In today’s enterprise environment, cybersecurity demands a multi-pronged approach. Usually, this involves different solutions for various endpoints, networks and clouds. This approach however, follows a familiar plot: different security technologies wind up giving you similar stories, without insight into what you actually need to know to adjust and harden your defenses or policies. If your security solutions could talk to each other and tell you in plain language what they are seeing and doing, these stories might change into something useful.
With McAfee Endpoint Security 10 (ENS 10), your organization is provided with a framework that brings multiple defenses together enabling them to talk and collaborate against new and advanced threats in real time. Not only does it do all of this quickly (unnoticeably to your users) it will summarize in common, understandable reporting, what, why and how it took actions so you can understand how to make adjustments to tighten your policies.
ENS 10 accomplishes this through a communication fabric that allows Threat Prevention, Web Firewall and the available Threat Intelligence Exchange modules to consult, leverage and inform each other whenever suspicious files, network activities or web traffic are detected. For example, if a web traffic request is suspected of malicious activity, the Threat Prevention module will be consulted and used to scan for threats, automatically blocking them while informing the other modules and flagging suspicious activities for deeper inspection. This saves time, money, and, most importantly, valuable security resources. It’s like an automated committee meeting for your security solutions: it gets rid of redundant information and technologies and provides you with a simplified framework for stronger security today that you can continue to build upon in the future.
McAfee Threat Intelligence Exchange (TIE) is a good example of how the ENS 10 architecture lets you easily add technologies. TIE pulls multiple threat information sources together to better detect and flag known and newly found malicious files and activities. It can receive unknown files from ENS 10, and work to establish a verdict on the file’s risk. Files unique to your organization are the most worrisome and likely to be involved in a targeted attack. That verdict can be simultaneously communicated with ENS 10 to inform it of the latest threats and suspected advanced targeted attacks (ATAs) witnessed around the globe. ENS 10 can then flag and take action using the massive intelligence TIE offers to automatically defend against the very latest forms of attack as they emerge. You can also set up your own rules to filter out files and certificates that you know are safe or unsafe. This helps focus your protections and limited resources on the truly unknown – where the risk is.
Figure 1 – This diagram show how TIE works with the Endpoint Security and other security solutions to connect defenses together to stop new and unknown threats.
It’s time for your defenses to start talking to each other with ENS 10. By calling a conference of integrated security solutions, ENS 10 brings multiple endpoint defense technologies together, rather than alone, to block new and advanced threats before they affect systems and users. It does so with minimal impact to end users, thanks to its zero-impact scanning technology, while providing maximum protection to your systems.
You can also visit the Intel Security Booth #N3705, North Expo at the RSA conference in San Francisco to learn more about Endpoint Security 10.