For HollyFrontier Director of IT Infrastructure Edwin Drayden, the primary driver for migrating to McAfee Endpoint Security 10 was not better performance or consolidation of legacy products. It was the ability to integrate new endpoint protection framework with his favorite McAfee product, McAfee Advanced Threat Defense (ATD) dynamic sandboxing.
Under Drayden’s leadership, HollyFrontier, a Fortune 500 petroleum refining company with five refineries in the mid-United States, recently migrated 90 percent of its 3,600 McAfee Complete Endpoint Threat Protection suite nodes to McAfee Endpoint Security 10.2. Drayden knew that the more intelligent, more collaborative McAfee Endpoint Security would enhance the defenses of the company’s integrated security architecture, in which McAfee SIEM, IPS, and other solutions play key roles. But he was most excited about the stronger threat detection and faster response enabled by integrating the new endpoint protection framework with McAfee ATD via McAfee Threat Intelligence Exchange.
Drayden becomes animated when he talks about McAfee ATD: “It’s awesome to be able to see something a little strange from a packet perspective…[and be] able to take it to the cloud and explode it, to see what kind of threat vectors fit… I love that. And to do it in such a short timeframe; it’s really incredible.”
At HollyFrontier, now that McAfee Endpoint Security is integrated with McAfee Threat Intelligence Exchange and McAfee ATD (via the Data Exchange Layer, or DXL), if a questionable file attempts to execute on an endpoint, it is instantly quarantined and sent to ATD for deep analysis. While ATD is analyzing the file—combining signatures, reputation, and real-time emulation with in-depth sandboxing to detect sophisticated, evasive threats—the Dynamic Application Containment (DAC) capability of McAfee Endpoint Security 10 automatically isolates the file in question at ‘patient zero.’
As Drayden had anticipated, this integration of McAfee Endpoint Security and McAfee ATD has indeed had a tremendous positive impact on security operations, especially by detecting and containing ransomware before it requires serious remediation. “There were quite a few instances in our environment of ransomware that no longer exist,” says Drayden. “I’d say that’s easily 40 hours [saved] every two weeks.”
Drayden also expresses pleasure at how simple and straightforward the migration to McAfee Endpoint Security was using the McAfee ePolicy Orchestrator® (ePO™) central console. Within seven days after initial testing, HollyFrontier’s small information security staff migrated to version 10.2 of the new endpoint protection framework and its Threat Prevention module, including Dynamic Application Containment (DAC) functionality, across 3,200 nodes. The company plans to migrate to version 10.5 within 30 days.
In addition, migrating to the McAfee Endpoint Security 10 had minimal impact on end users, who either didn’t notice anything had changed or ceased complaining. “Once [the migration] was done, it was done,” Drayden notes. “It’s been pretty quiet ever since [across] literally every single endpoint in the whole infrastructure.”
In sum, says Drayden, HollyFrontier migrated to McAfee Endpoint Security 10 “to get a quality product and watch it attach upstream to everything else.” Once it was deployed, he says, “I felt better; I could sleep at night because I knew that ENS [McAfee Endpoint Security 10] works.”