McAfee Advanced Threat Defense

Similar documents
Sandboxing and the SOC

McAfee Endpoint Threat Defense and Response Family

Building Resilience in a Digital Enterprise

Defend Against the Unknown

Securing the Software-Defined Data Center

Securing Your Microsoft Azure Virtual Networks

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

SIEM Solutions from McAfee

Securing Your Amazon Web Services Virtual Networks

McAfee Virtual Network Security Platform

McAfee Advanced Threat Defense Release Notes

Services solutions for Managed Service Providers (MSPs)

McAfee Endpoint Security

Sustainable Security Operations

McAfee Public Cloud Server Security Suite

McAfee epolicy Orchestrator

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

McAfee Embedded Control

GDPR: An Opportunity to Transform Your Security Operations

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

McAfee Total Protection for Data Loss Prevention

The McAfee MOVE Platform and Virtual Desktop Infrastructure

McAfee Database Security Insights

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Seven Steps to Ease the Pain of Managing a SOC

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

Cisco Advanced Malware Protection for Endpoints

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Security by Default: Enabling Transformation Through Cyber Resilience

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Lastline Breach Detection Platform

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

Petroleum Refiner Overhauls Security Infrastructure

Symantec Ransomware Protection

Comprehensive Database Security

McAfee Web Gateway Administration

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

ForeScout ControlFabric TM Architecture

Agile Security Solutions

McAfee Network Security Platform Administration Course

Product Guide. McAfee Advanced Threat Defense 4.2.0

Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing

Advanced Malware Protection: A Buyer s Guide

Juniper Sky Advanced Threat Prevention

Expand Virtualization. Maintain Security.

McAfee Threat Intelligence Exchange Product Guide. (McAfee epolicy Orchestrator)

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Symantec & Blue Coat Technical Update Webinar 29. Juni 2017

SIEM: Five Requirements that Solve the Bigger Business Issues

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Intelligent, Collaborative Endpoint Security

McAfee MVISION Cloud. Data Security for the Cloud Era

McAfee Network Security Platform

JUNIPER SKY ADVANCED THREAT PREVENTION

Protecting Your Enterprise Databases from Ransomware

AT&T Endpoint Security

Office 365 Buyers Guide: Best Practices for Securing Office 365

McAfee Network Security Platform

Protection - Before, During And After Attack

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

White Paper. New Gateway Anti-Malware Technology Sets the Bar for Web Threat Protection

Symantec Advanced Threat Protection: Endpoint

CloudSOC and Security.cloud for Microsoft Office 365

Automated Response in Cyber Security SOC with Actionable Threat Intelligence

Symantec Client Security. Integrated protection for network and remote clients.

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Data Sheet: Endpoint Security Symantec Multi-tier Protection Trusted protection for endpoints and messaging environments

Traditional Security Solutions Have Reached Their Limit

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Managed Endpoint Defense

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

RSA NetWitness Suite Respond in Minutes, Not Months

THE ACCENTURE CYBER DEFENSE SOLUTION

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

TREND MICRO SMART PROTECTION SUITES

Compare Security Analytics Solutions

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

How Vectra Cognito enables the implementation of an adaptive security architecture

McAfee Skyhigh Security Cloud for Amazon Web Services

Advanced Threat Protection Buyer s Guide GUIDANCE TO ADVANCE YOUR ORGANIZATION S SECURITY POSTURE

Symantec Security Monitoring Services

McAfee Application Control/ McAfee Change Control Administration

McAfee Network Security Platform

SYMANTEC DATA CENTER SECURITY

The Next Generation Security Platform. Domenico Stranieri Pre- Sales Engineer Palo Alto Networks EMEA Italy

EU GENERAL DATA PROTECTION: TIME TO ACT. Laurent Vanderschrick Channel Manager Belgium & Luxembourg Stefaan Van Hoornick Technical Manager BeNeLux

align security instill confidence

The Cognito automated threat detection and response platform

THE RSA SUITE NETWITNESS REINVENT YOUR SIEM. Presented by: Walter Abeson

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

SOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD


Reducing the Cost of Incident Response

FIREWALL OVERVIEW. Palo Alto Networks Next-Generation Firewall

Cloud Sandboxing Against Advanced Persistent Attacks

Transcription:

Advanced Threat Defense Detect advanced malware Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and expose evasive threats. Tight integration between security solutions from network and endpoint to investigation enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network. Our technology has transformed the act of detection by connecting advanced malware analysis capabilities with existing defenses from the network edge through the endpoint and sharing threat intelligence with the entire IT environment. By sharing threat intelligence across the ecosystem, integrated security solutions work together to immediately shut down command-and-control communications, quarantine compromised systems, block additional instances of the same or similar threats, assess impact, investigate, and take action. Advanced Threat Defense: Detect Advanced Threats Advanced Threat Defense detects today s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and realtime emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of indepth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights. Advanced Threat Defense Key Differentiators Broad solution integration Integration with existing solutions, third-party email gateways and other products supporting open standards Close the gap from encounter to containment and protection across the organization Streamline workflows to expedite response and remediation Enable automation Powerful analysis capabilities Combine in-depth static code analysis, dynamic analysis, and machine learning for more accurate detection with unparalleled analysis data Advanced features support the SOC and enable investigation Connect With Us 1 Advanced Threat Defense

Malware writers use packing to change the composition of the code or to hide it in order to evade detection. Most products cannot properly unpack the entire original (source) executable code for analysis. Advanced Threat Defense includes extensive unpacking capabilities that remove obfuscation, exposing the original executable code. It enables in-depth static code analysis to look beyond high-level file attributes for anomalies, analyzing attributes and instruction sets to determine the intended behavior. Together, in-depth static code, machine learning, and dynamic analysis provide a complete, detailed evaluation of suspected malware. Unparalleled analysis output produces summary reports that provide broad understanding and action prioritization, and more detailed reports that provide analyst-grade data on malware. Enhance protection Tight integration between Advanced Threat Defense and security devices from the network edge through the endpoint enables integrated security devices to take immediate action when Advanced Threat Defense convicts a file as malicious. This tight and automated integration between detect and protect is critical. Advanced Threat Defense can integrate in different ways: direct with select security solutions, through Threat Intelligence Exchange, or through Advanced Threat Defense Email Connector. A direct integration enables security solutions to take action on files convicted by Advanced Threat Defense. They can immediately incorporate threat intelligence into existing policy enforcement processes and block additional instances of the same or similar files from entering the network. Advanced Threat Defense convictions appear in the integrated products logs and dashboards as if the entire analysis had been completed onboard, streamlining workflows and enabling administrators to efficiently manage alerts by working through a single interface. Integration with Threat Intelligence Exchange extends Advanced Threat Defense capabilities to additional defenses including Endpoint Protection and enables a broad range of integrated security solutions to access analysis results and indicators of compromise. If a file is convicted by Advanced Threat Defense, Threat Intelligence Exchange immediately publishes threat information via a reputation update to all integrated countermeasures within the organization. Flexible, centralized deployment Reduce cost with centralized deployment that supports multiple protocols Flexible deployment options support every network Integrated Solutions Active Response Advanced Threat Defense Email Connector Enterprise Security Manager epolicy Orchestrator software Network Security Platform Threat Intelligence Exchange Application Control Endpoint Protection Security for Email Servers Server Security Web Gateway Bro Network Security Monitor TAXII (Trusted Automated exchange of Indicator Information) 2 Advanced Threat Defense

Threat Intelligence Exchange-enabled endpoints can block patient-zero malware installations and provide proactive protection if the file appears in the future. Threat Intelligence Exchange-enabled gateways can prevent the file from entering the organization. Additionally, Threat Intelligence Exchangeenabled endpoints continue to receive file conviction updates when off-network, eliminating blind spots from out-of-band payload delivery. Advanced Threat Defense Email Connector enables Advanced Threat Defense to receive email attachments for analysis from an email gateway. Advanced Threat Defense analyzes files in the attachments and returns a verdict to all active email gateways within the header of the message. The email gateway can then take policy-based action, such as deleting or quarantining the attachment, preventing the malware from infecting and spreading into the internal network. An offline mode enables email with attachments to be delivered to the end user while being scanned by Advanced Threat Defense. The email gateway does not wait for a verdict on the attachment. Administrators view attachment scanning results through Advanced Threat Defense or Threat Intelligence Exchange. For enhanced detection at the email server, Advanced Threat Defense integrates with Security for Email Servers through Threat Intelligence Exchange. Threat-sharing to enhance and automate investigation To investigate and remediate an attack, organizations need comprehensive visibility with actionable intelligence to make better decisions and respond appropriately. Advance Threat Defense produces in-depth threat intelligence that is easily shared across your entire environment to enhance and automate investigations. Support for Data Exchange Layer (DXL) and REST application programming interfaces (APIs) facilitates integrations with other products and widely used threat-sharing standards, such as Structured Threat Information expression (STIX)/ Trusted Automated exchange of Indicator Information (TAXII) further enables organizations to create, support, and expand a collaborative security ecosystem. Within a ecosystem, Enterprise Security Manager consumes and correlates detailed file reputation and execution events from Advanced Threat Defense and other security systems to provide advanced alerting and historic views for enhanced security intelligence, risk prioritization, and real-time situational awareness. With indicator of compromise data from Advanced Threat Defense, Enterprise Security Manager will look back up to six months to hunt for indications of these artifacts in any network or system data it has retained. It can reveal systems that have previously communicated with newly 3 Advanced Threat Defense

identified malware sources. Tight integration with Endpoint Protection, Threat Intelligence Exchange, and Active Response optimizes security operations response and efficiency with visibility and action such as issuing new configurations, implementing new policies, removing files, and deploying software updates that can proactively mitigate risk. Informed action is easily taken when infected endpoints across the network are automatically identified by Active Response and listed in Advanced Threat Defense reports. Analyst efficiency is increased when these detailed reports are viewed from a single workspace within Active Response. Advanced capabilities support investigation Advanced Threat Defense offers numerous, advanced capabilities including: Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation. User interactive mode: Enables analysts to interact directly with malware samples. Extensive unpacking capabilities: Reduces investigation time from days to minutes. Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments. Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution. Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps. Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to Advance Threat Defense for inspection. Deployment Flexible advanced threat analysis deployment options support every network. Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace. Figure 1. Timeline activity visualizes execution steps of the analyzed threat. 4 Advanced Threat Defense

Figure 2. Results map to MITRE ATT&CK framework. Figure 3. A filtered view of the results displayed in Figure 2 focuses report on identified techniques. 5 Advanced Threat Defense

Advanced Threat Defense Specifications Physical form factor Virtual form factor Detection File sample types supported Analysis methods Supported OS Output formats Submission methods ATD-3100 1U Rack-Mount v1008 ESXi 5.5, 6.0, 6.5, 6.7 Hyper-V Windows Server 2012 R2, Windows Server 2016 Azure Marketplace ATD-6100 1U Rack-Mount PE files, Adobe files, MS Office Suite files, Image files, Archives, Java, Android Application Package, URLs Anti-Malware, GTI reputation: file/url/ip, Gateway Anti-Malware (emulation and behavioral analysis), dynamic analysis (sandboxing), in-depth code analysis, custom YARA rules, machine learning: deep neural network Win 10 (64-bit), Win 8.1 (64-bit), Win 8 (32-bit/64-bit), Win 7 (32-bit/64-bit), Win XP (32-bit/64-bit), Win Server 2016, Win Server 2012, Win Server 2012 R2, Win Server 2008, Win Server 2003, Android Windows operating system support available in all languages. STIX, OpenIOC, XML, JSON, HTML, PDF, text Point product integrations, RESTful APIs, manual submission, and Advanced Threat Defense Email Connector (SMTP) Learn More For information or to start an evaluation of Advanced Threat Defense, contact your representative or visit www.mcafee.com/atd. 2821 Mission College Blvd. Santa Clara, CA 95054 888.847.8766 www.mcafee.com and the logo are trademarks or registered trademarks of, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation. Copyright 2018, LLC. 4169_1118 NOVEMBER 2018 6 Advanced Threat Defense

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback