combo box. See KB85233 for details to install McAfee Agent on your instances using deployment URL. 5 Do one of the following: Enter the logon credentials, then click Install. Run the deployment Script. You can see the installation status on the Systems page. If your McAfee epo server doesn't receive installation status, it times out after 60 minutes. McAfee Cloud Workload Security Product Guide 23

24 4 Remediation Installing Threat Prevention Installing Threat Prevention Protect your instance by installing appropriate McAfee anti-malware software based on your operating system and cloud environment. You can install Endpoint Security on your Windows instances and Endpoint Security for Linux on your Linux instances. Install McAfee Endpoint Security Protect your instance by installing Endpoint Security or Endpoint Security for Linux. Before you begin Install McAfee Agent on your unmanaged instances to manage them with McAfee epo. You cannot install Endpoint Security from Cloud Workload Security if McAfee Host Intrusion Prevention, McAfee VirusScan Enterprise, or McAfee MOVE AntiVirus is installed on your instances. If Host Intrusion Prevention and Endpoint Security are installed, Cloud Workload Security checks for the presence of Endpoint Security and its properties. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. 3 Select your workload from the Systems pane, then select an instance from the systems list under Compliance Events. 4 Select Install Threat Prevention from the Take Action combo box, then click Install. Endpoint Security is installed on Windows Workloads, and Endpoint Security for Linux is installed on Linux workloads. You can see the installation status on the Systems page. If your McAfee epo server doesn't receive installation status, it is timed out after 60 minutes. Install Application Control on your instances Protect your instance by installing McAfee Application Control. Before you begin Install McAfee Agent on your unmanaged instances to manage them with McAfee epo. Make sure you have the appropriate license before installing this product. See the product guide for Application Control before installing this product. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. 3 Select your workload from the Systems pane, then select an instance from the systems list under Compliance Events. 4 Select Install Application Control from the Take Action combo box, then click Install. 24 McAfee Cloud Workload Security Product Guide

25 Remediation Install Change Control 4 You can see the installation status on the Systems page. If your McAfee epo server doesn't receive installation status, it times out after 60 minutes. Application Control is activated in Observe Mode for your windows workloads. The Windows workloads aren't restarted and all features except Memory Protection are available. Memory protection is available after restarting your instance. Install Change Control Protect your instance by installing McAfee Change Control. Before you begin Install McAfee Agent on your unmanaged instances to manage them with McAfee epo. Make sure that you have appropriate license before installing this product. See the product guide for McAfee Change Control before installing this product. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. 3 Select your workload from the Systems pane, then select an instance from the systems list under Compliance Events. 4 Select Install Change Control (FIM) from the Take Action combo box, then click Install. You can see the installation status on the Systems page. If your McAfee epo server doesn't receive installation status, it times out after 60 minutes. Install Network Intrusion Prevention System on your instances Protect your instances from sophisticated threats by installing Network Intrusion Prevention. Before you begin Install McAfee Agent on your unmanaged instances to manage them with McAfee epo. Make sure you have the appropriate license before installing this product. Make sure that the Network Security Manager (NSM) server details are registered under Accounts Network security. Make sure that the vnsp prerequisites like controller and cluster are deployed for the VPC and subnet of the selected instance. See the product guide for Network Security Platform before installing this product. For information about vnsp integration, see KB Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. McAfee Cloud Workload Security Product Guide 25

26 4 Remediation Install Adaptive Threat Protection on your instances 3 Select your workload from the Systems pane, then select an instance from the systems list under Compliance Events. 4 Select Install Network IPS from the Take Action combo box, then click Install. You can see the installation status on the Systems page. If your McAfee epo server doesn't receive installation status, it times out after 60 minutes. Install Adaptive Threat Protection on your instances Adaptive Threat Protection analyzes content from your enterprise and decides what to do based on file reputation, rules, and reputation thresholds. Before you begin Install Adaptive Threat Protection policies to configure queries, reports, and dashboards to monitor threat activity within your environment. Install McAfee Agent on your unmanaged instances to manage them with McAfee epo. Make sure you have the appropriate license before installing this product. See the product guide for Adaptive Threat Protection before installing this product. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. 3 Select your workload from the Systems pane, then select an instance from the instance list under Compliance Events. 4 Select Install Adaptive Threat Protection from the Take Action combo box, then click Install. You can see the installation status on the Systems page. If your McAfee epo server doesn't receive installation status, it times out after 60 minutes. The Adaptive Threat Protection module is supported on Windows systems only. Remediate firewall rules To protect and secure your cloud instances that are classified as red, correct the firewall rules. You can correct the firewall settings from Policy Catalog: See Where to find policies. Task 1 Select Menu Systems Cloud Workload Security. 2 Select your workload from Systems. Select an instance from the instance list under Compliance Events. Select an instance from the instance list under Threat Events. 26 McAfee Cloud Workload Security Product Guide

27 Remediation Remediate firewall rules 4 3 To view more information of your security groups. For instances under Compliance Events, select Show Security Groups from the Take Action combo box. For instances under Threat Events: Click Graph. Click the menu icon in the Workload block. Select Show Security Groups. 4 Click Edit Rules or double-click the security group to view and correct the firewall rules in each security group. 5 Edit or add new rules and click Apply Changes. Tasks Edit the security group rules on page 27 Change the rules in your security group policy and secure your critical instances. Detach the security group from an instance on page 28 To secure your critical systems, remove the association of the security group to your AWS instance. Edit the security group rules Change the rules in your security group policy and secure your critical instances. Task 1 Log on to McAfee epo as an administrator. 2 Select the critical system and its security group policy from: Select Menu Systems Cloud Workload Security. Select your workload from the Systems pane. Select an instance from the instance list under Compliance Events. Select an instance from the instance list under Threat Events. 3 To view more information of your security groups: For instances under Compliance Events, select Show Security Groups from the Take Action combo box. For instances under Threat Events: Click Graph. Click the menu icon in the Workload block. Select Show Security Groups. A red dot highlights the noncompliant rules. 4 Click Edit Rules or double-click the security group to view the rules in each security group. For threat events, you can edit the security group rules by clicking on the workload name under Edit Inbound Rules for under the Event Details. Changes made to the security group will be applied to all other instances that are associated with the security group. Make sure that you review other server instances that are associated with the security group. 5 Edit the security group rules by changing Type, Protocol, Port range, or Source. For Microsoft Azure instances, you cannot edit rules that have Access as Deny. McAfee Cloud Workload Security Product Guide 27

28 4 Remediation Shut down workload 6 While editing Source, you can choose Anywhere to allow connections from all traffic or Custom IP to provide an IP address that you want to allow. For AWS instances, you can also provide the security group for which you want to allow traffic. 7 To add a rule, select Add New Rule and type in the values. 8 To delete a non-complaint rule, click the delete icon. 9 Click Apply Changes. You can see the action details for edit, delete, update, or add in Menu User Management Audit Log. Detach the security group from an instance To secure your critical systems, remove the association of the security group to your AWS instance. If your workload has only one security group associated with it, you can't detach it. A security group which is associated with this workload can also be associated with many NICs. You can't detach a security group if it is the only security group associated with a NIC. You can detach a security group only from your AWS instances. Task 1 Log on to McAfee epo as an administrator. 2 Select the critical system and its security group policy from: Select Menu Systems Cloud Workload Security. Select your workload from the Systems pane. Select an instance from the instance list under Compliance Events Select an instance from the instance list under Threat Events. 3 To view security groups: For instances under Compliance Events, select Show Security Groups from the Take Action combo box. For instances under Threat Events: Click Graph. Click the menu icon in the Workload block. Select Show Security Groups. A red dot highlights the noncompliant rules. 4 Select one of them and click Detach to detach the security group policy from this instance. You can see the detach failure or success details in the Detached Status window. Shut down workload The malicious East-West traffic trying to approach your workload creates security risk. As a remediation measure, you can shut down the affected workload. You can shut down AWS and Microsoft Azure instances only. 28 McAfee Cloud Workload Security Product Guide

29 Remediation Tag workloads 4 Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. 3 Select your workload from the Systems pane, then select an instance. 4 Shut down the workload using these three methods. Select an instance under Compliance Events, then select Shut Down Workload under the Take Action combo box. Select an instance under Threat Events, then click the Shut Down Workload button in the Event Details pane. Click Graph, then select Shut Down Workload from the menu in the Workload or East-West blocks. You can shut down only one workload at a time. 5 Click OK. The shut down workload under Compliance Events will be removed from the Cloud Workload Security user interface only after performing a sync. The shut down workload under Threat Events will appear in the Cloud Workload Security user interface even after the shut down. Tag workloads Tag your instances with McAfee epo tags related to product deployment tasks. You can create auto tags for your instances based on account name and platform. You can also bulk tag selected instances. Task 1 Log on to McAfee epo as an administrator. 2 Select Menu Systems Cloud Workload Security. 3 Select your workload from the Systems pane, then select an instance or multiple instances from the instance list under Compliance Events. McAfee Cloud Workload Security Product Guide 29

30 4 Remediation Tag workloads 4 Select Tag from the Take Action combo box. 5 Enter a tag name and click Add. 6 Click Save. You can see the tag details of your instances on the Workload Details pane. 30 McAfee Cloud Workload Security Product Guide

31 5 5 Queries and reports With Cloud Workload Security, you can quickly generate a summary view of all registered datacenters. The predefined queries and dashboards provide out of the box functionality, because they are added to your McAfee epo server when the software is installed. You can configure these queries to display results in charts or tables, which you can use as dashboard monitors. Query results can be exported to several formats, which you can download or send as an attachment to an message. You can view the list of predefined queries for the datacenters from Queries and reports McAfee Groups Data Center. You can view the list of predefined queries for the public cloud accounts from Queries and reports McAfee Groups Public Cloud. Contents Predefined queries Create custom queries Dashboards and monitors Predefined queries You can use predefined queries as is, edit them, or create queries from events and properties stored in the McAfee epo database. To create custom queries, your assigned permission set must include the ability to create and edit private queries. Data center provides these predefined queries. McAfee Cloud Workload Security Product Guide 31

32 5 Queries and reports Predefined queries Query Anti-Malware Status Definition Specifies whether the system is in one of these states: Application Control Enabled These VMs have McAfee Application Control installed and enabled. Only Anti-Virus Enabled These VMs have a McAfee anti-malware product installed and enabled. Unprotected These VMs don't have any McAfee anti-malware product enabled. Application Reputation Categorizes the applications based on McAfee Global Threat Intelligence (McAfee GTI) file reputation: Good Bad Unclassified For details about file reputation, see the product documentation for McAfee Application Control. AV Protection by Product Security Incidents (last 14 days) Displays the anti-virus protection status of McAfee products. Displays the events reported for these components on the VMs in the last 14 days. Antivirus Firewall Memory Protection Data Centers File Integrity Monitoring Status Host Firewall Status Displays all registered datacenters. Displays the number of VMs with File Integrity Monitoring (FIM) installed and enabled. For details about FIM, see the product documentation for McAfee Change Control. Specifies whether the system is in one of these states: Firewall Enabled These VMs have McAfee Host Intrusion Prevention (McAfee Agent-based) installed. Not in use These VMs don't have McAfee Host Intrusion Prevention (McAfee Agent-based) installed. OS Distribution Usage Metering Report The OS Type shows the template value selected while creating the VMs. But, it might not be the actual operating system installed on the VM. Displays the usage of cloud accounts in number of hours per month. CPU cores Usage Month Specifies if the CPU cores used are single, dual, or quad core plus, and the usage month. Sum of Hours used Specifies the sum of usage hours. 32 McAfee Cloud Workload Security Product Guide

33 Queries and reports Predefined queries 5 Query Endpoint Scan Report Definition Displays the details of the last scan of the endpoints. Best Practice: To get accurate data in this report, first run the Data Center: Compute Endpoint Reports server task from Menu Automation Server Tasks. Endpoint The name of the endpoint. IP Address The IP address of the endpoint. Category The group/resource pool/host of the endpoint. Operating System The operating system details. Last Scan The last on-demand scan time for an endpoint with anti-virus software. Endpoint Security Report Displays the protection status of the endpoints. Best Practice: To get accurate data in this report, first run the Data Center: Compute Endpoint Reports server task from Menu Automation Server Tasks. Endpoint The name of the endpoint. IP Address The IP address of the endpoint. Virtual Specifies whether the endpoint is a virtual system. VM Classification Specifies if the VM is a part of public (Cloud Machine) or private (Virtual Machine) cloud. Vendor The name of the cloud service provider of the endpoint. Power Status Specifies the power status of the endpoint. Category The group/resource pool/host of the endpoint. Operating System The operating system details. AntiVirus/Antimalware The name of the McAfee anti-virus and anti-malware software installed on the endpoint. Firewall The name of the McAfee software with the firewall protection active on the endpoint. Whitelisting Specifies whether the whitelisting feature is enabled. Access Protection The name of the McAfee software that provides access protection. Memory Protection The name of the McAfee software that provides memory protection. Last Communication The time details of the last server-client communication. Instance Assessment Status Data Protection per Cloud VM The number of instances that are classified as critical and the number of instances that are classified as warning. The number of VMs that are encrypted and not encrypted. View default queries To generate reports based on datacenter components, run the predefined queries. Task 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Reporting Queries & Reports. McAfee Cloud Workload Security Product Guide 33

34 5 Queries and reports Create custom queries 3 From the Groups pane, select Data Center to display the queries for the selected group. Reports are grouped under McAfee Groups. 4 From the Queries list, select a query, then click Run. 5 In the query results page, click any item in the results to drill down. 6 Click Close when finished. Create custom queries You can create custom queries that retrieve and display the details related to the Usage Metering Report and network traffic reports. With this wizard, you can configure which data is retrieved and displayed, and how it is displayed. Before you begin Make sure that you have administrator rights to perform this task. Task 1 Log on to the McAfee epo server as an administrator. 2 Select Menu Reporting Queries & Reports, then click Actions New to open the Query Builder wizard. 3 To view Usage Metering records, select Public Cloud on the Feature Group list and on the Result Type page, select Usage Metering records, then click Next. If you upgraded from to this version, you can also see Usage Metering Report- Legacy to view the old usage metering reports. 4 To view network traffic reports for your AWS instances, select Data Center on the Feature Group list, and on the Result Type page, select Amazon Network Traffic Logs, then click Next. 5 Select the type of chart or table to display the primary results of the query, then click Next to open the Columns page. If you select Boolean Pie Chart, you must configure the criteria to include in the query. 6 Select the columns to include in the query, then click Next to open the Filter page. If you had selected Table on the Chart page, the columns you select here are the columns of that table. Otherwise, these are the columns that make up the query details table. 7 Select properties to narrow the search results, then click Run. The Unsaved Query page displays the results of the query, which is actionable. You can take any available actions on items in any tables or drill-down tables. Selected properties appear in the content pane with operators that can specify criteria to narrow the data that is returned for that property. If the query doesn't return the expected results, click Edit Query to go back to the Query Builder and edit the details of this query. If you don t want to save the query, click Close. If this is a query you want to use again, click Save and continue to the next step. 34 McAfee Cloud Workload Security Product Guide

35 Queries and reports Dashboards and monitors 5 8 On the Save Query page, type a name for the query, add any notes, and select one of these options: New Group Type the new group name and select whether the group is private or public. Existing Group Select the group from the list of Shared Groups. 9 Click Save. Dashboards and monitors Dashboards, which are made up of monitors, help you track key metrics from all data center products. Reports are grouped under McAfee Dashboards at Menu Queries and reports Groups. The Data Center dashboard displays a collection of monitors based on the results of the default datacenter queries. The Public Cloud dashboard displays the collection of monitors for default public cloud account queries. The data in these monitors on the dashboard is refreshed every 15 minutes. The default monitors that appear under these dashboards are: Data Centers Displays all registered datacenters. OS Distribution Displays the operating system type. It shows the template value selected while creating the VMs. But, it might not be the actual operating system installed on the VM. Security Incidents (last 14 days) Specifies events reported for these components on the VMs in the last 14 days. Application Control Antivirus Firewall Memory Protection Anti-Malware Status Displays the state of the VM. Application Control Enabled These VMs have McAfee Application Control installed and enabled. Only Anti-Virus Enabled These VMs have a McAfee anti-virus product installed and enabled. Unprotected These VMs don't have any McAfee anti-malware product enabled. Host Firewall Status Displays the state of the system. Firewall Enabled These VMs have McAfee Host Intrusion Prevention installed. Not in use These VMs don't have McAfee Host Intrusion Prevention installed. File Integrity Monitoring Status Displays the number of VMs with File Integrity Monitoring (FIM) installed and enabled. Enabled File Integrity Monitoring is enabled on these VMs. Not enabled File Integrity Monitoring is disabled on these VMs. Not installed File Integrity Monitoring isn't installed on these VMs. Instance Assessment status Displays the number of instances that are classified as critical and the number that are classified as warning. McAfee Cloud Workload Security Product Guide 35

36 5 Queries and reports Dashboards and monitors Data protection per Cloud VM Displays the number of VMs that are encrypted versus the number of VMs that aren't encrypted. Encrypted These VMs are encrypted. Not Encrypted These VMs aren't encrypted. Usage Metering Report Displays the usage of running AWS and Microsoft Azure cloud instances, in number of hours per month. You can see how many hours are used by your single core, dual core, and your quad-core instances for every month. Application Reputation Categorizes the applications based on McAfee Global Threat Intelligence file reputation. Good Bad Unclassified This dashboard retrieves data from the McAfee Application Control extension. For details about file reputation, see the product documentation for McAfee Application Control. Endpoint Scan Report Displays the last scan details of the endpoints. This report is run every eight hours. Endpoint The name of the endpoint. IP Address The IP address of the endpoint. Category The group/resource pool/host of the endpoint. Operating System Displays operating system details. Last Scan Displays the last on-demand scan time for an endpoint with different anti-virus software. Best Practice: To get accurate data in this report, first run the Data Center: Compute Endpoint Reports server task from Menu Automation Server Tasks. Endpoint Security Report Displays the protection status of the endpoints. This report is run every eight hours. Endpoint The name of the endpoint. IP Address The IP address of the endpoint. Virtual Specifies whether the endpoint is a virtual system. VM Classification Specifies if the VM is a part of public (Cloud Machine) or private (Virtual Machine) cloud. Vendor The name of the cloud service provider of the endpoint. Power Status Specifies the power status of the endpoint. Category The group/resource pool/host of the endpoint. Operating System The operating system details. AntiVirus/Antimalware The name of the McAfee anti-virus and anti-malware software that is installed on the endpoint. Firewall The name of the McAfee software with the firewall protection active on the endpoint. Whitelisting Specifies whether the whitelisting feature is enabled. 36 McAfee Cloud Workload Security Product Guide

37 Queries and reports Dashboards and monitors 5 Access Protection The name of the McAfee software that provides access protection. Memory Protection The name of the McAfee software that provides memory protection. Last Communication The time details of the last server-client communication. Best Practice: To get accurate data in this report, first run the Data Center: Compute Endpoint Reports server task from Menu Automation Server Tasks. McAfee Cloud Workload Security Product Guide 37

38 5 Queries and reports Dashboards and monitors 38 McAfee Cloud Workload Security Product Guide

39 6 Best Practices for using McAfee epo and Cloud Workload Security with AWS Contents How McAfee epo server and clients communicate Scaling McAfee epo installed on AWS Managing and remediating workloads using Chef Managing and remediating workloads using Puppet Managing AWS clients using McAfee epo installed on AWS Managing AWS clients using McAfee epo installed on-premise Using Cloud Workload Security Deploying McAfee security products on AWS cloud How McAfee epo server and clients communicate McAfee epo is deployed on-premise or in the cloud. McAfee epo communicates with client systems across networks in these ways: Client-initiated communication McAfee Agent is installed on each client system. It periodically connects to the McAfee epo server to check for updates such as new policy information, assigned tasks, and product updates. For client systems to connect to McAfee epo: Client systems must have outbound access to McAfee epo. McAfee epo server must have inbound access on TCP ports 80 and 443. TCP ports 80 and 443 are the default ports used for communication between McAfee epo and the McAfee Agent. You can change the ports while installing McAfee epo. McAfee epo server-initiated communication McAfee epo can wake up and force client systems to pull down the latest security content. For McAfee epo to connect to the client systems: McAfee epo must have outbound access to client systems. Client instances must have inbound access on port The AWS Security Group must allow this communication. For details about port requirements, see KB McAfee Cloud Workload Security Product Guide 39

40 6 Best Practices for using McAfee epo and Cloud Workload Security with AWS Scaling McAfee epo installed on AWS Scaling McAfee epo installed on AWS Cloud Workload Security for AWS discovers and imports the inventory details of your Amazon EC2 instances from AWS in to McAfee epo. With this feature, McAfee epo recognizes elastic scaling of EC2 instances. As your managed network grows, distributed repositories and Agent Handlers can help improve performance and network protection. Distributed repositories work as file shares that store and distribute security content for your managed client systems. Agent Handlers allow you to move McAfee Agent requests and added management logic closer to the systems making these requests. Agent Handlers also allow you to scale your network infrastructure horizontally, reduce the load on your McAfee epo server, and save bandwidth. If McAfee epo is installed on an AWS server: Enable termination protection for McAfee epo server to avoid accidental termination. Use elastic IP on McAfee epo server for public IP. McAfee epo supports SSD only. Magnetic disks are not supported. Configure ports and security group rules for McAfee epo server appropriately. For more information, see KB Considerations for scalability Your ability to manage growth on your network depends on whether you install McAfee epo on multiple servers, use multiple remote Agent Handlers, or both. With McAfee epo software, you can scale your network vertically or horizontally. Vertical scalability Adding and upgrading to bigger, faster hardware to manage larger and larger deployments. Scaling vertically is accomplished by upgrading your server hardware, and installing McAfee epo on multiple servers throughout your network, each with its own database. Horizontal scalability Increasing the deployment size that one McAfee epo server can manage. Scaling horizontally is accomplished by installing multiple remote Agent Handlers, each reporting to one database. Managed systems and servers The number of systems your McAfee epo server manages dictates the number of servers installed on your network. The number of managed systems also dictates the recommended server hardware needed to manage these systems. Option < 1,500 systems Virtual McAfee epo server and database Windows Server and SQL database in the same server Windows Server and separate SQL database Yes 1,500 10,000 systems Yes 10,000 25,000 systems 25,000 75,000 systems Yes Yes Yes Add distributed repositories Yes Yes Add agent handlers > 75,000 systems Yes 40 McAfee Cloud Workload Security Product Guide

41 Best Practices for using McAfee epo and Cloud Workload Security with AWS Managing and remediating workloads using Chef 6 Managing and remediating workloads using Chef The cookbook allows installation and management of McAfee Agent, Endpoint Security for Windows and Linux, and Adaptive Threat Protection. It creates and assigns tags to systems after product installation. To manage workload/node on McAfee epo using Chef, you must configure Chef server and node, and define the attributes. Prerequisites Configure chef server and workstation, and bootstrap the node to the server where McAfee products are to be installed. Fore more information, see Check-in Cloud Workload Security in McAfee epo, and register AWS or Azure cloud accounts. Check-in McAfee Agent or later. Check-in Endpoint Security package. Chef workstation settings Download the cookbook from the external repository, and configure the chef attributes in the attributes/ default.rb attributes file. The recipe cook book requires a connection to McAfee epo to install the security products. Hence, the McAfee epo credentials needs to be encrypted in the recipe cook book. To encrypt the McAfee epo credentials, run the ruby EncryptPassword.rb USERNAME PASSWORD command. You need to have Ruby installed in your chef workstation to run this command. Table 6-1 Attributes for cookbook Attribute default[:epo][:address] default[:epo][:username] default[:epo][:password] default[:cloud][:accountname] default[:tag] default[:products] default[:policy][:ens] (optional field) default[:policy][:atp] (optional field) Description The McAfee epo IP address and port number. The McAfee epo user name. Cookbook retrieves the user name from the encrypted file if this field is blank. The McAfee epo password. Cookbook retrieves the password from the encrypted file if this field is blank. The name of the registered cloud account. The name of the tag to be assigned to the node. The default tag name is CWS_DEVOPS. The name of the products to be installed. ENS ATP The name of the ENS/ENSL On-Access Scan policy to be assigned to node/ client. The name of the ATP policy to be assigned to node/client. McAfee Cloud Workload Security Product Guide 41

42 6 Best Practices for using McAfee epo and Cloud Workload Security with AWS Managing and remediating workloads using Puppet After defining the attributes, upload the modified cookbook in the Chef server. The default.rb recipe is mcafeeagent. To ensure that McAfee Agent is installed, include mcafeeagent in your node's run_list. { "name":"my_node", "run_list":[ "recipe[mcafeeagent]" ] } To trigger the installation of McAfee products on the client, run chef-client on the client node. You can also add recipe to the node run list when bootstrapping it from the workstation. Managing and remediating workloads using Puppet The module allows installation and management of McAfee Agent, Endpoint Security for Windows and Linux, and Adaptive Threat Protection to a node. It creates a tag based policy assignment rule for on-access scan. On the next agent-to-server communication, this policy is enforced to the client system. To manage a node with McAfee epo using Puppet, you must configure Puppet server and define the attributes. Prerequisites Configure puppet server and workstation, and bootstrap the node to the server where McAfee products are to be installed. For more information, see Check-in Cloud Workload Security in McAfee epo, and register AWS or Azure cloud accounts. Check-in McAfee Agent 5.0 or later. Check-in Endpoint Security package. Register AWS or Azure cloud accounts Puppet server settings Download the module from the external repository and configure puppet attributes in the modules/ facts/lib/facter/config.yaml attribute file. Copy modules and manifests to the /etc/puppetslab/ code/environments/production folder in the puppet-server system. The module connects to McAfee epo to install the security products. Hence, the McAfee epo credentials needs to be encrypted in the module. To encrypt the McAfee epo credentials, run the ruby EncryptPassword.rb USERNAME PASSWORD command. You need to have Ruby installed in your puppet server to run this command. For immediate execution on a particular agent node, check for a particular agent node manually by running the /opt/puppetlabs/bin/puppet agent test command for Linux and puppet agent test command for Windows. Table 6-2 Attributes for module Attribute [epo_address] [epo_username] Description The McAfee epo IP address and port number. The McAfee epo user name. Module retrieves the user name from the encrypted file if this field is blank. 42 McAfee Cloud Workload Security Product Guide

43 Best Practices for using McAfee epo and Cloud Workload Security with AWS Managing AWS clients using McAfee epo installed on AWS 6 Table 6-2 Attributes for module (continued) Attribute [epo_password] [cloud_account_name] [tag_name] [install_products] Description The McAfee epo password. Module retrieves the password from the encrypted file if this field is blank. The name of the registered cloud account. The name of the tag to be assigned to the node. The default tag name is CWS_DEVOPS. The name of the product to be installed. ENS ATP [policy_ens] (optional field) Name of the ENS/ENSL On-Access Scan policy to be assigned to node/client. [policy_atp] (optional field) Name of the ATP policy to be assigned to node/client Managing AWS clients using McAfee epo installed on AWS To manage client systems outside your organization's network, install McAfee epo on an AWS instance with a compatible operating system. For information about compatible operating systems, see KB To manage client instances in AWS cloud, McAfee epo can be deployed: In one geographic region In one geographic region with one Amazon Virtual Private Cloud (VPC) In one geographic region with multiple Amazon VPCs In multiple geographic regions Managing instances in one geographic region McAfee epo can be installed to manage instances in one geographic region with multiple availability zones. This type of deployment supports client-initiated and McAfee epo server-initiated communication. You must create a separate AWS security group for McAfee epo that allows outbound connections to client instances (server-initiated communication) and inbound connections (agent-initiated communication). Once you deploy McAfee epo, you can view the available systems in the System Tree under AWS. McAfee Cloud Workload Security Product Guide 43

44 6 Best Practices for using McAfee epo and Cloud Workload Security with AWS Managing AWS clients using McAfee epo installed on AWS Managing instances in one geographic region with one VPC A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC. In one geographic region with a single VPC, each instance that you launch in a non-default subnet has a private IP address. When you install McAfee epo in the VPC, client instances in the same VPC communicate with the McAfee epo server or with other instances across the private network. For information about VPCs and subnets, see AWS documentation. One geographic region deployment with multiple VPCs When multiple VPCs are present in one geographic region, you can use VPC peering to connect the VPCs. For information about VPC peering and setting one VPC as private and another VPC as public, see AWS documentation. When you configure VPC peering, McAfee epo server and client instances communicate via the private network. VPC peering supports client-initiated and McAfee epo server-initiated communication. Configure a virtual Agent Handler on your McAfee epo server to enable communication through public and private IP addresses. For more information about configuring a virtual Agent Handler, see Set up McAfee epo and Client Communication. 44 McAfee Cloud Workload Security Product Guide

45 Best Practices for using McAfee epo and Cloud Workload Security with AWS Managing AWS clients using McAfee epo installed on AWS 6 You can configure VPC routes to restrict communication between VPCs only to McAfee epo and client instances if other applications do not require VPC peering on the same infrastructure. For more information, see the product documentation for your version of McAfee epo. Set up VPC peering for McAfee epo server and client communication wherever possible. Multiple geographic region deployment In multiple geographic region deployment, you can use an architecture where client instances connect to McAfee epo using a public IP address using the internet. Use this architecture if: Your organization uses multiple regions with multiple VPCs. You can't use VPC peering to connect multiple VPCs in a region. This architecture supports only client-initiated communication. To use this architecture: All client instances must have outbound access to McAfee epo. Configure the AWS security groups accordingly. The AWS security group of the McAfee epo server must be configured to accept communication from the client instances. For more information, see the product documentation for your version of McAfee epo. Set the agent-server communication interval to 60 minutes so that client instances can get product, policy, and task updates frequently without affecting performance. McAfee Cloud Workload Security Product Guide 45

46 6 Best Practices for using McAfee epo and Cloud Workload Security with AWS Managing AWS clients using McAfee epo installed on AWS Configure a virtual Agent Handler on your McAfee epo server to enable communication with client instances through public IP address. For more information about configuring a virtual Agent Handler, see Set up McAfee epo and Client Communication. Set up McAfee epo and client communication Configure McAfee epo and Agent Handler to set up communication for McAfee epo and the client on AWS. Task 1 Install McAfee epo in the region with the highest number of instances. This ensures optimized communication between McAfee epo and client instances. 2 Assign an elastic IP address to the McAfee epo instance. This ensures that the public IP address of the McAfee epo instance does not change. For details about assigning an elastic IP address, see AWS documentation. 3 Configure a virtual Agent Handler on the McAfee epo server for your managed client instances to connect to the McAfee epo server. a Open the Agent Handlers page: Menu Configuration Agent Handlers, then in Handler Groups, click New Group to open the Add/Edit Group. b Specify a virtual Agent Handler group name. 46 McAfee Cloud Workload Security Product Guide

47 Best Practices for using McAfee epo and Cloud Workload Security with AWS Managing AWS clients using McAfee epo installed on-premise 6 c In the Included Handlers section, select Use load balancer and specify the details. Virtual DNS Name Type the DNS name assigned to the static public IP address associated with this AWS server. Virtual IP Address Type the static public IP address associated with this AWS server. 4 Enable the new virtual Agent Handler. a Select Menu Configuration Agent Handlers, then click the Handler Groups monitor. b Find the new virtual Agent Handler, then click Actions Enable. 5 Assign the virtual Agent Handler group. a Select Menu Configuration Agent Handlers, then click New Assignment. b c d Specify a unique name for this assignment. In the Agent Criteria section, browse to and select My Organization from the System Tree location. In the Handler Priority section, click Use custom handler list and select the new virtual Agent Handler. Use + to add additional Agent Handlers to the list. The created virtual Agent Handler publishes McAfee epo on its public IP address and all client instances communicate using this address. Managing AWS clients using McAfee epo installed on-premise Install McAfee epo on an on-premise server and the Agent Handler in the DMZ with a public IP address for easy connectivity and scalability. This architecture is best if: You use McAfee epo in a hybrid cloud environment. Your organization requires McAfee epo to be installed on-premise rather than in the cloud. To use this architecture: McAfee Cloud Workload Security Product Guide 47

48 6 Best Practices for using McAfee epo and Cloud Workload Security with AWS Managing AWS clients using McAfee epo installed on-premise Install McAfee epo on an on-premise server to manage systems on-premise. Assign an internal private IP address to McAfee epo. Install Agent Handler on an on-premise server in the DMZ to manage instances on AWS. You must assign a public IP address to the Agent Handler. You must connect McAfee epo server and the Agent Handler through a low latency and high-bandwidth network. This architecture supports client-initiated communication, but McAfee epo can't wake up the McAfee Agent on a managed AWS instance. To use McAfee epo initiated communication (wake up agent) feature, AWS instances must use a VPN to connect to the on-premise network. For information about the ports required for McAfee epo and client instance communication, see KB For information about port guidelines, see the McAfee epolicy Orchestrator Product Guide. Using McAfee Agent deployment URL feature The McAfee Agent deployment URL contains a link to an installer. The installer downloads and installs McAfee Agent and deploys McAfee products to AWS instances. For instructions about deploying McAfee Agent on AWS instances, see KB Set up McAfee epo and client communication Configure McAfee epo and the Agent Handler to set up communication between McAfee epo and the client. Task 1 Install McAfee epo on an on-premise server. 2 Install the Agent Handler on another on-premise server in the DMZ. 3 Configure the Agent Handler. a Open the Agent Handlers page: Menu Configuration Agent Handlers, then in Handler Status, click Agent Handler. b c From the Handler List, click the Agent Handler that is installed in the DMZ. Specify the public IP address of the Agent Handler to connect to AWS EC2 instances in the Published IP Address field. 48 McAfee Cloud Workload Security Product Guide

49 Best Practices for using McAfee epo and Cloud Workload Security with AWS Using Cloud Workload Security 6 Using Cloud Workload Security Consider these best practices to set up Cloud Workload Security to monitor and manage AWS EC2 resources. Task 1 Install McAfee epo based on your infrastructure requirements. 2 Install the Cloud Workload Security extension on the McAfee epo server. 3 Make sure that you set up a user on AWS with read-write privileges on EC2 and traffic flow-logs for all regions that requires management. 4 Register your AWS cloud account with McAfee epo, so that McAfee epo discovers, imports, assesses and displays your cloud account information. 5 Specify the sync interval for McAfee epo to AWS synchronization. Sync interval determines how often new instances are discovered. 6 While deploying McAfee Agent, select Auto deploy Mcafee Agent on VMs when all your EC2 instances and traffic flow-logs are in the same region and support Active Directory based deployment. Deploying McAfee security products on AWS cloud To deploy McAfee security products on AWS instances, deploy a McAfee Agent on each of the AWS instances. Once you deploy McAfee Agent, you can use McAfee epo to manage product installation and network security of the AWS instances. You must have credentials for each of the AWS instances. Currently, only password-based authentication is supported on Windows and Linux. To deploy McAfee security products easily and efficiently: Use Active Directory-based authentication. Create secure client Amazon Machine Image (AMIs) with the McAfee Agent and products installed. Deploy McAfee security products on AWS instances using AMIs To ensure security of the AWS instances as they start, create secure client Amazon Machine Images (AMIs) using standard AMIs. The AMI contains McAfee Agent and McAfee Endpoint Security. Before you begin If you are using Amazon Elastic Compute Cloud (Amazon EC2), start a Windows or Linux instance. Install the McAfee Agent and Endpoint Security extensions in the McAfee epo server. Endpoint Security protects instances from malware. Check in the client packages. Make sure that you don't have duplicate McAfee Agent GUIDs, which can affect product installation, policy enforcement, and prevent properties from being recorded correctly. We recommend that you access your AWS instances from McAfee epo until the AWS instances are compliant with the organization's IT security standards. McAfee Cloud Workload Security Product Guide 49

50 6 Best Practices for using McAfee epo and Cloud Workload Security with AWS Deploying McAfee security products on AWS cloud Tasks Create secure client AMIs on page 50 Start a secure client AMI on a Windows EC2 or Linux instance. Using McAfee Agent deployment URL feature The McAfee Agent deployment URL contains a link to an installer. The installer downloads and installs McAfee Agent and deploys McAfee products to AWS instances. For instructions about deploying McAfee Agent on AWS instances, see KB Create secure client AMIs Start a secure client AMI on a Windows EC2 or Linux instance. Task 1 Depending on the operating system that you use, start a Windows EC2 or a Linux instance on the AWS console. 2 Log on to the instance. 3 Deploy McAfee Agent on the instance using Cloud Workload Security. Download the deployment script under McAfee epo Management on the Cloud Workload Security user interface. Select Install McAfee Agent from the Take Action combo box on the Cloud Workload Security user interface. 4 Install Endpoint Security on the instance using the Take Action combo box on the Cloud Workload Security interface. 5 Delete Agent GUID details to avoid duplicate GUID's. For more information, see KB DeleteAMcore GUID details. For more information, see KB On the AWS console: Use EC2Config or windows tools to sysprep the server with shutdown option. Select the AMI and click Launch. This starts a new secure client AMI with McAfee Agent and Endpoint Security installed on it. Deploying McAfee security products on AWS using Cloud Workload Security You can deploy McAfee security products on the AWS instances from the Cloud Workload Security user interface using the Take Action combo box. Consider these best practices when you deploy McAfee security products using Cloud Workload Security on the AWS instances. 50 McAfee Cloud Workload Security Product Guide

51 Best Practices for using McAfee epo and Cloud Workload Security with AWS Deploying McAfee security products on AWS cloud 6 By default, the secure AMIs ensure protection of your instances. It is recommended that you create your server instances from the secured AMIs. You can install Threat Prevention on the AWS instances in batches. The number of systems per batch is 25. You can increase the number of systems per batch if you have distributed repositories. You can set threat alert notifications for Cloud Workload Security in the Automatic Responses page. The default value of Threat Event Trigger for ENS/ENSL for Cloud Workload Security is 1 minute. It is recommended that you set the notification time to a higher value if the number of events per aggregation time is more. Selecting the Trigger this response for every event option is not recommended as it causes significant performance issues in McAfee epo. McAfee Cloud Workload Security Product Guide 51

52 6 Best Practices for using McAfee epo and Cloud Workload Security with AWS Deploying McAfee security products on AWS cloud 52 McAfee Cloud Workload Security Product Guide

53 7 Frequently asked questions Here are answers to frequently asked questions. See KB90063 for more questions and answers. Installation Can I install McAfee Agent on AWS instances using the Agent Deployment URL feature and Amazon User Data? Yes. For details, see KB Can I use scripts for Puppet, Chef, or Amazon OpsWorks to install and configure security solutions offered by Intel Security? Yes. For Puppet sample scripts, see KB For Chef sample scripts, see KB For Amazon OpsWorks scripts, see KB What happens to my policies when I upgrade from Cloud Workload Security to 5.0.0? When upgrading from to 5.0.0, since the policy structure has changed in the latest version, your previous policies, policy settings, and policy assignments are lost. Configuration How do I troubleshoot AWS instance connectivity issues? See AWS documentation. How many cloud accounts can I register under one McAfee epo server? There is no limit to the number of cloud accounts that can be registered under one McAfee epo server. How do I get the subscription ID, tenant ID, and client ID? You can get your client ID, tenant ID, and subscription ID after creating an application. You need to configure your client key. You can create application by following steps listed in Create an application in the Microsoft Azure console. You can also run PowerShell scripts, which automate this process. For details, see KB What ports are included when I select port as Any when configuring inbound firewall rule? All ports ( ) are included. Functionality When AWS instances are switched off, are they reported "powered off" in McAfee epo? Yes. If the computers are managed, they aren't deleted, even on termination. Unmanaged systems, when terminated, are no longer seen in the McAfee epo System Tree. How long until a new instance is discovered by Cloud Workload Security? McAfee Cloud Workload Security Product Guide 53

54 7 Frequently asked questions After the synchronization occurs, the new instance is discovered. Synchronization depends on the Sync Interval that you specified. If you specify the sync interval as 5 minutes, the next sync is scheduled 5 minutes after the completion of the current sync. You can also schedule a manual sync and the synchronization starts immediately. What happens when an instance is terminated in EC2? After the instance is terminated (and a synchronization occurs), the instance is no longer displayed in the McAfee epo System Tree. But, any events from this instance are still present. What are the reasons for my cloud account synchronization to fail? Check your cloud account details. Your access key and secret key pair might have been disabled. Check if your network is connected. Check if your McAfee epo system date and time are synchronized with the internet date and time. Check if you are registering the same AWS account again in McAfee epo. Visualization of your cloud accounts VirusScan Enterprise is installed on my instance, but the instance is still color-coded as red. If your instance isn't managed with this McAfee epo, then the status is shown as red. For assessment to show correct result, the instance must be managed by the same McAfee epo. Detaching the security group from an AWS instance fails. If there is one NIC associated with an instance, and you are trying to detach a security group. If your instance is associated with multiple NICs and you are trying to detach a security group, which is associated with another NIC. I can't see the virtual networks when I click Accounts. If you installed the Cloud Workload Security extension and completed registering your accounts, you can see your virtual networks in your accounts when synchronization and assessment is complete. I can't see all virtual networks in my account. By default, you can see all virtual networks that have at least one running workload. If your virtual network has no running workloads, it isn't shown. Select Show All on the Accounts panel to see all virtual networks. I can see some names and some IDs under Virtual Networks and Workloads. By default, you can see the names of your virtual networks and workloads. If they don't have a name, you can see their IDs. Which vendor cloud accounts are supported in the Cloud Workload Security dashboard. Currently, we support AWS and Microsoft Azure cloud accounts. Microsoft Azure classic accounts aren't shown here. I can't see network traffic for some workloads on the Cloud Workload Security dashboard. Network traffic records are available only for AWS workloads. If you can't view traffic for your AWS workloads, make sure that you selected Enable Traffic Discovery for your AWS account. When creating the IAM role for flow logs for your AWS account, make sure that the name of your role is McAfeeFlowLogger. My traffic discovery is disabled, but I can still see traffic details for AWS instances. Data retention period for AWS traffic data is seven days. So you might still see some traffic details until the retention period. 54 McAfee Cloud Workload Security Product Guide

55 Frequently asked questions 7 How long is the AWS traffic data stored in McAfee epo? Data retention period for AWS traffic data is seven days. Sometimes the Cloud Workload Security screen remains collapsed. Do a browser refresh using F5. Can I get a detailed server log file if McAfee Agent deployment fails? Yes. From Menu Automation Server Task Log, look for Data Center: Auto Deploy McAfee Agent. Select the task with the start date of your deployment task. Select a subtask with your system IP address. Can I get a detailed server log file if any product installation fails? Yes. From Menu Automation Server Task Log, search for "wake up" task that has details about the feature. Select the task with the start date of your deployment task. Select a subtask with your system IP address. Does the installation of McAfee Agent or any of the products times out? If your McAfee epo server doesn't receive the installation status of McAfee Agent or any of the products, it times out after 60 minutes. What number is displayed in the tooltip of datacenter, cluster, hypervisor, or workloads? The corresponding ID of the datacenter, cluster, hypervisor, or the workload is displayed in the tooltip. McAfee Cloud Workload Security Product Guide 55

56 7 Frequently asked questions 56 McAfee Cloud Workload Security Product Guide

57 Index A access protection 31 Amazon Machine Image deploying McAfee Agent 49 application control 31 auto responses setting up 21 C change control file integrity monitoring status 31 D default queries, displaying 33 deployment methods McAfee Agent 49 E Endpoint Security installing 24 F firewall policies, overview 9 frequently asked questions 53 H Host Intrusion Prevention host firewall status 31 I installation Endpoint Security 24 installing McAfee Agent 23 M manage AWS clients (continued) McAfee epo installed on-premise 43 McAfee Agent installation 23 McAfee epo-agent communication port access 39 P policies, firewall overview 9 policy where to find 10 protection status, displaying 33 Q queries, Data Center default, viewing 33 pie charts 33 viewing default queries 33 queries, datacenter predefined 31 queries, public cloud creating 34 R reports, datacenter 31 requirements other requirements 31 reports, Data Center 31 responses managing 22 S scalability 40 T threat count updating 22 manage AWS clients McAfee epo installed on AWS 43 McAfee Cloud Workload Security Product Guide 57

58 0B00

McAfee Cloud Workload Security Product Guide

McAfee Cloud Workload Security Product Guide Revision B McAfee Cloud Workload Security 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

Cloud Workload Discovery 4.5.1

Cloud Workload Discovery 4.5.1 Product Guide Cloud Workload Discovery 4.5.1 For use with McAfee epolicy Orchestrator COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel

More information

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0

Reference Guide Revision B. McAfee Cloud Workload Security 5.0.0 Reference Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0

Installation Guide Revision B. McAfee Cloud Workload Security 5.0.0 Installation Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

Installation Guide. McAfee Endpoint Security for Servers 5.0.0

Installation Guide. McAfee Endpoint Security for Servers 5.0.0 Installation Guide McAfee Endpoint Security for Servers 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security for Servers Product Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Security for Servers 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide

McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide McAfee Cloud Workload Security Suite Amazon Machine Image Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Endpoint Security for Servers Product Guide

McAfee Endpoint Security for Servers Product Guide McAfee Endpoint Security for Servers 5.2.0 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Data Loss Prevention Discover 11.0

Data Loss Prevention Discover 11.0 Installation Guide Data Loss Prevention Discover 11.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee MVISION Endpoint 1808 Installation Guide

McAfee MVISION Endpoint 1808 Installation Guide McAfee MVISION Endpoint 1808 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Data Protection for Cloud 1.0.1

McAfee Data Protection for Cloud 1.0.1 Product Guide McAfee Data Protection for Cloud 1.0.1 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

McAfee MVISION Endpoint 1811 Installation Guide

McAfee MVISION Endpoint 1811 Installation Guide McAfee MVISION Endpoint 1811 Installation Guide COPYRIGHT Copyright 2019 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

Installation Guide. McAfee Web Gateway Cloud Service

Installation Guide. McAfee Web Gateway Cloud Service Installation Guide McAfee Web Gateway Cloud Service COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Boot Attestation Service 3.5.0

McAfee Boot Attestation Service 3.5.0 Product Guide McAfee Boot Attestation Service 3.5.0 For use with epolicy Orchestrator 4.6.7, 4.6.8, 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Boot Attestation Service 3.0.0

Boot Attestation Service 3.0.0 Product Guide Boot Attestation Service 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

McAfee MVISION Mobile epo Extension Product Guide

McAfee MVISION Mobile epo Extension Product Guide McAfee MVISION Mobile epo Extension 1809 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide

McAfee Endpoint Upgrade Assistant 2.3.x Product Guide McAfee Endpoint Upgrade Assistant 2.3.x Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.4.0 Product Guide McAfee Endpoint Upgrade Assistant 1.4.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0

Product Guide. McAfee Endpoint Upgrade Assistant 1.5.0 Product Guide McAfee Endpoint Upgrade Assistant 1.5.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

Product Guide Revision A. McAfee Client Proxy 2.3.2

Product Guide Revision A. McAfee Client Proxy 2.3.2 Product Guide Revision A McAfee Client Proxy 2.3.2 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Endpoint Security Threat Prevention Installation Guide - Linux

McAfee Endpoint Security Threat Prevention Installation Guide - Linux McAfee Endpoint Security 10.5.1 - Threat Prevention Installation Guide - Linux COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Security Migration Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Security 10.6.0 - Migration Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide McAfee MVISION Mobile Microsoft Intune Integration Guide Administrator's guide for providing Integration with Microsoft Intune MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS

More information

McAfee Client Proxy Product Guide

McAfee Client Proxy Product Guide McAfee Client Proxy 2.3.5 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,

More information

McAfee Firewall Enterprise epolicy Orchestrator Extension

McAfee Firewall Enterprise epolicy Orchestrator Extension Integration Guide Revision A McAfee Firewall Enterprise epolicy Orchestrator Extension COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo,

More information

McAfee Content Security Reporter 2.6.x Migration Guide

McAfee Content Security Reporter 2.6.x Migration Guide McAfee Content Security Reporter 2.6.x Migration Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee MVISION Mobile Microsoft Intune Integration Guide

McAfee MVISION Mobile Microsoft Intune Integration Guide McAfee MVISION Mobile Microsoft Intune Integration Guide MVISION Mobile Console 4.22 February 11, 2019 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active

More information

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator)

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator) McAfee Endpoint Upgrade Assistant 2.0.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator) McAfee Client Proxy 2.3.3 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

Migration Guide. McAfee Content Security Reporter 2.4.0

Migration Guide. McAfee Content Security Reporter 2.4.0 Migration Guide McAfee Content Security Reporter 2.4.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator)

McAfee Client Proxy Product Guide. (McAfee epolicy Orchestrator) McAfee Client Proxy 2.3.4 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud)

McAfee Agent Interface Reference Guide. (McAfee epolicy Orchestrator Cloud) McAfee Agent 5.5.0 Interface Reference Guide (McAfee epolicy Orchestrator Cloud) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Application Control and McAfee Change Control Linux Product Guide Linux

McAfee Application Control and McAfee Change Control Linux Product Guide Linux McAfee Application Control and McAfee Change Control 6.3.0 - Linux Product Guide 6.3.0 - Linux COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Client Proxy Installation Guide

McAfee Client Proxy Installation Guide McAfee Client Proxy 2.3.5 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM,

More information

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator)

McAfee Application Control Windows Installation Guide. (McAfee epolicy Orchestrator) McAfee Application Control 8.1.0 - Windows Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator)

McAfee MOVE AntiVirus Installation Guide. (McAfee epolicy Orchestrator) McAfee MOVE AntiVirus 4.7.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Endpoint Security

McAfee Endpoint Security Migration Guide McAfee Endpoint Security 10.2.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the

More information

Product Guide. McAfee Web Gateway Cloud Service

Product Guide. McAfee Web Gateway Cloud Service Product Guide McAfee Web Gateway Cloud Service COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0)

McAfee Endpoint Upgrade Assistant Product Guide. (McAfee epolicy Orchestrator 5.9.0) McAfee Endpoint Upgrade Assistant 1.6.0 Product Guide (McAfee epolicy Orchestrator 5.9.0) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Network Security Platform 9.1

McAfee Network Security Platform 9.1 Revision F McAfee Network Security Platform 9.1 (Virtual IPS Administration Guide) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee Application Control Linux Product Guide. (McAfee epolicy Orchestrator) McAfee Application Control 6.2.0 - Linux Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Endpoint Security Threat Prevention Installation Guide - macos

McAfee Endpoint Security Threat Prevention Installation Guide - macos McAfee Endpoint Security 10.5.5 - Threat Prevention Installation Guide - macos COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

Product Guide. McAfee Web Gateway Cloud Service

Product Guide. McAfee Web Gateway Cloud Service Product Guide McAfee Web Gateway Cloud Service COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide

McAfee Endpoint Security for Linux Threat Prevention Interface Reference Guide McAfee Endpoint Security for Linux Threat Prevention 10.5.0 Interface Reference Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee File and Removable Media Protection Installation Guide

McAfee File and Removable Media Protection Installation Guide McAfee File and Removable Media Protection 5.0.8 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Investigator Product Guide

McAfee Investigator Product Guide McAfee Investigator Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,

More information

McAfee Host Intrusion Prevention 8.0

McAfee Host Intrusion Prevention 8.0 Product Guide Self Protection addendum Revision A McAfee Host Intrusion Prevention 8.0 COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel and McAfee logos, McAfee Active Protection,

More information

McAfee Public Cloud Server Security Suite

McAfee Public Cloud Server Security Suite McAfee Public Cloud Server Security Suite Comprehensive security for AWS and Azure cloud workloads As enterprises shift their data center strategy to include and often lead with public cloud server instances,

More information

McAfee epolicy Orchestrator 5.9.1

McAfee epolicy Orchestrator 5.9.1 Configuration Guide McAfee epolicy Orchestrator 5.9.1 Hosted in Microsoft Azure Cloud Services and Amazon Web Services (AWS) McAfee epolicy Orchestrator 5.9.1 Configuration Guide 1 COPYRIGHT Copyright

More information

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator) McAfee Data Exchange Layer 4.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

Addendum. McAfee Virtual Advanced Threat Defense

Addendum. McAfee Virtual Advanced Threat Defense Addendum McAfee Virtual Advanced Threat Defense 3.10.2 COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or

More information

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Release Notes. (McAfee epolicy Orchestrator) McAfee Content Security Reporter 2.5.0 Release Notes (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator)

McAfee Content Security Reporter Installation Guide. (McAfee epolicy Orchestrator) McAfee Content Security Reporter 2.5.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

Addendum. McAfee Virtual Advanced Threat Defense

Addendum. McAfee Virtual Advanced Threat Defense Addendum McAfee Virtual Advanced Threat Defense 3.10.0 COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or

More information

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0

Reference Guide. McAfee Security for Microsoft Exchange 8.6.0 Reference Guide McAfee Security for Microsoft Exchange 8.6.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Policy Auditor 6.2.2

McAfee Policy Auditor 6.2.2 Release Notes McAfee Policy Auditor 6.2.2 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel

More information

Product Guide. McAfee Performance Optimizer 2.2.0

Product Guide. McAfee Performance Optimizer 2.2.0 Product Guide McAfee Performance Optimizer 2.2.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee

More information

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator)

McAfee Drive Encryption Client Transfer Migration Guide. (McAfee epolicy Orchestrator) McAfee Drive Encryption 7.2.5 Client Transfer Migration Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee MVISION Mobile MobileIron Integration Guide

McAfee MVISION Mobile MobileIron Integration Guide McAfee MVISION Mobile MobileIron Integration Guide Administrator's guide for providing Integration with MobileIron MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee

More information

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0

McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0 Migration Guide McAfee Management for Optimized Virtual Environments AntiVirus 4.5.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel

More information

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide McAfee MVISION Mobile IBM MaaS360 Integration Guide Administrator's guide for providing Integration with IBM MaaS360 MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee

More information

McAfee Cloud Workload Security Installation Guide. (McAfee epolicy Orchestrator)

McAfee Cloud Workload Security Installation Guide. (McAfee epolicy Orchestrator) McAfee Cloud Workload Security 5.1.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee Content Security Reporter 2.6.x Installation Guide

McAfee Content Security Reporter 2.6.x Installation Guide McAfee Content Security Reporter 2.6.x Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee MVISION Mobile Citrix XenMobile Integration Guide

McAfee MVISION Mobile Citrix XenMobile Integration Guide McAfee MVISION Mobile Citrix XenMobile Integration Guide MVISION Mobile Console 4.22 February 11, 2019 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active

More information

McAfee File and Removable Media Protection Product Guide

McAfee File and Removable Media Protection Product Guide McAfee File and Removable Media Protection 5.0.8 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Rogue Database Detection For use with epolicy Orchestrator Software

McAfee Rogue Database Detection For use with epolicy Orchestrator Software McAfee Rogue Database Detection 1.0.0 For use with epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo,

More information

McAfee Application Control Windows Product Guide. (McAfee epolicy Orchestrator)

McAfee Application Control Windows Product Guide. (McAfee epolicy Orchestrator) McAfee Application Control 8.1.0 - Windows Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Rogue System Detection 5.0.5

McAfee Rogue System Detection 5.0.5 Product Guide McAfee Rogue System Detection 5.0.5 For use with epolicy Orchestrator 5.1.2, 5.1.3, 5.3.0, 5.3.1, and 5.3.2 Software COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the

More information

McAfee MVISION Mobile IBM MaaS360 Integration Guide

McAfee MVISION Mobile IBM MaaS360 Integration Guide McAfee MVISION Mobile IBM MaaS360 Integration Guide MVISION Mobile Console 4.22 February 11, 2019 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee File and Removable Media Protection 6.0.0

McAfee File and Removable Media Protection 6.0.0 Product Guide McAfee File and Removable Media Protection 6.0.0 COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel Corporation in the

More information

McAfee MVISION Mobile AirWatch Integration Guide

McAfee MVISION Mobile AirWatch Integration Guide McAfee MVISION Mobile AirWatch Integration Guide Administrator's guide for providing Integration with AirWatch MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and

More information

Migration Guide. McAfee File and Removable Media Protection 5.0.0

Migration Guide. McAfee File and Removable Media Protection 5.0.0 Migration Guide McAfee File and Removable Media Protection 5.0.0 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK

More information

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3 Virtual IPS Administration Guide Revision C McAfee Network Security Platform 8.3 For Private, Public, and Hybrid Clouds COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee

More information

McAfee MVISION Mobile Silverback Integration Guide

McAfee MVISION Mobile Silverback Integration Guide McAfee MVISION Mobile Silverback Integration Guide Administrator's guide for providing Integration with Silverback MDM September 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee

More information

McAfee Agent 5.6.x Product Guide

McAfee Agent 5.6.x Product Guide McAfee Agent 5.6.x Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundstone,

More information

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator)

McAfee Threat Intelligence Exchange Installation Guide. (McAfee epolicy Orchestrator) McAfee Threat Intelligence Exchange 2.2.0 Installation Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide

Revision A. McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide Revision A McAfee Data Loss Prevention Endpoint 11.1.x Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee MVISION Mobile Threat Detection Android App Product Guide

McAfee MVISION Mobile Threat Detection Android App Product Guide McAfee MVISION Mobile Threat Detection Android App 1809.4.7.0 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

McAfee Threat Intelligence Exchange Installation Guide

McAfee Threat Intelligence Exchange Installation Guide McAfee Threat Intelligence Exchange 2.3.0 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Change Control Linux Product Guide. (McAfee epolicy Orchestrator)

McAfee Change Control Linux Product Guide. (McAfee epolicy Orchestrator) McAfee Change Control 6.2.0 - Linux Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

Archiving Service. Exchange server setup (2010) Secure Gateway (SEG) Service Administrative Guides

Archiving Service. Exchange server setup (2010) Secure  Gateway (SEG) Service Administrative Guides Secure E-Mail Gateway (SEG) Service Administrative Guides Archiving Service Exchange server setup (2010) 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks

More information

McAfee Network Security Platform 8.1

McAfee Network Security Platform 8.1 Revision M McAfee Network Security Platform 8.1 (Integration Guide) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee MVISION Endpoint 1811 Product Guide

McAfee MVISION Endpoint 1811 Product Guide McAfee MVISION Endpoint 1811 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM,

More information

McAfee Application Control Windows Installation Guide

McAfee Application Control Windows Installation Guide McAfee Application Control 8.2.0 - Windows Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee Active Response 2.0.0

McAfee Active Response 2.0.0 Product Guide McAfee Active Response 2.0.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel

More information

Firewall Enterprise epolicy Orchestrator

Firewall Enterprise epolicy Orchestrator Integration Guide McAfee Firewall Enterprise epolicy Orchestrator Extension version 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3 Revision J McAfee Network Security Platform 8.3 (Integration Guide) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Enterprise Mobility Management 12.0 Software

McAfee Enterprise Mobility Management 12.0 Software Product Guide McAfee Enterprise Mobility Management 12.0 Software For use with epolicy Orchestrator 4.6.7-5.1 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee Endpoint Security Threat Prevention Product Guide - Windows

McAfee Endpoint Security Threat Prevention Product Guide - Windows McAfee Endpoint Security 10.6.0 - Threat Prevention Product Guide - Windows COPYRIGHT Copyright 2019 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,

More information

McAfee Performance Optimizer 2.1.0

McAfee Performance Optimizer 2.1.0 Product Guide McAfee Performance Optimizer 2.1.0 For use with McAfee epolicy Orchestrator COPYRIGHT 2016 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the

More information

McAfee epolicy Orchestrator

McAfee epolicy Orchestrator McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage

More information

McAfee Rogue System Detection 5.0.0

McAfee Rogue System Detection 5.0.0 Product Guide McAfee Rogue System Detection 5.0.0 For use with epolicy Orchestrator 5.1 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the

More information

Product Guide Revision A. Intel Security Controller 1.2

Product Guide Revision A. Intel Security Controller 1.2 Product Guide Revision A Intel Security Controller 1.2 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS

More information

McAfee Threat Intelligence Exchange Product Guide. (McAfee epolicy Orchestrator)

McAfee Threat Intelligence Exchange Product Guide. (McAfee epolicy Orchestrator) McAfee Threat Intelligence Exchange 2.2.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy

More information

McAfee MVISION Endpoint 1808 Product Guide

McAfee MVISION Endpoint 1808 Product Guide McAfee MVISION Endpoint 1808 Product Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo, McAfee EMM,

More information

Installation Guide Revision B. McAfee Active Response 2.2.0

Installation Guide Revision B. McAfee Active Response 2.2.0 Installation Guide Revision B McAfee Active Response 2.2.0 COPYRIGHT Copyright 2017 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

McAfee epolicy Orchestrator Installation Guide

McAfee epolicy Orchestrator Installation Guide McAfee epolicy Orchestrator 5.10.0 Installation Guide COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee epo,

More information

AppDefense Getting Started. VMware AppDefense

AppDefense Getting Started. VMware AppDefense AppDefense Getting Started VMware AppDefense You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit

More information

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview

Product overview. McAfee Web Protection Hybrid Integration Guide. Overview McAfee Web Protection Hybrid Integration Guide Product overview Overview The McAfee Web Protection hybrid solution is the integration of McAfee Web Gateway and McAfee Web Gateway Cloud Service (McAfee

More information

McAfee Network Security Platform 8.3

McAfee Network Security Platform 8.3 8.3.7.44-8.3.7.14 Manager-Virtual IPS Release Notes McAfee Network Security Platform 8.3 Revision A Contents About this release New features Enhancements Resolved issues Installation instructions Known

More information