A good chef will constantly update their menu to keep up with what food trends customers might be craving. By doing so, the chef is able to prevent customers from abandoning the restaurant, rather than reacting when it might be too late, and dishes are outdated or unpopular. The same practice should be applied to security. A security solution must be able to detect and correct threats, rather than reacting once something has already gone awry.
This is where McAfee® Active Response (MAR) starts heating things up in the kitchen. With continuous visibility and insights into events, activities, and content on your endpoint, MAR allows users to identify, investigate and remediate incidents faster – detect new events and emerging trends more easily — granting proactive influence over the entire threat defense lifecycle. And, since McAfee Active Response is integrated with McAfee® ePolicy Orchestrator®, analysts have easy and rapid visibility into and comprehension of the issues at hand without requiring that endpoints be burdened with an unproven agent. .
Endpoint detection and response, or EDR, is a popular topic today, one that is interpreted differently by different vendors. Given the name, it would seem obvious that the key requirements are better detection and better response of events and attacks. But many vendors stop with visibility, without providing centralized and flexible cleanup to restore affected endpoints to health.
McAfee Active Response meets the core EDR requirements by providing monitoring for suspicious and malicious endpoint events, search and hunting for identified attack artifacts, and then efficient, automated cleanup.
Our approach is different in three distinctive and valuable ways.
Automation: In both monitoring and cleanup, we make it easy to apply automation so you can let the system do the heavy lifting – critical for perpetually understaffed security operations. For instance, the ability to capture and monitor context and system state for changes that may be Indicators of Attack (IoA) is one of the ways McAfee Active Response keeps your system protected. This is done by defining events you want to watch for as triggers or traps that will continually look for the specific IoAs you’re worried about. Reinstallation of a malicious file or PDF is one, but it could also be a change to a specific registry key or communication with an IP address that you have found to be associated with malicious activity. When a defined event is detected, the triggers start cooking and automatically launch a reaction you define – from a simple alert to a script or a containment or cleanup action.
Unlike other Endpoint Detection and Response solutions, McAfee Active Response works to automatically apply logic to trigger a pre-determined reaction. The automated system’s ability to find dormant attack components and send this intelligence to analytics, operations, and forensic teams adds to your team’s success.
Adaptability: Every attack is different, so having a system that can easily adapt to any situation allows you to whip up some serious security strongholds. Customized searches can be run across the entire organization to gain an in-depth understanding of IoAs and align the proper remediation efforts and resources. The more you are able to understand an IoA, the more successful your security defense will be for future attacks. When alerted, MAR reactions you define help adapt the response to attack methodologies and your security posture. You can also automate data collection, alerts and responses using customizable configurations to specific workflows.
Continuous Response and Monitoring: Ad hoc and ongoing searches permit instant visibility so analysts and administrators can respond with speed and agility to defeat active threats, threats that are lying in wait, and even identify files that have already been deleted, a tactic attackers use to avoid being caught. McAfee Active Response can constantly monitor, looking for threats and sending alerts or taking other action when triggers are set off.
With an endpoint detection and response solution that fulfills the name, is simple to manage and customize, offers deep visibility as well as flexible and automated response, you’ll be wearing the executive chef’s hat in no time.