McAfee Advanced Threat Defense

McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network. McAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights. Advanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:

• Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.
• User interactive mode: Enables analysts to interact directly with malware samples.
• Extensive unpacking capabilities: Reduces investigation time from days to minutes.
• Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
• Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
• Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.
• Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.

Flexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.