You heard it at Intel Security’s 2015 FOCUS event, and you’ll hear it at the 2016 RSA Conference: it’s time to change the game in security.
With the rising volume of complex attacks, 2016 is the year for infosec pros to evolve their approach, taking a more proactive method to identifying, hunting, assessing and prioritizing unknown risks. This includes taking on the threat defense lifecycle with an automated, more connected, more informed approach.
It all starts with a security strategy that unifies protection, detection and correction of risks and threats with real-time, centralized management. The result is an adaptive feedback loop where security evolves, learns and improves over time. Enter McAfee Endpoint Security 10 (ENS 10).
With McAfee Endpoint Security 10, the ability to protect against shifting threats is back in your arsenal through three key technologies that can now communicate with one another: Threat Prevention, Web Control and an integrated Firewall.
How Does It Work?
The Threat Prevention module works with Web Control to protect end users from downloading malicious files. If there is an attempt to download a file from a known malicous website, Web Control informs Threat Prevention Module, which triggers an immediate on-demand scan (ODS) of the file in question. The data that is gathered is also shared with the Firewall to inform it of suspicious threats that may attempt to enter the network.
Also, with ENS 10 users can control Global Threat Intelligence (GTI) sensitivity in ePO, specifically for downloaded files. GTI settings for these scans override and are independent of the GTI sensitivity setting for on-access scan (OAS) and on-demand scan (ODS). Depending on your settings and the results of the scan, ENS 10 takes immediate action.
The ENS 10 Advantage
Because the file in question is scanned at the point of entry instead of once it’s fully infiltrated the system, you’re automatically at an advantage and are poised to better protect against the targeted attack. In addition, since the file is coming directly from the web, it is scanned with a higher GTI sensitivity level, giving you better overall protection. All the while, ENS 10 is working to capture better forensic data if a detection occurs.
The term ‘knowledge is power’ explains the advantage to the above scenario. The more knowledge you’re gleaning from updated information on threats, the more action you can take to protect your organization from similar attacks. Information on the attack vector, source URL, and every threat event is sent to ePO and is explained in language that is easy to read.. Knowing how you are infected, why you are getting infected, and the length of time exposed allows administrators to take timely action to prevent further attacks.
An Updated Architecture
The updated architecture we’ve developed with ENS 10 provides an integrated system, which eliminates redundancies that can occur when overlaying security solutions on top of one another. With one firewall, one self-protection, one access protection, and one buffer overflow protection, there are no longer multiple point product installations on a single machine, rather, multiple defense modules can be deployed to a single system.
ENS 10 allows users to protect their system against attacks at any stage of the threat defense lifecycle, truly allowing your infrastructure to protect against ANY attack, at ANY stage in the cycle.