MCAFEE INTEGRATED THREAT DEFENSE SOLUTION

Similar documents
SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

WHITEPAPER ENDPOINT DETECTION AND RESPONSE BEYOND ANTIVIRUS PROACTIVE THREAT HUNTING AT THE ENDPOINT

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

2018 Edition. Security and Compliance for Office 365

Building Resilience in a Digital Enterprise

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

RSA NetWitness Suite Respond in Minutes, Not Months

Sandboxing and the SOC

SIEM Solutions from McAfee

Are we breached? Deloitte's Cyber Threat Hunting

Mastering The Endpoint

Symantec Ransomware Protection

Security and Compliance for Office 365

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Traditional Security Solutions Have Reached Their Limit

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Carbon Black PCI Compliance Mapping Checklist

The Cognito automated threat detection and response platform

CloudSOC and Security.cloud for Microsoft Office 365

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

GDPR: An Opportunity to Transform Your Security Operations

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Power of the Threat Detection Trinity

Vectra Cognito Automating Security Operations with AI

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

empow s Security Platform The SIEM that Gives SIEM a Good Name

Security Automation Best Practices

Un SOC avanzato per una efficace risposta al cybercrime

ForeScout Extended Module for Splunk

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

THE ACCENTURE CYBER DEFENSE SOLUTION

Novetta Cyber Analytics

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

ForeScout ControlFabric TM Architecture

Validating Hyperconsolidation Savings With VMAX 3

CYBER RESILIENCE & INCIDENT RESPONSE

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

McAfee Advanced Threat Defense

Securing the Modern Data Center with Trend Micro Deep Security

Advanced Threat Defense Certification Testing Report. Symantec Corporation Symantec Advanced Threat Protection

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

JUNIPER SKY ADVANCED THREAT PREVENTION

ARC VIEW. Critical Industries Need Active Defense and Intelligence-driven Cybersecurity. Keywords. Summary. By Sid Snitkin

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

IT-Security Symposium in Stuttgart. Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen

Building a Threat Intelligence Program

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

MANAGED DETECTION AND RESPONSE

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1

Integrated, Intelligence driven Cyber Threat Hunting

Security Operations in Flux

Cisco Stealthwatch Improves Threat Defense with Network Visibility and Security Analytics

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Reducing the Cost of Incident Response

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Juniper Sky Advanced Threat Prevention

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

BUFFERZONE Advanced Endpoint Security

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD

Defend Against the Unknown

deep (i) the most advanced solution for managed security services

CYBER SOLUTIONS & THREAT INTELLIGENCE

Technical Brochure F-SECURE THREAT SHIELD

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

BETTER Mobile Threat Defense (BMTD)

Abstract. The Challenges. ESG Lab Review Proofpoint Advanced Threat Protection. Figure 1. Top Ten IT Skills Shortages for 2016

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Orchestrating and Automating Trend Micro TippingPoint and IBM QRadar

Automating the Top 20 CIS Critical Security Controls

Bromium: Virtualization-Based Security

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

Incident Response Agility: Leverage the Past and Present into the Future

How Vectra Cognito enables the implementation of an adaptive security architecture

FROM SIEM TO SOC: CROSSING THE CYBERSECURITY CHASM

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

I D C T E C H N O L O G Y S P O T L I G H T

Whitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response

Transcription:

IDC Lab Validation Report, Executive Summary MCAFEE INTEGRATED THREAT DEFENSE SOLUTION Essential Capabilities for Analyzing and Protecting Against Advanced Threats By Rob Ayoub, CISSP, IDC Security Products Team Sponsored by McAfee March 2017

Lab Validation Report Executive Summary IDC validated five key user case scenarios leveraging the McAfee Integrated Threat Defense Solution: 4 Zero-day malware protection with dynamic endpoint 4 Ransomware drive by download protection 4 Server Malware Protection via App Control 4 Threat Hunting 4 Malware protection with IPS IDC Opinion McAfee Integrated Threat Defense solution combines integrated sensors, analytics and intelligence into an automated orchestration to combat known and unknown malware. It provides security professionals all the tools & automation they need to detect, protect against, and find the latest, ever-changing, advanced threats. By leveraging Threat Intelligence Exchange and the Data Exchange Layer capabilities of McAfee products, the entire security infrastructure can operate in a coordinated and automated function, constantly evaluating and taking action on threats as soon as its clear that a evidence exists. pg 2

Key finding: Detect and prevent the spread of malicious zero-day malware IDC Inference: IDC felt that ransomware protection provided by the endpoint client was easy to deploy and administer. A great deal of automated analysis occurred throughout the scenario. Highlights Include: Dynamic Endpoint prevents advanced malware delivered / installed on the system Solution automatic analyze suspicious files and produce indicators of compromise Analysis tools (ATD) have signature and behavior analysis capability Solution produces actionable indicators to security operations? Solution provides the common incident triage capability from single console (SIEM) pg 3

Key finding: Detected and prevented the spread of a drive-by download IDC Inference: In the case of preventing drive-by downloads, many solutions require manual intervention. The McAfee Integrated Threat Defense Solution adds a great deal of automated evaluation and response to a potentially dangerous situation. Highlights Include: Web Gateway can prevent advanced malware delivered through spear phishing Solution automatic analyze suspicious files and produce indicators of compromise Analysis tools (ATD) have signature and behavior analysis capability Solution produces actionable indicators to security operations? Solution provides the common incident triage capability readable from single console pg 4

Key finding: Server malware protection via application control IDC Inference: Application control allows the setting of automated policies, protecting an organization s most sensitive assets application servers. Highlights Include: Dynamic Endpoint can protect whitelisted servers from malicious software Solution automatic analyze suspicious files and produce indicators of compromise Analysis tools (ATD) have signature and behavior analysis capability Solution produces actionable indicators to security operations? Solution provides Endpoint Detection and Response capability (Yes/No) Incident triage capability readable from single console pg 5

Key finding: Threat hunting IDC Inference: Malware hunting is becoming a critical component of incident response. The onus is being placed on organizations to understand the breadth and scope of incidents. The McAfee Integrated Threat Defense Solution provides a breadth of search functionality to aid analysts in tracking down the extent of a breach. Highlights Include: Solution can parse indicators of compromise automatically Solution provides Endpoint Detection and Response capability Solution provides the common incident triage capability with % automated and % readable from single console Solution shares intelligence automatically across network and endpoint defenses Solution can search for Indicators of Compromise automatically Solution can prevent attacks based on indicators of compromise pg 6

Key finding: Malware protection with IPS IDC Inference: IDC felt that ransomware protection provided by the endpoint client was easy to deploy and administer. A great deal of automated analysis occurred throughout the scenario. Highlights Include: IPS can prevent advanced malware delivered through spear phishin Solution can analyze suspicious files and produce indicators of compromise Analysis tools (ATD) have signature and behavior analysis capability Solution produces actionable indicators to security operations? Solution provides Endpoint Detection and Response capability Solution provides the common incident triage capability with % automated and % readable from single console Solution provides workflow integration capability between analysis tools and EDR tool Solution provides workflow integration capability between web gateway and analysis tools (Yes/No) Solution provides workflow integration capability between analysis tools and SIEM Solution provides remote remediation capability Solution adapts network and endpoint security to prevent future attacks on same vector pg 7

Validation Process IDC performed the validation at McAfee s lab in the Netherlands. The test bed consisted of a wide range of McAfee products including IPS, SIEM, Endpoint, Server, Secure Web Gateway, ATD, and TIE. Each feature was validated independently using different configuration and test bed environment. IDC Lab Validation Methodology This Lab Validation Brief provides a summary of an extensive validation process performed by IDC in collaboration with the supplier s teams. IDC relied on the supplier s equipment, facilities and their configuration to perform this validation. All the tests were conducted during the presence of one or more IDC Analysts. This Brief is meant to provide a quick set of inferences and insights for IT professionals and business decision makers seeking to perform further due diligence on the capabilities of the product and/or services that have been validated in this Brief. However, the goal of this Brief is not to supply detailed hands-on test plans and validation jobs. It is not meant to replace the evaluation process that most businesses will conduct before making any decision to purchase the product and/or services. It is for this reason that this Brief is not designed to be an all-inclusive document on all the capabilities of the product, but rather as a concise document that highlights features/functions of products, their relative performance with respect to a traditional environment and the value these features bring to businesses looking to solving certain problems for Hadoop workloads. Finally, even though this Brief is a sponsored document, it is not meant to be an IDC endorsement of the product, service or the sponsoring supplier. IDC s opinions are its own and not influenced by the production of this document. pg 8

Validation Test Bed This table provides a summary of test environment details for each feature validated. Threat Defense # of threat defense Automation DXL Function steps validated Level Integrated Product Components: Attack detection and initial containment 3 100% Yes McAfee Endpoint Security (ENS 10.2) 4 100% Yes McAfee Network Security Platform (NSP 8.3.7.7) 4 100% Yes McAfee Web Gateway (MGW 7.6.2.6) Threat Intelligence Validation 4 75% Yes McAfee Threat Intelligence Exchange (TIE 2.0.1) McAfee Global Threat Intelligence Detonation Analytics 7 100% Yes McAfee Advanced Threat Detection (ATD 3.8) Historical analytics (Scope) & Response 4 75% Yes McAfee Enterprise Security Manager (ESM 9.6 (10.0)) 2 50% Yes McAfee Active Response (MAR 1.1.0) pg 9

Essential Guidance Advice to Buyers: There are several core issues keeping CISOs up at night. The everchanging attack landscape, the potential for their organization to be front page in the news, and the difficulty in finding and retaining qualified security talent are foremost challenges for all organizations large and small. However, business cannot stop and conversely, organizations cannot just do nothing. The answer to these challenges is to increase the depth of security with an integrated approach that is constantly monitoring, analyzing, and protecting against attacks known and unknown across all vectors. Additionally, this solution must provide an interface and searching capabilities that allow analysts to automate the most basic components of their job, giving them the tools they need to discover potential breaches, determine whether a breach occurred, evaluate just how widespread an incident might be and remediate. The solution that addresses all these challenges must not just be the best solution for a given attack vector, but needs to be effective quickly and across a wide variety of attack platforms. The solution that helps CISOs sleep better must be integrated across the entire infrastructure physical, virtual, and cloud. The solution must see across the entire network, down to the endpoint. It must be able to provide a history of files as they are downloaded and mover across the network. No single point solution can provide all the functionality necessary to address the threat landscape of today. Communication and information dissemination are also key features needed to address a CISOs top concerns. All the components in an integrated solution must be able to quickly and automatically rely information to security analysts and to other components in the network. This is the only way that threats can be stopped without having to rely on slow and cumbersome manual investigation. pg 10

Essential Guidance Continued The McAfee Integrated Threat Defense Solution addresses all the challenges presented above. It combines integrated sensors, analytics and intelligence into an automated orchestration to combat known and unknown malware. The McAfee DXL enabled lab integrates and automates during an average 8 minutes of orchestrated threat response 25 different threat triage steps 3 threat protection platforms - endpoint, web and network security - covering file, application, web and network threat vectorss 3 security analytic engines - MAR, ESM & ATD - covering real-time, historical and in-depth malware analysis 9 different threat intelligence checks The solution provides policy guided protection across the entire infrastructure. It takes automatic actions to evaluate potentially malicious files and determine conclusively whether those files pose a threat and remediate those files appropriately. The McAfee Integrated Solution provides a rich set of investigative tools for security analysts to use to dive deep into their network allowing them to understand the indicators of compromise (IoCs) and the trail that an attacker might leave as they look for critical data to steal. The McAfee Integrated Threat Defense Solution is designed to augment the security team. Few vendors have the depth of coverage provided by McAfee and the benefits of an integrated system are clear when looking at the variety of scenarios that security teams might be faced with. pg 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback