McAfee Active Response - Comprehensive endpoint detection and response. McAfee Active Response delivers continuous detection of and response to advanced security threats to help security practitioners monitor security posture, improve threat detection, and expand incident response capabilities through forward-looking discovery, detailed analysis, forensic investigation, comprehensive reporting, and prioritized alerts and actions.
McAfee Active Response is proof of the effectiveness of the integrated McAfee security architecture, which is designed to resolve more threats faster and with fewer resources in a more complex world. McAfee Active Response gives you continuous visibility and powerful insights into your endpoints so you can identify breaches faster. And it provides you with the tools you need to correct issues faster and in the way that makes the most sense for your business. All of this power is managed via McAfee® ePolicy Orchestrator® (McAfee ePO™) software leveraging McAfee Data Exchange Layer—this provides unified scalability and extensibility without the need for incremental staff to administer the product.

Key Advantages

• Automated: Capture and monitor context and system state for changes that may be IoAs, as well as find dormant attack components, and send intelligence to analytics, operations, and forensic teams.

• Adaptable: When alerted, you can adjust to changes in attack methodologies; automate data collection, alerts, and responses to objects of interest; and customize your configuration to customer workflows.

• Continuous: Persistent collectors activate triggers on detection of attack events, alerting you and your systems to attack activity that you

McAfee Advanced Threat Defense enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and exposeevasive threats. Tight integration between security solutions — from network and endpoint to investigation — enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network. McAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyze actual behavior. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behavior and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defense specifically looks for malicious indicators that have been identified through machine learning via a deep neural network. Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights. Advanced capabilities support investigation McAfee Advanced Threat Defense offers numerous, advanced capabilities including:

• Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.
• User interactive mode: Enables analysts to interact directly with malware samples.
• Extensive unpacking capabilities: Reduces investigation time from days to minutes.
• Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
• Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
• Detailed reports: Provide critical information for investigation including MITRE ATT&CK mapping, disassembly output, memory dumps, graphical function call diagrams, embedded or dropped file information, user API logs, and PCAP information. Threat time lines help visualize attack execution steps.
• Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defense for inspection.

Flexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace.

 McAfee® Cloud Workload Security (McAfee® CWS) automates the discovery and defense of elastic workloads and containers to eliminate blind spots, deliver advanced threat defense, and simplify multicloud management. McAfee provides protection that makes it possible for a single, automated policy to effectively secure your workloads as they transition through your virtual private, public, and multicloud environments, enabling operational excellence for your cybersecurity teams. Automate discovery and deployment Continuous workload discovery gives you a centralized perspective of all instances across your Amazon Web Services (AWS), Microsoft Azure, and VMware accounts, while automation templates ensure your workloads are protected from the start. Visualize and control network threats Traditional perimeter-based security doesn’t work across hybrid workloads due to their amorphous and decentralized nature. Cloud-native network visualization, prioritized risk alerting, and micro-segmentation deliver awareness and control to prevent both lateral attacks in the data center and external threats Defend workloads against advanced attacks Integrated countermeasures spanning machine learning, application containment, virtual machine-optimized anti-malware, whitelisting, file integrity monitoring, and micro-segmentation, protect workloads from threats like ransomware and targeted attacks. Simplify cloud security management A single-pane console consolidates security policy and management across physical endpoints, servers, virtual servers and desktops, and hybrid and multi-cloud environments. Isolation allows you to use micro-segmentation to quarantine workloads and containers with a single click. SECURITY BUILD FOR THE CLOUD Cloud and DevOps integration McAfee Cloud Workload Security works directly with AWS, Microsoft Azure, and VMware environments to provide continuous visibility, while delivering deployment automation through common DevOps tool support (Chef, Puppet, and shell scripts). Optimized for virtual workloads Leverage advanced host-based workload defense optimized specifically for virtual instances to avoid resource storms that can strain underlying infrastructure.

Cloud-native network control With increased awareness and control of your cloud workloads you can prevent both lateral attacks in the data center and external threats.

Cloud provider direct integration Additional capabilities are enabled through direct integration with cloud providers such as AWS. For example, AWS GuardDuty alerts integrate directly into McAfee ePO, displaying network connections, port probes, and DNS requests for EC2 instances. McAfee Cloud Workload Security:

• McAfee Cloud Workload Security Basic

• McAfee Cloud Workload Security Essentials

• McAfee Cloud Workload Security Advanced

Secure your confidential data with an enterprise-grade security solution that is FIPS 140-2 and Common Criteria EAL2+ certified, and accelerated with the Intel® Advanced Encryption Standard—New Instructions (Intel AES-NI) set. McAfee Complete Data Protection uses drive encryption combined with strong access control via two-factor pre-boot authentication to prevent unauthorized access to confidential data on endpoints, including desktops, virtual desktop infrastructure (VDI) workstations, laptops, Microsoft Windows tablets, USB drives, and more.
Key Features
■    Drive encryption
■    File and removable media protection
■    Management of native encryption

Key Advantages
■    Stop data loss initiated by sophisticated malware that hijacks sensitive and personal information.
■    Secure data when it’s stored on desktops, laptops, tablets, and cloud storage.
■    Manage Apple FileVault and Microsoft BitLocker native encryption on endpoints directly from McAfee ePO software.
■    Communicate with and take control of your endpoints at the hardware level, whether  they are powered off, disabled, or encrypted to halt desk-side visits and endless helpdesk calls due to security incidents, outbreaks, or forgotten encryption passwords.
■    Prove compliance with advanced reporting and auditing capabilities and monitor events and generate detailed reports that show auditors and other stakeholders your compliance with internal and regulatory privacy requirements.

Core endpoint protection McAfee Complete Endpoint Threat Protection includes anti-malware, firewall, device control, and email and web security. Powered by machine learning With integrated machine learning and dynamic application containment, detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data Easy-to-read reports help you make the move from responding to outbreaks to investigating and hardening your defenses. An adaptable security framework McAfee Complete Endpoint Threat Protection is built using an extensible framework, so you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve. Integrated, advanced threat defenses built with productivity in mind Automate advanced threat defenses Stay ahead of threats with reputation analysis and machine learning that evolves to pinpoint and streamline responses to zero-day threats by automatically stopping and containing greyware, ransomware, and other advanced threats. Reduce security complexity Eliminate multiple security management consoles and user interfaces. One console provides a single pane of glass to manage your environment so you can rapidly ramp up deployments and leverage cross-platform policies for Windows, Mac, and Linux environments. Build a flexible and collaborative security framework Ensure your defenses work together to defeat threats and provide actionable threat forensics. Our purpose-built framework connects multiple defenses and allows for easy adoption of new advanced security technologies as the threat landscape changes. System requirements McAfee Complete Endpoint Threat Protection is a suite that is supported on Windows, Mac, and Linux systems. For complete technical specifications for all of the products included in this suite, please review the minimum system requirements.

McAfee Complete Endpoint Threat Protection provides advanced defenses that investigate, contain, and provide actionable insights to combat zero-day threats and sophisticated attacks.

Core endpoint protection, including anti-malware, firewall, device control, email and web security works together with machine learning and dynamic application containment to detect zero-day threats in near real time, and classify and halt them before they can execute on your systems. Actionable forensic data and easy-to-read reports keep you informed and help you make the move from responding to outbreaks, to investigating and hardening your defenses. And, because McAfee Complete Endpoint Threat Protection is built using an extensible framework, you can add other advanced threat defenses with ease as your security needs and the threat landscape evolve.

McAfee Email Gateway consolidates inbound threat protection, outbound data loss prevention, encryption, advanced compliance, and administration into a single, easy-to-deploy and user-friendly appliance. As a comprehensive email security solution, Email Gateway can stand alone or work in tandem with McAfee SaaS Email Protection & Continuity. It eliminates ineffective piecemeal defenses, simplifies multivendor security environments, and reduces operating costs — while significantly strengthening email security. Email Gateway delivers: Total inbound protection — Email Gateway provides the most complete protection available against inbound threats. Powerful antispam scanning technologies identify and block incoming spam with over 99% accuracy. And it protects your network from viruses, malware, phishing, directory harvest, denial of service (DoS), bounceback attacks, zero-hour threats, and spam surges. Total outbound protection — Available at no extra charge are push, pull, and TLS encryption and built-in data loss prevention (DLP) capabilities that utilize the same text-matching dictionaries found in McAfee Data Loss Prevention. These DLP capabilities are fully administrable from the Email Gateway user interface or McAfee ePolicy Orchestrator (ePO). Using sophisticated content-scanning technologies, multiple encryption techniques, and granular, policy-based message handling, Email Gateway prevents outbound data loss and keeps sensitive data secure. Simple, powerful administration from within McAfee ePO — With Email Gateway, administrators can deliver superior email protection and document it with customizable, enterprise-class reporting, exportable report logs, real-time dashboards, and alerts. Email Gateway combines performance, scalability, and stability with a flexible delivery model to ensure maximum ROI. A virtualized solution — The Email Gateway appliance is also available as a virtual appliance, so you can reap the benefits of virtualization. With lower costs than a physical appliance, a virtual appliance also provides maximum flexibility, including the ability to consolidate solutions on a single server. Enhanced security powered by McAfee Global Threat Intelligence (GTI) — McAfee GTI is a comprehensive cloud-based threat intelligence service. Integrated into McAfee security products, it works in real time, 24 hours a day, to protect customers against cyberthreats across all vectors — file, web, message, and network. McAfee GTI offers the broadest threat data, most robust data correlation, and most complete product integration in the industry. McAfee’s GTI network allows enabled products to evaluate threats on multiple vectors in real time, leading to faster identification of threats and higher capture rates. Email Gateway uses the message reputation service to identify email messages carrying malicious payloads.

Обеспечение всесторонней защиты конечных точек Вы сможете защитить от угроз системы, данные, электронную почту, веб-трафик и сети. Средства защиты от вредоносных программ в режиме реального времени позволяют блокировать вирусы, троянских коней, червей, рекламные, шпионские и другие потенциально нежелательные программы. Обеспечение безопасности и нормативно-правового соответствия систем Использование централизованного механизма управления и аудита на основе политик позволяет повысить надежность защиты. Обеспечение комплексного контроля над устройствами Мониторинг и ограничение копирования данных на съемные устройства и носители позволяет упреждать утечки данных и обеспечивать сохранность конфиденциальной информации. Скорость и легкость развертывания Наличие единой консоли централизованного управления позволяет устанавливать средства защиты за считанные минуты всего несколькими щелчками мышью, а также обеспечивать более подробный сбор информации о происходящем и более эффективный контроль над средствами защиты и мерами обеспечения нормативно-правового соответствия. Оптимизация процессов управления защитой конечных точек Блокирование угроз «нулевого дня» Интегрированная в данное решение технология McAfee Host Intrusion Prevention for Desktop обеспечивает защиту от новых уязвимостей и сокращает необходимость срочной установки исправлений. Контроль за использованием сети Интернет Администраторы могут ограничивать доступ пользователей, находящихся в корпоративной сети и вне ее, к веб-сайтам неуместного содержания и запрещать запуск нежелательных программ на системах путем блокирования приложений. Автоматизация выполнения требований политик McAfee Policy Auditor позволяет интегрировать отчеты о соответствии требованиям стандартов HIPAA, PCI и других нормативно-правовых документов. Требования к системе Комплект McAfee Endpoint Protection — Advanced Suite поддерживается в операционных системах Windows и Mac.

Advanced, consolidated endpoint defense McAfee Endpoint Security delivers industry-leading protection and operational simplicity for your diverse endpoint environment. Core threat prevention Essential anti-virus, exploit prevention, firewall, and web control communicate with each other. Machine learning State-of-the art techniques identify malicious code based on appearance and behavior. Application containment Limit the impact of suspicious files and zero-day malware by blocking behaviors and containing them before they can infect or spread in your environment. Endpoint detection and response Our integrated, automated, and adaptable endpoint detection and response (EDR) technology is easy to use and makes incident response as simple as a single click. Product features

• Centralized management. The McAfee ePolicy Orchestrator management console can be deployed on premises or in the cloud. It provides greater visibility, simplifies operations, boosts IT productivity, unifies security, and reduces costs.
• Advanced anti-malware protection. Our anti-malware engine is continually updated by McAfee Global Threat Intelligence and works efficiently across multiple operating systems.
• Machine learning analysis. Detect zero-day threats in near real time by examining how they look and behave to halt threats designed to evade detection.
• Dynamic application containment. Defend against ransomware and greyware by securing endpoints that are leveraged as entry points for attacks.
• Proactive web security. Ensure safe browsing with web protection and filtering for endpoints.
• Actionable threat forensics. Quickly see where infections are, why they are occurring, and the length of exposure to understand the threat and react more quickly.

McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.

As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.

Advanced threat intelligence

Get actionable information on all collected events with contextual information, such as vendor threat feeds and shared indicators of compromise (IOC), to deliver prioritized, actionable information in minutes.

Critical facts in minutes, not hours

Store billions of events and flows, keeping information available for immediate ad hoc queries, forensics, rules validation, and compliance. Access long-term event data storage to investigate attacks, search for indications of advanced persistent threats (APTs) or IOC, and remediate a failed compliance audit.

Optimize security management and operations

Centralize the view of your organization’s security posture, compliance status, and prioritized security issues that require investigation. Access hundreds of reports, views, rules, alerts, and dashboards.

McAfee ePolicy Orchestrator (McAfee ePO) is the advanced, extensible, and scalable centralized security management software. Get a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks.   Simplify security operations with streamlined workflows for proven efficiencies. Flexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO. Leverage your existing third-party IT infrastructure from a single security management console with our extensible architecture. Quick deployment for maximum efficiency Deploy quickly and easily Ensure broad-based security and risk management solutions work together to reduce security gaps and complexity. Single agent deployment and customizable policy enforcement secure your environment quickly. Gain efficiencies Streamline security and compliance workflows with automations and a personalized workspace. McAfee ePO offers an enterprise-class security management architecture that scales for organizations of all sizes, significantly reducing the number of servers to deploy. Future-proof your security infrastructure Protect your organization from today’s—and tomorrow’s—threats. Real-time threat intelligence from McAfee Labs proactively guards your infrastructure. The open platform facilitates rapid adoption of security innovations as new threat categories emerge.

McAfee MVISION Cloud is a cloud access security broker (CASB) that protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It’s cloud-native data security. Detect Gain complete visibility into data, context, and user behavior across all cloud services, users, and devices. Protect Apply persistent protection to sensitive information wherever it goes inside or outside the cloud. Correct Take real-time actions deep within cloud services to correct policy violations and stop security threats. Featured McAfee MVISION Cloud products

• McAfee MVISION Cloud for Office 365
• McAfee MVISION Cloud for AWS
• McAfee MVISION Cloud for Box
• McAfee MVISION Cloud for Salesforce
• McAfee MVISION Cloud for Azure
• McAfee MVISION Cloud for Shadow IT

Avoid the high-volume, fatigue-inducing approach of traditional EDR solutions! McAfee MVISION Endpoint Detection and Response (EDR) helps you get ahead of modern threats with AI-guided investigations that surface relevant risks and automate and remove the manual labor of gathering and analyzing evidence. Reduce alert noise Gain visibility into emerging threats with continuous monitoring of endpoint activity, detect suspicious behavior, make sense of high-value data, and understand context. Analysts can quickly prioritize threats for action and minimize disruption from threats. Do more with existing resources Security expertise is in short supply. Guided investigation automatically asks and answers questions while gathering, summarizing, and visualizing evidence from multiple sources to mount a more resilient defense and minimize the impact of breaches. While analysts go through guided investigations, they are constantly learning and fine-tuning their skills, reducing the need for additional SOC resources. Low-maintenance cloud solution Cloud-based deployment and analytics lets your skilled analysts focus on strategic defense — freeing them from tedious tool maintenance and fire drills. Users can leverage their existing McAfee ePolicy Orchestrator (McAfee ePO) on-premises management platform or SaaS-based McAfee MVISION ePO to reduce infrastructure maintenance. Either way, you benefit from implementing the right solution for your organization.

Always-on defense for on-the-go devices

Unlike cloud-based mobile security solutions that rely on app sandboxing or traffic tunneling, McAfee MVISION Mobile sits directly on mobile devices to provide always-on protection no matter how a device is connected—via a corporate network, public access point, or cellular carrier—and even offline.

Advanced analysis thwarts advanced attacks

Machine learning algorithms analyze deviations to device behavior and make determinations about indicators of compromise to accurately identify advanced device, application, and network-based attacks.

A single console for all devices—including mobile

As an integrated component of McAfee Device Security, McAfee MVISION Mobile extends visibility and control of your mobile assets from the same single console of all your McAfee-managed devices, including OS-based endpoints, servers, containers, and embedded IoT devices.

McAfee Total Protection for Data Loss Prevention (DLP) safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives—on premises, in the cloud, or at the endpoints. Gain visibility Our capture technology allows you to see how your data is being used and how it is leaking out. Quickly identify data Stronger data classification identifies and classifies data that is important to your specific organization. Ensure you remain compliant Prioritize the remediation of critical compliance information and highly sensitive data over less critical data. Simplify deployment and management McAfee Total Protection for DLP is available through physical or virtual low-maintenance appliances, and uses McAfee ePolicy Orchestrator for streamlined deployment, management, updates, and reports. Easily synchronize on-prem and Cloud DLP policies By leveraging McAfee ePO, existing McAfee DLP customers can easily extend current enterprise DLP policies to the cloud. Connecting the two components can be as easy as one click and can be as fast as under a minute. Universal device-to-cloud data protection All McAfee DLP components leverage a common policy engine across endpoints, networks, and the cloud. There’s no need to recreate policies to protect the same piece of data in different environments, or to make the same change in more than one console. Centralized incident management and reporting McAfee offers users a single pane of glass experience when it comes to managing all DLP violations and reporting via McAfee ePO. There is no need to switch consoles to view incidents and generate reports regardless if the DLP violations are coming from corporate devices or cloud applications.

Analyzing all web traffic, even when it's encrypted, is a baseline security practice. Detecting malware before it is delivered to an endpoint can save the cost of remediation and minimize the chance of data loss in an attack. Sharing web threat information can make other security tools more intelligent. None of this should disrupt the productivity of a large workforce. Gateway technology for the world’s most demanding IT environments Best-in-class threat prevention Protect against highly sophisticated malware and targeted attacks that evade URL filtering and antivirus signatures. This secure web gateway provides industry-leading, proactive detection of zero-day malware with full coverage of web traffic, including SSL. Threat information sharing McAfee Web Gateway is integrated with the Security Connected platform to enable more effective threat detection, reduce incident response times, and improve operational efficiency. Learn about key integration points, McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange. Powerful rules-based policy engine Take action on any element of the web request-response cycle, allowing limitless flexibility and web security crafted for your organization.