“Stronger and Lighter” − An Early Adopter Compares Before vs After McAfee ENS

When Philippe Maquoi heard about McAfee Endpoint Security (ENS), he immediately signed up to became one of its first beta testers. “I had been looking for a product like ENS for some time,” he says, “and I had confidence that McAfee was capable of giving me such a product.”

As head of the SPW Endpoint and Server Security team, Philippe Maquoi oversees information security for Service Public de Wallonie (SPW), the public administration arm of the regional government of Wallonia, the French-speaking region of Belgium. Maquoi and his team are responsible for securing the 9,000 desktops, 1,300 servers, and 1,000 major applications used by the government’s more than 8,000 employees.

Maquoi’s team initially migrated 1,000 computers to McAfee ENS version 10.2 and plans to migrate all 9,000 endpoints to ENS version 10.5 imminently. Although Maquoi can’t wait to take full advantage of the Real Protect machine learning and behavioral detection functionality in the most recent version of ENS, he has already seen tremendous benefits from implementing ENS 10.2.

“What I like best about McAfee ENS so far is that it is both stronger and lighter,” says Maquoi. “By that I mean it has superior detection and prevention technology that protects us better against present and future threats, but it is also easier to manage. Both aspects are equally important.”

Better Protection, Time Savings, and More with McAfee ENS

Since SPW initially installed ENS on some but not all nodes, it was easy to compare the impact of the new endpoint security framework to the previous endpoint protection. Take, for instance, when Nemucod ransomware attacked the organization and a handful of users, some on desktops with McAfee ENS and some on desktops without it, clicked on a button embedded in the phishing email. On the desktops not yet migrated to ENS, the user’s action triggered a JavaScript that downloaded the ransomware—which resulted in two days of work restoring corrupted administrative shares. On the desktops protected by ENS, however, the JavaScript was prevented from executing and users continued working, business as usual.

Maquoi’s team has also seen significant operational time savings compared to dealing with endpoints not yet protected by ENS. For starters, none of his team had to spend time re-mediating on the ENS-protected desktops after the ransomware attack just mentioned. With McAfee ENS, there is less administrative overhead, which also frees up time.

“McAfee ENS is smart enough to stop threats without us having to manually create a bunch of rules, as we had to do in the past,” he states. “Also, instead of having to push out and update multiple agents for various aspects of protection—a HIPS agent, a web content control agent, and so on—booting and rebooting each time, with ENS we have a stronger toolset, encompassed in one product, with just one agent to deal with.”

In addition, for ENS-protected machines, Maquoi says his team no longer has to listen to complaints from angry users on scan day. With malware scanning no longer impacting the performance of those devices, their users are now much happier and more productive.

Furthermore, by migrating to McAfee ENS, SPW is laying the foundation for an adaptable, sustainable threat defense lifecycle. That’s because McAfee ENS is built to communicate using the McAfee Data Exchange Layer (DXL) fabric, which enables near real-time exchange of local and global threat information among diverse security systems via McAfee Threat Intelligence Exchange. Consequently, in the near future when SPW implements McAfee Advanced Threat Defense (ATD) for in-depth sandbox analysis, SPW endpoints will be able to receive threat information directly from ATD and send information directly to ATD, creating even stronger threat detection capabilities and enabling even faster response.

To read the full case study on Service Public de Wallonie, click here. Get your questions answered by tweeting @McAfee.

Leave a Comment

10 − three =