Data Sheet McAfee Security Management Center Unified management for next-generation devices Key advantages: Single pane of glass across the management lifecycle for McAfee next generation devices. Scalability for large and distributed installations. Workflow automations for accurate and fast deployment and maintenance. Situational awareness and visibility for the entire network. Unified Network Security Management The McAfee Security Management Center forms the core of our security solution, providing unified network security management for the McAfee Next Generation Firewall, McAfee Firewall/VPN, and McAfee Next Generation Firewall in IPS mode. In addition to managing McAfee next-generation devices, the McAfee Security Management Center also provides event management, status monitoring, and reporting capabilities for thirdparty devices. By collecting all of this information in one centralized system, administrators can get a complete overview of what is occurring in their environment. The McAfee Security Management Center includes at least one management server and one log server that can be installed either on the same or separate servers. The management client is the graphical user interface used for configuring, managing, and monitoring the entire system. Optionally, the McAfee Security Management Center solution can be extended by adding additional management and log servers and web portal servers. The McAfee Security Management Center is designed to manage large, geographically distributed installations. It is flexible and allows you to scale up current components and add new components to the system without sacrificing ease-of-use. The larger the environment, the greater the benefits you gain through the efficient policy management, centralized monitoring, and reporting capabilities the McAfee Security Management Center provides. The administration workflows are optimized to make daily security management as efficient as possible. McAfee Security Management Center High Availability enables you to build an extremely resilient management infrastructure, ensuring continuous access to the management and log resources. When using the high availability option, administrators have full control of the security devices even if the primary management server is unavailable. Log server high availability ensures that logs and alerts are received even if the primary log server is unavailable. With McAfee Security Management Center High Availability licenses, you ensure that maintenance of the management or log server does not cause any interruptions in business traffic. The McAfee Security Management client provides all relevant security management tools and functions in the same unified graphical user interface. Configuration, monitoring, logging, status information, alerts, reports, updates, and upgrades can be managed centrally for all devices, regardless of their physical location. All these tools have been designed to work seamlessly together from day one. The McAfee Security Management client provides administrators with shortcuts and drill-down actions for effective management of the whole security environment.
McAfee Security Management Center specifications Management Server Number of Managed Devices License is limited: 2 to 2,000 nodes with one management server. Number of Administrators Number of Elements Number of Policies Number of Log Servers Number of Servers Administrator Authentication Local database, RADIUS Device Connections SSL-encrypted Log Server Number of Supported Devices Log Records per Second The high-performance logging system is able to process more than 100,000 records/s Device Connections SSL-encrypted Log Storage Size Number of Log Forwardings per Log Server Figure 1. Unified management for different installation, types, and roles. Features General Management Client SMC API Simultaneous Administrators High Availability Automatic Updates and Upgrades Backups Navigation Search Tools Quick Filtering Multi-Selection support System Clean Up Tools Java-based client program with Webstart support Documented API enabling easy third-party product and service integration. Uses REST architecture where data can be XML or JSON coded. Several administrators can perform changes at the same time. Critical elements like policies are locked for editing. Support for up to four standby management servers. Management automatically downloads the latest nextgeneration firewall upgrades and dynamic updates Integrated backup tool for taking backups from the whole system, including all next-generation firewall configurations Intuitive browser-like navigation with browsing history, tabs, and bookmarks Efficient element and references search tools Convenient type-ahead filtering in element lists, tables, and policy cells Perform actions and commit changes to hundreds of elements at the same time Enables administrator to easily find which elements and rules are not used Administration Alert Escalations Alert Thresholds Audit Logs System Reports Plug and Play Installation Automated tasks Domains Import/Export Messenger Tool Remote Upgrades Roles-Based Access Control License Management Troubleshooting Tools Allows administrator to forward alerts from the system using email, SMS, SNMP trap, and custom scripts Automatic alert thresholds for overview statistics Extensive audit information about all changes in the system Inventory and audit reports about administrators activities Automatic installation: cloud (or USB stick)-based installation with initial policy push Refresh policies; archive, export, and delete logs; make backups with automated tasks Allows you to divide environment to isolated configuration domains XML and CSV export and import with intelligent conflict handling between McAfee Security Management Center installations Integrated administrator messaging tool One-click fail-safe remote upgrade Flexible and accurate administrators permission control Automatic online license updates and maintenance contract status reports Extensive remote diagnostic capabilities: integrated traffic capture tool, diagnostics, configuration snapshot download from next-generation firewall, session monitoring views
Customer Helpdesk Administrator Management Client Server Management Server Log Server Security Management Center (SMC) 3rd Party Device NGFW NGFW NGFW NGFW Figure 2. Key components in McAfee Security Management Center architecture. Policy Management Virtual Contexts Hierarchical Policy Management Application Identification URL Filtering Domain Names User Identification Zones Quality of Service (QoS) Policies NAT Policy Validation Tool Policy Snapshots Policy Restoration Rule Usage Optimization Tool Rule Search Tool Rule Names Fail-Safe Policy Uploads Share same master context across several McAfee Security Management Center domains; to up to 250 virtual contexts that can each have their own policies and routing tables Policy templates, sub-policies, aliases, and rule comment sections keep the policy organized and understandable Ability to identify applications by pay- load and restrict access accordingly Restrict access by URL categories Restrict access dynamically by using domain names Create user-based rules either with or without authentication Physical interfaces can be tagged with zones and referred in the policies QoS class-based policy configuration Default NAT Element based NAT NAT policies Helps administrator to find configuration mistakes before policy activation Allows you to explore and compare next-generation firewalls configuration history A previous policy version can be re- covered and uploaded to the next-generation firewall Enables administrator to see how many times each rule has matched within a specified time period Integrated tool for searching rules in policies Ability to create rule names which are visible in logs, statistics, and reports System automatically restores the previous policy version in case the new version fails Configuration Authentication Server Routing Automatic Anti-spoofing VPN Management Incident Case Management Firewall Element Creation Wizard Browser-Based User Authentication Figure 3. Policy Editor. McAfee Security Management Center server provides four RADIUS-based strong authentication methods and automatic user linking capabilities for existing AD/ LDAP server Drag-and-drop routing configuration for the firewalls Anti-spoofing configuration is created automatically based on routing Easy-to-use VPN editor and VPN diagrams that reveal the underlying topology Integrated tools for collaborative network incident management Create hundreds of firewall elements through a firewall creation wizard Configure and customize an easy browser-based authentication service for your users
Figure 4: Real-time monitoring with customizable Overviews. Status, Statistics, and Reporting System Status Monitoring Appliance Status Monitoring Networks Diagrams Session Monitoring Overviews Geolocations Reporting Third-Party Event Management Third-Party Device Monitoring Third-Party Device Log Reception NetFlow/IPFIX Reception Third-Party Device Statistics Number of Supported Third-Party Devices Licensing Real-time status information about network devices and their connections Graphically follow the hardware status of the appliances Visualize configurations, topologies, and status connectivity with drawings Dedicated views to monitor connections, VPN SAs, authenticated users, active alerts, and dynamic and static routes Customize dashboards of network statistics for real-time monitoring See the country information for all IP addresses with the help of country flags and geolocation statistics. See where network attacks come from. Customize and schedule reports that provide detailed information about network statistics Lightweight web access to policies, logs and reports Allows administrator to monitor and view status changes in thirdparty device availability Log parsing and reception in syslog format for third-party devices. Out-of-the-box support for CEF, LEEF, CLF, and WELF format Ability to receive and consolidate data in NetFlow v9 and IPFIX formats Graphical statistics and reports based on third-party log data and SNMP counters 200 per log server Each third-party device consumes 0.2 from management server license device count Logs Log Browser Drag-and-Drop Filtering Log Statistics Log Visualizations Log Aggregations Archiving Backups Log Exports Log Forwarding Log Data Contexts High Availability Common log browsing view for all log data Efficient log filtering; drag and drop any log data cell to the query panel Create log statistics on the fly and see the top trends Find the anomalies in logged traffic in filterable log visualizations Summarize large amount of filtered log data by any columns Archive logs in multiple directories by using filtering Integrated backup mechanism for log server configuration and log data CSV, XML, CEF, LEEF, and McAfee ESM log exporting; logs can be also exported to PDF and ZIP files directly from the log browser Real-time log redirection in syslog, CEF, LEEF, XML, CSV, IPFIX, NetFlow and McAfee ESM formats; configuration for filtering, data type, and log field selection available Shortcuts to browse different types of logs with dedicated column sets Support for backup log servers
Key advantages: Efficient usage of one network for multiple customers and organizations. Highly granular and flexible admin access rights including domains. Safe and optimized control and management in multi-domain environment. McAfee Domains for Centralized Management of Customer Environments Domains allow managed security service providers (MSSPs) to easily manage different customer environments with a single management server. Traditionally, MSSPs are challenged by the admin is tration and costs of managing multiple servers for each domain. Now configurations can be shared across domains, and administrators can quickly make configuration changes and reuse configurations. The unique architecture of the McAfee Domain solution simplifies MSSP environments, making them easier to maintain. With the McAfee Domain solution, administrators can make sure customers network elements never get mixed up. Administrators responsibilities can be accurately defined, and access can be limited to only the domains they control. MSSPs can also provide their customers additional services by giving them reliable and lightweight web portal access to reports, policy configurations, and logs. Domains also simplify the management environment significantly. Customer environments remain clean and easy to manage, decreasing the risk of human error. There is no need to see thousands of network elements if they are irrelevant to the context currently being managed. For this reason, McAfee Domains are not only useful for MSSP, but also for large enterprises. Administrators can split distributed environments into domains and keep the environment well organized and easier to manage. McAfee Security Management Center Customer 1 Shared Domain Customer 2 Administrators Define Administrator responsibilities Customer 3 Customer 1 Read-only access for customers or local administrators Figure 5: Logical layouts of the domains added. McAfee Domains specifications Domains Specifications Maximum Number of Domains 200 Number of Administrators Number of Managed Devices per Domain Number of Elements per Domain Features Configuration Separation Isolate customer environments to different domains and make sure that customers network elements never get mixed up Configuration Sharing Share elements such as policy templates for all domains Access Control Configure the administrators visibility and responsibilities with the help of domains Monitoring Monitor the status of all granted domains with the help of the domain overview Customization Customize the PDF style templates Migration Tools Move elements between domains with the integrated move-to tool Import/Export Import and export elements between different McAfee Security Management Center installations and domains Virtual Contexts Share the same master context across domain boundaries of up to 250 virtual contexts, which can each have their own policies and routing tables
Key advantages: Transparent network status available for defined users. Safe and scalable read-only access to network security. Up-to-date network information and reports using standard web browser. McAfee Server for Centralized Management of Customer Environments MSSPs and large enterprises often need to give their customers or remote offices access to the logs of their next-generation firewall without actually granting them access to the management server. The customers may also require the ability to review the current configuration of their next-generation devices to ensure that their change requests have been implemented. Often companies also need to provide daily, weekly, or monthly reports to certain stakeholders to keep them updated about the status of their network. almost any mobile device. Because of its excellent accessibility, McAfee is a convenient tool for the administrators outside of office hours. Administrators may start troubleshooting network issues with their mobile phone before returning to the office to work with the management client. McAfee can be easily customized for different languages. English, Spanish, and French language versions are provided by default. Administrators can also easily add new languages. McAfee provides customers, remote and local administrators, or management with lightweight web-based access to view the logs, scheduled reports, current policies, and the policy change history of their environment. Administrators can accurately define what information is shown for McAfee users. Giving the local administrators or help desk personnel read-only access to logs, current configurations, and recent policy changes significantly reduces the volume of support cases and improves the quality of their change requests. McAfee does not require users to install any software. Because McAfee is implemented in HTML, it can be used with Figure 6. clientless read-only access for e.g. end customer or internal helpdesks. McAfee Server specifications Specifications Maximum Number of Concurrent Users Number of Administrators Number of McAfee Web Portal Users User Authentication Device Connections Features Security Policies Reports Log Browsing Log Details PDF Export Announcements Policy Comparison Localization Customization 250 per license License limited Management server database, RADIUS SSL-encrypted View next-generation firewalls latest configurations in HTML format View reports that are scheduled to be published in McAfee in HTML format Browse and filter the logs in HTML format View log event visualizations and other log details in a separate HTML page Print reports and logs to PDF documents Administrators can specify announcements to be shown in McAfee Compare the different next-generation firewall configuration versions to see if your change request has been implemented McAfee can be easily translated to any language Customize the look and feel of the McAfee 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2014 McAfee, Inc. 61041ds_smc_0414_fnl_ETMG