Sorting
From A to Z
Deployments found: 13
This large global software company with more than 20,000 employees in 20 countries has implemented an IT infrastructure that is highly virtual and fluid. Systems come and go daily on the company’s network. For instance, in a recent week, 45,000 systems, including virtual machines, connected to the corporate network.
However, during peak periods, up to 150,000 endpoints can be connected. For the company’s senior manager of security engineering, who oversees the team responsible for deployment of all security tools across the global enterprise, this environment poses distinct challenges.
A large, for-profit government contractor based in the eastern corridor of Washington, D.C. provides business services to government agencies in the US and other countries. Employing more than 15,000 professionals, the organization administers programs of all sizes, from enormous federal programs to smaller state and local programs that directly assist a broad sector of the population.
Biggest Challenge of Adopting the Cloud isn’t Technical
Increasingly the organization’s clients had begun asking about the possibility of receiving cloud-based services because of lower TCO. Internally, the company also realized that it could reap significant benefits from providing services using the public cloud. Like its customers, the organization could take advantage of reduced TCO. Using the public cloud, it could also quickly ramp up or scale down the number of users—a huge benefit for a company with so many contracted projects.
Clearly, the cloud belonged in the government contractor’s future, so the system analyst and his colleagues set out to figure out how best to secure it. In the process, they discovered that, as he puts it: “The biggest challenge of the public cloud isn’t technical.” Rather, it is overcoming the perception that the cloud can’t be secured.
“We have had to educate both internally and externally that we can extend our existing threat defenses beyond our physical infrastructure to the public cloud,” says the system analyst. “Education is ongoing, but our success thus far at securely leveraging the public cloud is converting the naysayers.”
Easy Deployment of Cloud Protection for AWS
After carefully researching cloud security options, the company decided to implement McAfee Cloud Workload Security before launching its first contracted project using Amazon Web Services (AWS). They already relied on the McAfee integrated security platform and a variety of McAfee solutions to secure its physical and virtual infrastructure of 35,000 endpoints (including servers).
These products are all managed using the McAfee ePO central console—as is McAfee Cloud Workload Security.
“Adding the public cloud to our McAfee infrastructure was simple,” notes the system analyst. “We spun out the cloud side in less than a week. With McAfee ePO software, it was easy to implement McAfee Cloud Workload Security and set security policies for the project.” As part of the McAfee Cloud Workload Security solution, they deployed the Data Center Connector for AWS, Cloud Usage Metering, Data Protection for Cloud, Data Center Visualization, and Data Center Assessment components. With this functionality, the organization has end-to-end visibility into all cloud workloads and their underlying platforms and insights into weak security controls, unsafe firewall and encryption settings, and indicators of compromise (IoCs). In addition, the same McAfee Endpoint Security, which protects its physical and virtual endpoints, protects the company’s endpoints within the AWS cloud. Flexibility and Bandwidth to Accommodate Volatility in Server Volume The company’s first AWS-based project serves a handful of US federal government agencies with a combined total of 1,500 endpoints. As part of the project, the company created a web-based portal where authorized users from these agencies can review aspects of their program’s infrastructure, request changes, and exchange information. “Portal traffic is very fluid,” explains the system analyst. “The number of servers can increase or contract sometimes daily; five to 20 instances come online very week. The public cloud is the perfect vehicle to handle such fluctuations in bandwidth requirements.” For this multiple-agency project, the workloads that run in the public cloud are generated by:
■ SQL and Oracle databases
■ Imaging software, since a huge volume of documents need to be stored digitally for years
■ Agency- or contract-specific applications Small Team Able to Manage Security Across Hybrid Environment For this project, 95% of the security policies for the endpoints within the AWS public cloud are the same as for the company’s physical endpoints, but 5% are unique to the project.“We run a base set of policies for every project, to meet ISO requirements and so on, but with McAfee ePO software, we can easily add or customize policies to meet the security needs of each specific contract and project,”notes the system analyst. Thanks to the intuitive McAfee ePO management console, the company’s information security team of five, spread across three locations, can effectively and efficiently manage a host of McAfee solutions and even some non-McAfee solutions, across a widely dispersed physical and virtual infrastructure that includes private and public cloud. “As a small but dispersed team, we must have tools that work well together and enable us to work efficiently with one another,” says the system analyst.“McAfee ePO software is basically our eyes and ears across the entire environment. We use it for day-to- day management as well as to remediate threats quickly in conjunction with our McAfee SIEM.” Custom Reports and Automated Responses Speed Compliance and Resolution Using McAfee ePO software, the system analyst and his colleagues have also created customized reports and automated responses as an added cloud defense measure. “To us, whether the endpoint is in the public cloud or on premises, it doesn’t matter,” he says. “We use McAfee ePO software the same way, to manage as well as accelerate time to compliance and resolution.” For example, in McAfee ePO software, he created an agent access report, which runs frequently. The report details which endpoint agents are not reporting back on a regular basis. If an agent doesn’t respond within a set number of minutes—the number is set in the project contract—then the information security team will automatically be notified to investigate. The team also receives automatic notifications if file integrity monitoring queries discover that certain thresholds are reached, such as a user accessing an executable file a certain number of times within a certain number of minutes. “Full Speed Ahead” for AWS Expansion The government contractor has built a hardy, multilayered defense with a McAfee integrated security infrastructure backbone that protects its widely dispersed, hybrid environment and numerous, global government customers. With the addition of McAfee Cloud Workload Security, they have extended that defense and laid the foundation for securely leveraging the public cloud even more in the future, to the benefit of both the company and its customers.
“Now that we can extend robust security to the public cloud, it’s not a question of if we’ll put more projects in AWS, but how many,”says the system analyst.“It’s full speed ahead.”
“Adding the public cloud to our McAfee infrastructure was simple,” notes the system analyst. “We spun out the cloud side in less than a week. With McAfee ePO software, it was easy to implement McAfee Cloud Workload Security and set security policies for the project.” As part of the McAfee Cloud Workload Security solution, they deployed the Data Center Connector for AWS, Cloud Usage Metering, Data Protection for Cloud, Data Center Visualization, and Data Center Assessment components. With this functionality, the organization has end-to-end visibility into all cloud workloads and their underlying platforms and insights into weak security controls, unsafe firewall and encryption settings, and indicators of compromise (IoCs). In addition, the same McAfee Endpoint Security, which protects its physical and virtual endpoints, protects the company’s endpoints within the AWS cloud. Flexibility and Bandwidth to Accommodate Volatility in Server Volume The company’s first AWS-based project serves a handful of US federal government agencies with a combined total of 1,500 endpoints. As part of the project, the company created a web-based portal where authorized users from these agencies can review aspects of their program’s infrastructure, request changes, and exchange information. “Portal traffic is very fluid,” explains the system analyst. “The number of servers can increase or contract sometimes daily; five to 20 instances come online very week. The public cloud is the perfect vehicle to handle such fluctuations in bandwidth requirements.” For this multiple-agency project, the workloads that run in the public cloud are generated by:
■ SQL and Oracle databases
■ Imaging software, since a huge volume of documents need to be stored digitally for years
■ Agency- or contract-specific applications Small Team Able to Manage Security Across Hybrid Environment For this project, 95% of the security policies for the endpoints within the AWS public cloud are the same as for the company’s physical endpoints, but 5% are unique to the project.“We run a base set of policies for every project, to meet ISO requirements and so on, but with McAfee ePO software, we can easily add or customize policies to meet the security needs of each specific contract and project,”notes the system analyst. Thanks to the intuitive McAfee ePO management console, the company’s information security team of five, spread across three locations, can effectively and efficiently manage a host of McAfee solutions and even some non-McAfee solutions, across a widely dispersed physical and virtual infrastructure that includes private and public cloud. “As a small but dispersed team, we must have tools that work well together and enable us to work efficiently with one another,” says the system analyst.“McAfee ePO software is basically our eyes and ears across the entire environment. We use it for day-to- day management as well as to remediate threats quickly in conjunction with our McAfee SIEM.” Custom Reports and Automated Responses Speed Compliance and Resolution Using McAfee ePO software, the system analyst and his colleagues have also created customized reports and automated responses as an added cloud defense measure. “To us, whether the endpoint is in the public cloud or on premises, it doesn’t matter,” he says. “We use McAfee ePO software the same way, to manage as well as accelerate time to compliance and resolution.” For example, in McAfee ePO software, he created an agent access report, which runs frequently. The report details which endpoint agents are not reporting back on a regular basis. If an agent doesn’t respond within a set number of minutes—the number is set in the project contract—then the information security team will automatically be notified to investigate. The team also receives automatic notifications if file integrity monitoring queries discover that certain thresholds are reached, such as a user accessing an executable file a certain number of times within a certain number of minutes. “Full Speed Ahead” for AWS Expansion The government contractor has built a hardy, multilayered defense with a McAfee integrated security infrastructure backbone that protects its widely dispersed, hybrid environment and numerous, global government customers. With the addition of McAfee Cloud Workload Security, they have extended that defense and laid the foundation for securely leveraging the public cloud even more in the future, to the benefit of both the company and its customers.
“Now that we can extend robust security to the public cloud, it’s not a question of if we’ll put more projects in AWS, but how many,”says the system analyst.“It’s full speed ahead.”
SOMOS Educação, the largest K through 12 educational organization in Brazil, with more than 50 sites across Brazil, looked to McAfee for a robust, scalable endpoint security solution; simple, centralized management; and stronger protection for sensitive business and personal data.
SOMOS Educação/Customer Profile
- Incorporated in 2011, SOMOSEducação (SEDU3:BZ) is thelargest K through 12 group inBrazil. It has a broad portfolioof integrated educationalsolutions (textbooks, digitalproducts, and services) andalso administers proprietaryschools and preparatorycourses.
- Industry:Education
- IT Environment:3,000 nodes, 5,000 employees,50 sites
- Prevent both internal business data and personal data from being exfiltrated
- Reduce security management complexity in a distributed environment
- Find a security vendor that offers robust, integrated solutions and reliable support at an affordable price
- Accelerate threat detection and mitigation
- Raise security awareness among employees
- McAfee® Complete Endpoint Protection
- McAfee® DLP Endpoint
- McAfee® Drive Encryption
- McAfee® ePolicy Orchestrator® (McAfee ePO™)
- McAfee® Web Protection
- An integrated, single-vendor security architecture
- Centralized and scalable single-console management
- Comprehensive, full-coverage endpoint protection
- Improved protection for sensitive data
- Greater peace of mind for parents, students, schools, and employees
- Simplified deployment
Integrating McAfee® Advanced Threat Defense and the Bro open-source network security platform widens the scope of threat detection to include unmanaged devices
Multinational Software Company
- Large global software company
- Industry: Technology
- Environment: Fluid environment with up to 150,000 endpoints at any given time, many of them virtual, across 20 countries
- Protect against zero-day threats across extended global enterprise
- Shrink detection to remediation gap
- McAfee® Advanced Threat Defense
- McAfee® Complete Endpoint Threat Protection
- McAfee® ePolicy Orchestrator®
- McAfee® Threat Intelligence Exchange
- Accelerates time to protection, thanks to automation
- Augments threat reputation information shared across
- McAfee ePO softwaremanaged devices with information gleaned from incidents involving unmanaged devices
- Facilitates endpoint incident forensics and accelerates response
- Saves security operations time and hassle
With McAfee® Endpoint Security, McAfee Advanced Threat Defense, and McAfee Threat Intelligence Exchange, this CIO can focus on his main job, using technology tokeep his company thriving and to increase value for his company’s customers, notinformation security.
Challenges
Simplify security management for small information security team
Minimize impact of security on business end users
Keep organization secure, avoid unwanted appearances in the boardroom
McAfee Solution
- McAfee® Advanced ThreatDefense
- McAfee Complete Endpoint Threat Protection
- McAfee Endpoint Security
- McAfee ePolicy Orchestrator
- McAfee Threat Intelligence Exchange
- Elimination of ransomware
- Superior endpoint protection experience for both end users and administrators
- Ability to focus on business rather than security issues
- Trusted partnership with company focused solely on security
Description is not ready yet
HollyFrontier is a Fortune 500 independent refiner and distributor of petroleum products. The company operates six refineries—five in the middle of the US and one in Ontario, Canada. The company employs 3,500 people across 43 sites in the US, 16 in Canada, and a handful of locations in China and the United Kingdom.
Search for Better Endpoint Protection Leads to Revamped Security Architecture As part of an endpoint security review, HollyFrontier invited six leading vendors to make presentations in competition for the business. McAfee stood out from the other vendors with its integrated security strategy and attainable vision of a threat defense lifecycle that learns and adapts to meet changing requirements. “We agreed wholeheartedly with the McAfee® approach,” says Cybersecurity Engineer Phillip Fort, the main person responsible for HollyFrontier’s day-to-day security posture. “With the integrated McAfee ecosystem, our limited security team can automate a lot of security tasks. We can essentially do a lot more to protect our company a lot faster, without adding staff.” In addition to McAfee endpoint protection and its bundled McAfee ePolicy Orchestrator (McAfee ePO) central console, in just a few weeks, HollyFrontier deployed:
■ McAfee Network Security Platform intrusion prevention system (IPS) appliances.
■ McAfee Data Exchange Layer, the open-source fabric that connects security components to automate integration and real-time data exchange.
■ McAfee Threat Intelligence Exchange, which aggregates threat intelligence from local and global sources and shares file reputation information across McAfee Data Exchange Layer-connected systems.
■ McAfee Enterprise Security Manager and other components of the McAfee SIEM solution set.
■ McAfee Advanced Threat Defense sandboxing appliance. Within a year, the company also began deploying McAfee Endpoint Threat Defense and Response and McAfee Web Gateway. Infection Rate and Ransomware Reduced Dramatically HollyFrontier initially deployed the McAfee Complete Endpoint Threat Protection suite. However, because of “all the ransomware going around,” HollyFrontier was anxious to install McAfee Endpoint Security and its Dynamic Application Containment (DAC) functionality. When DAC encounters a file that does not have a trusted reputation or is unknown, it immediately quarantines the file before it can infect “patient zero.” Consequently, as soon as McAfee Endpoint Security became available, the company migrated the McAfee VirusScan® Enterprise portion of its endpoint protection suite to the McAfee Endpoint Security Threat Prevention module, first rolling out version 10.1, then upgrading to version 10.2, and upgrading again to version 10.5.
Although DAC initially blocked a few legacy applications that are still used, Fort was able to quickly create exclusions for those applications. “The McAfee Endpoint Security graphical user interface is very easy to use,” he notes.“Once I created the first couple exclusions, the rest were easy.” It didn’t take long for the biggest impact of the new endpoint protection framework to became evident. “After implementing McAfee Endpoint Security and DAC, our malware infection rate plummeted,” states Fort. “We used to have ransomware attacks each month, but we have had none since migrating to McAfee Endpoint Security and integrating it with McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense … Truthfully, I don’t have to deal with McAfee Endpoint Security very much—and that’s a good thing.” Results of Sandbox Analysis Automatically Shared Throughout Enterprise
As Fort contemplated the benefits of an integrated security platform prior to its implementation, the integration he was most excited about was that of the endpoint and other security components with the McAfee Advanced Threat Defense.
“McAfee Advanced Threat Defense does as much or more than other sandboxes, but its integration with other McAfee solutions is what makes it so incredibly powerful,” says Fort. “It immediately detects and contains a potentially malicious file on the endpoint, IPS, or gateway.
First it sends the file automatically to McAfee Advanced Threat Defense for analysis, and, if found malicious, the file is then automatically removed across the entire enterprise. That is truly transformative for our small security team,” states Fort. “It augments our own abilities and saves us a lot of time.” Every day a security analyst checks McAfee Advanced Threat Defense to review the list of files that the appliance has convicted as malicious. “Once an administrative assistant clicked on a phishing email,” explains Fort. “The IPS, McAfee Network Security Platform, blocked the suspicious file and sent it to McAfee Advanced Threat Defense, which determined that it was bad. The file appeared in the day’s list of convicted files, and we confirmed that it was indeed blocked and automatically entered in the McAfee Threat Intelligence Exchange reputation database shared throughout the enterprise.”
Periodically, the HollyFrontier security team runs assessments in which sample malware is put on a machine. “We then watch to make sure the malware shows up in McAfee Advanced Threat Defense and is removed from the host machine and blacklisted throughout the enterprise,” clarifies Fort. “It works every time—just as it’s supposed to.” Increasing Visibility and Facilitating Reporting with McAfee SIEM The desire for better visibility across the enterprise drove HollyFrontier to replace its aging SIEM with the McAfee SIEM technology. According to Fort, McAfee SIEM technology provides a much more complete security picture and widespread visibility across the network, which helps in countless ways. To cite just one example, a considerable number of users were becoming locked out as they tried to reset their passwords because they had failed to log off other machines. A security analyst simply entered the user ID in the McAfee SIEM system, and immediately could see exactly which machines a user was logged into, whether or not he was locked out, and whether he should have access—and then could reset passwords as necessary. “In that case and many more, McAfee Enterprise Security Manager technology saves us a lot of investigative time,” says Fort. The HollyFrontier security team also uses many out-of- the-box rules and alerts, as well as custom ones within the McAfee SIEM solution. “Even if we haven’t developed a custom rule, if I have just a little information on a security event, it is easy to drill down and do a search based on single or multiple variables to find as much additional information as I need,” explains Fort. The McAfee Enterprise Security Manager solution also makes reporting easier. For example, to produce a quarterly security review to upper management, Fort simply runs out-of-the-box executive reports created by the McAfee SIEM solution and McAfee Advanced Threat Defense from within McAfee ePO software.
Rapid Searching Saves Time, Eliminates Vulnerabilities Faster
According to Fort, before learning about the McAfee integrated security platform, he had “fallen in love” with an endpoint detection and response (EDR) product from another vendor. “When we looked at McAfee Endpoint Threat Defense and Response, however, we realized it did everything that other solution did,” he recalls. “It gives us all the information we ever wanted to know— really, really fast.” With the McAfee EDR software, the HollyFrontier security team can eradicate vulnerabilities much faster. If Fort learns of a vulnerability in a specific version of an application—for instance, in Microsoft Office 2013—he can use the McAfee Active Response search functionality to quickly and easily find out exactly how many desktops have that version or create a list of all endpoints with that version. It took less than a minute for one of Fort’s colleagues to find all versions of Adobe Acrobat in the enterprise recently and just a few more minutes to determine which endpoints required updating. After pushing out the update, he clicked to rerun the search to confirm that all the updates were successful.
“The rapid searching we can do using McAfee Active Response saves us a tremendous amount of time,” says Fort. “We used to manually maintain inventory spreadsheets of all the various applications and systems. Now we can run real-time reports in seconds, and everyone is confident they are correct.” Adding Hybrid Web Protection At a McAfee user conference, while Fort was singing the praises of McAfee Network Security Platform and McAfee Advanced Threat Defense to other attendees.
Many of the participants were raving about McAfee Web Gateway, claiming it was their favorite McAfee product, prompting Fort to investigate. He quickly became convinced that McAfee Web Gateway was worth the investment, even though the company had an adequate web gateway solution. In addition to being able to share threat information in near real time with the other McAfee Data Exchange Layer-connected security solutions, McAfee Web Gateway offers more granular control and the ability to deploy a hybrid environment managed from the same console.
As a result, HollyFrontier is in the process of deploying its first McAfee Web Gateway appliance and McAfee Web Gateway Cloud Service. HollyFrontier employees working from home or on the road will be protected by the same corporate web security policies as users at corporate locations. In addition, any malware detected by McAfee Web Gateway is sent immediately to McAfee Advanced Threat Defense, and its information is shared throughout the enterprise. Integration and Increased Protection Ease Security Administration “With the McAfee integrated security infrastructure and McAfee ePO software, I can manage just about everything through one pane of glass,” says Fort. “That alone makes administration so much easier, but so does increased protection. If there is an infection somewhere else in the world, thanks to McAfee Threat Intelligence Exchange, my network knows about it and is protected before the infection even reaches us. If, on the other hand, the malware is detected within our environment, it is immediately sent to McAfee Advanced Threat Defense for analysis, and the rest of the environment is automatically informed. We have reduced operational overhead dramatically while improving our security posture.”
Fort has not only been impressed with McAfee products and their integration with one another, but also with McAfee personnel. “Any time I need anything, I just call or email my McAfee Security Engineer, and he responds right away,” he notes. “McAfee Platinum Support is also extremely responsive. I can usually get the help I need within a couple of minutes. We learned early on that McAfee is a strategic security partner as well as a dependable one.”
Search for Better Endpoint Protection Leads to Revamped Security Architecture As part of an endpoint security review, HollyFrontier invited six leading vendors to make presentations in competition for the business. McAfee stood out from the other vendors with its integrated security strategy and attainable vision of a threat defense lifecycle that learns and adapts to meet changing requirements. “We agreed wholeheartedly with the McAfee® approach,” says Cybersecurity Engineer Phillip Fort, the main person responsible for HollyFrontier’s day-to-day security posture. “With the integrated McAfee ecosystem, our limited security team can automate a lot of security tasks. We can essentially do a lot more to protect our company a lot faster, without adding staff.” In addition to McAfee endpoint protection and its bundled McAfee ePolicy Orchestrator (McAfee ePO) central console, in just a few weeks, HollyFrontier deployed:
■ McAfee Network Security Platform intrusion prevention system (IPS) appliances.
■ McAfee Data Exchange Layer, the open-source fabric that connects security components to automate integration and real-time data exchange.
■ McAfee Threat Intelligence Exchange, which aggregates threat intelligence from local and global sources and shares file reputation information across McAfee Data Exchange Layer-connected systems.
■ McAfee Enterprise Security Manager and other components of the McAfee SIEM solution set.
■ McAfee Advanced Threat Defense sandboxing appliance. Within a year, the company also began deploying McAfee Endpoint Threat Defense and Response and McAfee Web Gateway. Infection Rate and Ransomware Reduced Dramatically HollyFrontier initially deployed the McAfee Complete Endpoint Threat Protection suite. However, because of “all the ransomware going around,” HollyFrontier was anxious to install McAfee Endpoint Security and its Dynamic Application Containment (DAC) functionality. When DAC encounters a file that does not have a trusted reputation or is unknown, it immediately quarantines the file before it can infect “patient zero.” Consequently, as soon as McAfee Endpoint Security became available, the company migrated the McAfee VirusScan® Enterprise portion of its endpoint protection suite to the McAfee Endpoint Security Threat Prevention module, first rolling out version 10.1, then upgrading to version 10.2, and upgrading again to version 10.5.
Although DAC initially blocked a few legacy applications that are still used, Fort was able to quickly create exclusions for those applications. “The McAfee Endpoint Security graphical user interface is very easy to use,” he notes.“Once I created the first couple exclusions, the rest were easy.” It didn’t take long for the biggest impact of the new endpoint protection framework to became evident. “After implementing McAfee Endpoint Security and DAC, our malware infection rate plummeted,” states Fort. “We used to have ransomware attacks each month, but we have had none since migrating to McAfee Endpoint Security and integrating it with McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense … Truthfully, I don’t have to deal with McAfee Endpoint Security very much—and that’s a good thing.” Results of Sandbox Analysis Automatically Shared Throughout Enterprise
As Fort contemplated the benefits of an integrated security platform prior to its implementation, the integration he was most excited about was that of the endpoint and other security components with the McAfee Advanced Threat Defense.
“McAfee Advanced Threat Defense does as much or more than other sandboxes, but its integration with other McAfee solutions is what makes it so incredibly powerful,” says Fort. “It immediately detects and contains a potentially malicious file on the endpoint, IPS, or gateway.
First it sends the file automatically to McAfee Advanced Threat Defense for analysis, and, if found malicious, the file is then automatically removed across the entire enterprise. That is truly transformative for our small security team,” states Fort. “It augments our own abilities and saves us a lot of time.” Every day a security analyst checks McAfee Advanced Threat Defense to review the list of files that the appliance has convicted as malicious. “Once an administrative assistant clicked on a phishing email,” explains Fort. “The IPS, McAfee Network Security Platform, blocked the suspicious file and sent it to McAfee Advanced Threat Defense, which determined that it was bad. The file appeared in the day’s list of convicted files, and we confirmed that it was indeed blocked and automatically entered in the McAfee Threat Intelligence Exchange reputation database shared throughout the enterprise.”
Periodically, the HollyFrontier security team runs assessments in which sample malware is put on a machine. “We then watch to make sure the malware shows up in McAfee Advanced Threat Defense and is removed from the host machine and blacklisted throughout the enterprise,” clarifies Fort. “It works every time—just as it’s supposed to.” Increasing Visibility and Facilitating Reporting with McAfee SIEM The desire for better visibility across the enterprise drove HollyFrontier to replace its aging SIEM with the McAfee SIEM technology. According to Fort, McAfee SIEM technology provides a much more complete security picture and widespread visibility across the network, which helps in countless ways. To cite just one example, a considerable number of users were becoming locked out as they tried to reset their passwords because they had failed to log off other machines. A security analyst simply entered the user ID in the McAfee SIEM system, and immediately could see exactly which machines a user was logged into, whether or not he was locked out, and whether he should have access—and then could reset passwords as necessary. “In that case and many more, McAfee Enterprise Security Manager technology saves us a lot of investigative time,” says Fort. The HollyFrontier security team also uses many out-of- the-box rules and alerts, as well as custom ones within the McAfee SIEM solution. “Even if we haven’t developed a custom rule, if I have just a little information on a security event, it is easy to drill down and do a search based on single or multiple variables to find as much additional information as I need,” explains Fort. The McAfee Enterprise Security Manager solution also makes reporting easier. For example, to produce a quarterly security review to upper management, Fort simply runs out-of-the-box executive reports created by the McAfee SIEM solution and McAfee Advanced Threat Defense from within McAfee ePO software.
Rapid Searching Saves Time, Eliminates Vulnerabilities Faster
According to Fort, before learning about the McAfee integrated security platform, he had “fallen in love” with an endpoint detection and response (EDR) product from another vendor. “When we looked at McAfee Endpoint Threat Defense and Response, however, we realized it did everything that other solution did,” he recalls. “It gives us all the information we ever wanted to know— really, really fast.” With the McAfee EDR software, the HollyFrontier security team can eradicate vulnerabilities much faster. If Fort learns of a vulnerability in a specific version of an application—for instance, in Microsoft Office 2013—he can use the McAfee Active Response search functionality to quickly and easily find out exactly how many desktops have that version or create a list of all endpoints with that version. It took less than a minute for one of Fort’s colleagues to find all versions of Adobe Acrobat in the enterprise recently and just a few more minutes to determine which endpoints required updating. After pushing out the update, he clicked to rerun the search to confirm that all the updates were successful.
“The rapid searching we can do using McAfee Active Response saves us a tremendous amount of time,” says Fort. “We used to manually maintain inventory spreadsheets of all the various applications and systems. Now we can run real-time reports in seconds, and everyone is confident they are correct.” Adding Hybrid Web Protection At a McAfee user conference, while Fort was singing the praises of McAfee Network Security Platform and McAfee Advanced Threat Defense to other attendees.
Many of the participants were raving about McAfee Web Gateway, claiming it was their favorite McAfee product, prompting Fort to investigate. He quickly became convinced that McAfee Web Gateway was worth the investment, even though the company had an adequate web gateway solution. In addition to being able to share threat information in near real time with the other McAfee Data Exchange Layer-connected security solutions, McAfee Web Gateway offers more granular control and the ability to deploy a hybrid environment managed from the same console.
As a result, HollyFrontier is in the process of deploying its first McAfee Web Gateway appliance and McAfee Web Gateway Cloud Service. HollyFrontier employees working from home or on the road will be protected by the same corporate web security policies as users at corporate locations. In addition, any malware detected by McAfee Web Gateway is sent immediately to McAfee Advanced Threat Defense, and its information is shared throughout the enterprise. Integration and Increased Protection Ease Security Administration “With the McAfee integrated security infrastructure and McAfee ePO software, I can manage just about everything through one pane of glass,” says Fort. “That alone makes administration so much easier, but so does increased protection. If there is an infection somewhere else in the world, thanks to McAfee Threat Intelligence Exchange, my network knows about it and is protected before the infection even reaches us. If, on the other hand, the malware is detected within our environment, it is immediately sent to McAfee Advanced Threat Defense for analysis, and the rest of the environment is automatically informed. We have reduced operational overhead dramatically while improving our security posture.”
Fort has not only been impressed with McAfee products and their integration with one another, but also with McAfee personnel. “Any time I need anything, I just call or email my McAfee Security Engineer, and he responds right away,” he notes. “McAfee Platinum Support is also extremely responsive. I can usually get the help I need within a couple of minutes. We learned early on that McAfee is a strategic security partner as well as a dependable one.”
Ariel Picans, technology risk manager at Banco Delta, is responsible for overseeing the security posture of 400 endpoints and safeguarding the assets that reside both within the perimeter of the organization and in the cloud, ensuring that sensitive financial information, databases, and documents are secured against known and emerging threats. Once a year, Picans and his team conduct security checks and assessments of the infrastructure, creating vulnerability tests using various methods to make sure that alerts and filters are functioning properly.
Over the years, Picans has been building out Banco Delta’s security infrastructure with solutions that, in his words, “add value and protect the bank’s environment from future attacks.” As a long-time McAfee customer,
Banco Delta was looking to upgrade to deepen and broaden protections and further simplify and consolidate security management. Additionally, Picans wanted to make sure that the bank was implementing the security controls required by compliance regulations and could provide detailed reports at audit time. McAfee Solutions Expand Security Options at Banco Delta Picans has always appreciated the advantages of the single-vendor, integrated approach offered by McAfee. Positive reviews from industry analysts like Gartner and Forrester, along with streamlined management, support, and communications prompted him to continue down the same path and explore the latest McAfee innovations, particularly McAfee® Endpoint Security 10.5 and McAfee ePO 5.9.1 software. Several years ago, Picans and his team relied on McAfee® VirusScan® Enterprise for strong antivirus and anti- malware. When he learned about McAfee Endpoint Security, Picans was impressed with the solution’s multilayered protection and made a decision to upgrade as a way of protecting Banco Delta against rapidly evolving threats. The solution provides not only antivirus but also encryption and integration with data loss prevention (DLP). McAfee Endpoint Security in collaboration with McAfee ePO software, McAfee® DLP Endpoint, the McAfee Network DLP solution, and McAfee® Network Security Platform enables him to create and enforce strict data access policies for devices both within and outside the four walls of the bank. The McAfee® Web Gateway appliance is also part of the ecosystem, using a host of techniques to analyze all web traffic and offering protection against malware and malicious code hidden through encryption.
To round out Banco Delta’s security infrastructure, Picans added McAfee® Enterprise Security Manager, a security and events management (SIEM) solution that integrates with all of the bank’s solutions. It uses advanced analytics to give Picans and his team context and to enable them to prioritize threats and assess risks. McAfee Enterprise Security Manager also centralizes and automates compliance monitoring and reporting, with pre-built dashboards, audit trails, and reports for more than 240 global regulations. “We migrated to McAfee Endpoint Security because it has opened up a wide gamut of options, all managed by a single console and a single agent. We’ve taken maximum advantage of this tool and have experienced very positive results. For all these reasons, we trust and count on McAfee security technology,” says Picans. A Collaborative Ecosystem with McAfee ePO at the Helm Since the upgrades, Picans has observed a noticeable reduction in both infections and in potentially compromising user behavior. The integration of McAfee® Threat Intelligence Exchange extends another layer of protection and speeds detection and response across the bank’s entire environment. McAfee Threat Intelligence Exchange shares threat intelligence from third-party sources and locally collected intelligence with other McAfee and third-party security solutions via the Data Exchange Layer (DXL) communications fabric. As Picans points out, all of the McAfee solutions in the bank’s integrated ecosystem can act immediately on this intelligence and swiftly block or quarantine threats. Banco Delta made a decision to add McAfee Threat Intelligence to its arsenal when Picans and his team detected an increase in usage of unauthorized applications. “Because of this, we needed a tool that provides information on whitelisted and a blacklisted applications. McAfee Threat Intelligence is the perfect solution because it provides us with visibility across the whole organization,” he says. Now Picans can customize data for his organization— including blacklists and whitelists of applications.
Reports generated by the McAfee ePO console provide an overview of executed applications—both authorized and unauthorized. This allows him to see whether somebody has been engaged in malicious or unauthorized activities. Picans and his team simply configure McAfee Threat Intelligence, let it run, and check reports on a daily basis. McAfee Solutions Keep Advanced Threats in Check and Prevent Disruption As the management hub for Banco Delta’s McAfee solutions, McAfee ePO software is integral to security operations. Picans relies on McAfee ePO software to ensure that every endpoint has antivirus and encryption, updated .DATs, and more. Picans and his team can also pull reports from the McAfee ePO dashboard with details like analysis and classification of malware by type, blocked malware, and devices that are most vulnerable to attack. Picans consolidates this information and provides the bank’s executive committee with a comprehensive view of
Banco Delta’s risk profile every month. He also finds this data useful for trend analysis. “The main benefit of this collaborative approach has been the reduction of the advanced malware and ransomware attacks that have been in circulation recently. Thanks to McAfee ePO software and our other McAfee solutions, we’ve been able to carry on without disruption, while other organizations have suffered from data breaches, putting their day-to-day operations at risk,” explains Picans. To protect against today’s continually morphing threats, Picans deployed McAfee® Advanced Threat Defense.
McAfee Advanced Threat Defense combines multiple powerful technologies—in-depth static code analysis, dynamic analysis through sandboxing, and machine learning—to help the bank accelerate detection of zero-day malware, evasive threats, and ransomware. In the first month of deployment at Banco Delta, McAfee Advanced Threat Defense proved its value by intercepting Locky, a prolific and persistent strain of ransomware that continues to reappear with new variants. Picans also uses McAfee Advanced Threat Defense to support security investigations. He points out that it has detected several malicious archives that were missed by solutions from other vendors. Picans submits these malware samples to McAfee Advanced Threat Defense to derive insights on indicators of compromise, which help him gain a better understanding of highly camouflaged threats. Since deploying these McAfee solutions, Picans has seen a significant reduction in attacks and data loss. Additionally, the integrated and connected McAfee ecosystem, with its single-console management through McAfee ePO software, has resulted in notable operational efficiencies as compared to a multivendor environment. “When you have a collection of unintegrated products with multiple management consoles, you need more people, and they need additional, highly specific training. McAfee has reduced the need for hiring additional personnel,” he affirms. “Plus, with its modular, centrally managed system, McAfee opens up a world of possibilities.” Stepping Up Security Across On-Premises, Virtualized, and Cloud Environments McAfee® Cloud Workload Security (CWS) will help increase Banco Delta’s visibility to elastic workloads in the public cloud and AWS (Amazon Web Service)/ VMware environments and will provide an integrated defense against advanced attacks. CWS with AWS is an example of how we can forge forward fearlessly in the cloud. McAfee® MOVE AntiVirus currently offers optimized security for virtualized desktops and servers. “I know that, with McAfee, I can count on having the same level of security in the cloud and in virtualized environments as we have on premises,” he notes. The bank currently has plans in the works to provide cloud-based services and applications for both external clients and internal stakeholders. When Banco Delta fully launches these cloud services, Picans and his team will be responsible for making sure all communications and data are encrypted and secure. For example, it will be really important to reassure the sales department that their information won’t be exposed and will be monitored regularly and that the bank’s databases won’t be compromised. “McAfee protects everything that’s online—not just within the network perimeter. The company’s advancements in cloud security and other innovations speak for themselves. It shows that McAfee is truly concerned about protecting its customers and that it strives to stay current with new technology trends and the evolving threat landscape,” summarizes Picans.
Banco Delta was looking to upgrade to deepen and broaden protections and further simplify and consolidate security management. Additionally, Picans wanted to make sure that the bank was implementing the security controls required by compliance regulations and could provide detailed reports at audit time. McAfee Solutions Expand Security Options at Banco Delta Picans has always appreciated the advantages of the single-vendor, integrated approach offered by McAfee. Positive reviews from industry analysts like Gartner and Forrester, along with streamlined management, support, and communications prompted him to continue down the same path and explore the latest McAfee innovations, particularly McAfee® Endpoint Security 10.5 and McAfee ePO 5.9.1 software. Several years ago, Picans and his team relied on McAfee® VirusScan® Enterprise for strong antivirus and anti- malware. When he learned about McAfee Endpoint Security, Picans was impressed with the solution’s multilayered protection and made a decision to upgrade as a way of protecting Banco Delta against rapidly evolving threats. The solution provides not only antivirus but also encryption and integration with data loss prevention (DLP). McAfee Endpoint Security in collaboration with McAfee ePO software, McAfee® DLP Endpoint, the McAfee Network DLP solution, and McAfee® Network Security Platform enables him to create and enforce strict data access policies for devices both within and outside the four walls of the bank. The McAfee® Web Gateway appliance is also part of the ecosystem, using a host of techniques to analyze all web traffic and offering protection against malware and malicious code hidden through encryption.
To round out Banco Delta’s security infrastructure, Picans added McAfee® Enterprise Security Manager, a security and events management (SIEM) solution that integrates with all of the bank’s solutions. It uses advanced analytics to give Picans and his team context and to enable them to prioritize threats and assess risks. McAfee Enterprise Security Manager also centralizes and automates compliance monitoring and reporting, with pre-built dashboards, audit trails, and reports for more than 240 global regulations. “We migrated to McAfee Endpoint Security because it has opened up a wide gamut of options, all managed by a single console and a single agent. We’ve taken maximum advantage of this tool and have experienced very positive results. For all these reasons, we trust and count on McAfee security technology,” says Picans. A Collaborative Ecosystem with McAfee ePO at the Helm Since the upgrades, Picans has observed a noticeable reduction in both infections and in potentially compromising user behavior. The integration of McAfee® Threat Intelligence Exchange extends another layer of protection and speeds detection and response across the bank’s entire environment. McAfee Threat Intelligence Exchange shares threat intelligence from third-party sources and locally collected intelligence with other McAfee and third-party security solutions via the Data Exchange Layer (DXL) communications fabric. As Picans points out, all of the McAfee solutions in the bank’s integrated ecosystem can act immediately on this intelligence and swiftly block or quarantine threats. Banco Delta made a decision to add McAfee Threat Intelligence to its arsenal when Picans and his team detected an increase in usage of unauthorized applications. “Because of this, we needed a tool that provides information on whitelisted and a blacklisted applications. McAfee Threat Intelligence is the perfect solution because it provides us with visibility across the whole organization,” he says. Now Picans can customize data for his organization— including blacklists and whitelists of applications.
Reports generated by the McAfee ePO console provide an overview of executed applications—both authorized and unauthorized. This allows him to see whether somebody has been engaged in malicious or unauthorized activities. Picans and his team simply configure McAfee Threat Intelligence, let it run, and check reports on a daily basis. McAfee Solutions Keep Advanced Threats in Check and Prevent Disruption As the management hub for Banco Delta’s McAfee solutions, McAfee ePO software is integral to security operations. Picans relies on McAfee ePO software to ensure that every endpoint has antivirus and encryption, updated .DATs, and more. Picans and his team can also pull reports from the McAfee ePO dashboard with details like analysis and classification of malware by type, blocked malware, and devices that are most vulnerable to attack. Picans consolidates this information and provides the bank’s executive committee with a comprehensive view of
Banco Delta’s risk profile every month. He also finds this data useful for trend analysis. “The main benefit of this collaborative approach has been the reduction of the advanced malware and ransomware attacks that have been in circulation recently. Thanks to McAfee ePO software and our other McAfee solutions, we’ve been able to carry on without disruption, while other organizations have suffered from data breaches, putting their day-to-day operations at risk,” explains Picans. To protect against today’s continually morphing threats, Picans deployed McAfee® Advanced Threat Defense.
McAfee Advanced Threat Defense combines multiple powerful technologies—in-depth static code analysis, dynamic analysis through sandboxing, and machine learning—to help the bank accelerate detection of zero-day malware, evasive threats, and ransomware. In the first month of deployment at Banco Delta, McAfee Advanced Threat Defense proved its value by intercepting Locky, a prolific and persistent strain of ransomware that continues to reappear with new variants. Picans also uses McAfee Advanced Threat Defense to support security investigations. He points out that it has detected several malicious archives that were missed by solutions from other vendors. Picans submits these malware samples to McAfee Advanced Threat Defense to derive insights on indicators of compromise, which help him gain a better understanding of highly camouflaged threats. Since deploying these McAfee solutions, Picans has seen a significant reduction in attacks and data loss. Additionally, the integrated and connected McAfee ecosystem, with its single-console management through McAfee ePO software, has resulted in notable operational efficiencies as compared to a multivendor environment. “When you have a collection of unintegrated products with multiple management consoles, you need more people, and they need additional, highly specific training. McAfee has reduced the need for hiring additional personnel,” he affirms. “Plus, with its modular, centrally managed system, McAfee opens up a world of possibilities.” Stepping Up Security Across On-Premises, Virtualized, and Cloud Environments McAfee® Cloud Workload Security (CWS) will help increase Banco Delta’s visibility to elastic workloads in the public cloud and AWS (Amazon Web Service)/ VMware environments and will provide an integrated defense against advanced attacks. CWS with AWS is an example of how we can forge forward fearlessly in the cloud. McAfee® MOVE AntiVirus currently offers optimized security for virtualized desktops and servers. “I know that, with McAfee, I can count on having the same level of security in the cloud and in virtualized environments as we have on premises,” he notes. The bank currently has plans in the works to provide cloud-based services and applications for both external clients and internal stakeholders. When Banco Delta fully launches these cloud services, Picans and his team will be responsible for making sure all communications and data are encrypted and secure. For example, it will be really important to reassure the sales department that their information won’t be exposed and will be monitored regularly and that the bank’s databases won’t be compromised. “McAfee protects everything that’s online—not just within the network perimeter. The company’s advancements in cloud security and other innovations speak for themselves. It shows that McAfee is truly concerned about protecting its customers and that it strives to stay current with new technology trends and the evolving threat landscape,” summarizes Picans.
After Microsoft stopped developing its Forefront TMG product, many users of this solution had to start the replacement search process. Among such clients was ProCredit Bank. The bank was faced with the task of integrating a new proxy server. And in the summer of 2013, ProCredit Bank specialists carried out comparative testing of the leading solutions of this market with partial involvement of ISSP, a specialized expert integrator of information security systems. The test resulted in a choice in favor of McAfee Web Gateway.
ISSP was also involved in providing implementation services and customizing McAfee Content Security Suite (McAfee Web Gateway module), which performed well during testing, demonstrating high competencies and extensive experience with McAfee products.
Implementing an Internet access protection gateway consisted of the migration of the existing proxy server settings from Microsoft ISA to McAfee Web Gateway and the configuration of new features.
ISSP, in conjunction with specialists from the Bank’s Information Technology Department, established and configured basic filters — authentication, access to important resources of the Bank, filtering data types, and checked the correctness of the changes made.
Additionally, the reporting server was configured and the proxy server was integrated with the configuration backup system. The specialists of both companies managed to integrate McAfee Web Gateway in such a way as to minimize changes in the existing infrastructure of the Ban
Description is not ready yet
Description is not ready yet