Categories
Problems that solves
No IT security guidelines
Unauthorized access to corporate IT systems and data
Risk or Leaks of confidential information
Malware infection via Internet, email, storage devices
Risk of attacks by hackers
Risk of data loss or damage
Risk of lost access to data and IT systems
Non-compliant with IT security requirements
Customer fraud
Values
Reduce Costs
Ensure Security and Business Continuity
Ensure Compliance
About Product
Description
McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.
McAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.
Advanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:
- Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.
- User interactive mode: Enables analysts to interact directly with malware samples.
- Extensive unpacking capabilities: Reduces investigation time from days to minutes.
- Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
- Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
- Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.
- Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.
Scheme of work
Competitive products
Deployments with this product
User features
Roles of Interested Employees
Chief Information Officer
Chief IT Security Officer
IT Security and Risk Management
Organizational Features
Internet access is available for employees
GDPR Compliance