SlideShare a Scribd company logo

McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)

Download as PPTX, PDF
Iftikhar Ali Iqbal
Iftikhar Ali Iqbal

The presentation provides the following: - McAfee Company Overview - McAfee Strategy - McAfee Portfolio Overview - Endpoint Security Challenges - McAfee Endpoint Protection Platform - McAfee Active Response Overview - McAfee Active Response Features - McAfee Active Response Architecture - McAfee Active Response Workflow - McAfee Active Response Licenses & Packaging Please note all the information is based prior to Aug 2019.

Technology
1 of 19
McAfee Active Response Endpoint Detection & Response Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/ Valid till Aug 2019
2 AGENDA Target Partners & RTM 1 2 3 Company Overview Portfolio Strategy Endpoint Security Platform 4 McAfee Active Response
OVERVIEW Company and Portfolio
4 MCAFEE: OVERVIEW • Founded in 1987 • Headquartered in California, United States • Provides Software and Services • Focus is on Consumer and Enterprise Security • 125,000+ Corporate Customers • 120 Countries • 217+ Innovation Alliance Partners • 800+ Security Patents • On April 4, 2017 – McAfee begun operating as a new standalone company (spun back out of Intel). • Solution Offering: • Cloud Security • Device Security • Network Security • Pervasive Data Protection • Intelligent Security Operations
5 Portfolio Strategy An Integrated And Open Security System Threat Defense Lifecycle Together, Is Far More Powerful Than Sum Of The Parts SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE MCAFEE: STRATEGY
6 SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE • Endpoint Protection • Endpoint Detection and Response • Enforcement Controls • File Integrity Monitoring • Advanced Threat Protection • Encryption • Data Loss Prevention • Cloud Workload Protection • Cloud Access Security Broker • Web Gateway Service • Intrusion Prevention System • Advanced Threat Protection • Server Protection • Advanced Threat Protection • Database Security • Mail Server Security • Storage Security • Secure Web Gateway • Intrusion Prevention System Local Threat Intelligence Global Threat Intelligence Skyhigh Threat Intelligence Security Information and Event Management User and Entity Behavior Analytics Incident Response and Remediation MCAFEE: TACTICAL OVERVIEW
ENDPOINT SECURITY PLATFORM Single-IntegratedEndpoint Protection
8 Detecting and preventing advanced threats Adding new defenses in the future increases management problems Preventing deep investigations to aid in recovery Causing manual processes and delaying responses ComplexityAccuracy Visibility Sustainability ENDPOINT SECURITY: CHALLANGES
9 True centralized management Extensible endpoint security framework Actionable threat forensics in understandable language Advanced capabilities like machine learning analysis of sophisticated threats Integrated platform that unites defenses to work together ENDPOINT SECURITY: THE MCAFEE RESOLUTION
10 KNOWN THREATS UNKNOWN THREATS Threat Prevention Firewall Web Control Adaptive Threat Protection Threat Intelligence Exchange Active Response McAfee Endpoint Platform - Anti-malware - Host-based IPS - Exploit Prevention - Host-based Firewall - Web/Browser Control - Machine Learning - Application Containment - Reputation-based - Threat Sharing - EDR Single Agent (McAfee Agent) Single Management (McAfee ePolicy Orchestrator) Deployment Reporting & QueriesPolicy Configurations Dashboards Automated Responses ENDPOINT SECURITY: PLATFORM
ACTIVE RESPONSE Endpoint Detection and Response
12 ACTIVE RESPONSE: EDR ‘The EDR market is defined as solutions that record and store endpoint-system-level behaviors and events, such as user, file, process, registry, memory and network events. Multiple detection techniques are then used to continually search the stored data to detect security events that require human intervention to respond rapidly.’ ‘By 2021, endpoint protection platforms (EPPs) will provide automated, orchestrated incident investigation and breach response. Separate, stand-alone endpoint detection and response (EDR) solutions will focus on managed security service provider (MSSP) and large enterprise security operations center (SOC) environments..’ Market Guide for Endpoint Detection and Response Solutions, 9 November 2017, Peter Firstbrook Magic Quadrant for Endpoint Protection Platforms, 24 January 2018, Ian McShane, Avivah Litan, Eric Ouellet, Prateek Bhajanka
13 Immediate Action Automated Responses Continuous Monitoring ACTIVE RESPONSE: OVERIEW
14  Find and visualize data from your endpoints  Search for files, network flows, registry and process mapping  Hunt and kill threats  Hunt for file hashes, endpoints connected to specific IP and kill processes, remove files, etc  Continuously monitor a critical event  Initiate an action before hand for future threats  Leverage Data Exchange Layer (DXL) to communicate with other products  Reduce risk and response time COLLECTORS REACTONS TRIGGERS INTEGRATION ACTIVE RESPONSE: FEATURES
15 ePolicy Orchestrator Data Exchange Layer Advanced Threat Defense (Malware Analysis) McAfee Agent Endpoints Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Active Response Endpoint Security Adaptive Threat Protection Active Response Endpoint Security Adaptive Threat Protection Active Response McAfee Linux OS McAfee Cloud Services ACTIVE RESPONSE: ARCHITECTURE
16 ePolicy Orchestrator McAfee Agent Endpoints Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Active Response Endpoint Security Adaptive Threat Protection Active Response Endpoint Security Adaptive Threat Protection Active Response McAfee Cloud Services ACTIVE RESPONSE: HOW IT WORKS 12 3 4 4 1 McAfee Active Response sends data to the cloud 2 McAfee ePO receives data from the cloud 3 Perform in-depth investigation in McAfee ePO 4 TIE updates the reputation of the threat
17 ACTIVE RESPONSE: LICENSING AND PACKAGING Complete Endpoint Protection (CEB) (CEB) Complete Endpoint Threat Protection Protection (CTP) Endpoint Threat Defense & Response Response (EDR) Endpoint Security Adaptive Threat Protection Device Control Application Control Encryption Threat Intelligence Exchange Active Response ePolicy Orchestrator
18 ACTIVE RESPONSE: SUMMARY A single-pane for investigation, prioritization, genealogy, reputation, historical behavior, and response over potential threats. Workflows Single view to see, investigate, and take action on threats Visibility A view into suspicious behaviors across all Endpoints Investigate Analyze timelines and live searches to find threats Action One click stops threats & updates protection on all Endpoints Simplify View operational status of all Endpoint threat defense services
19 Thank You

Recommended

Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber SecuritySteppa Cyber Security
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
security-reference-architecture.pdf
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdfJoniGarcia9
 

Recommended

Endpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyeEndpoint Detection & Response - FireEye
Endpoint Detection & Response - FireEyePrime Infoserv
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber SecuritySteppa Cyber Security
 
The Elastic Stack as a SIEM
The Elastic Stack as a SIEMThe Elastic Stack as a SIEM
The Elastic Stack as a SIEMJohn Hubbard
 
security-reference-architecture.pdf
security-reference-architecture.pdfsecurity-reference-architecture.pdf
security-reference-architecture.pdfJoniGarcia9
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Skybox security
Skybox security Skybox security
Skybox security Alejandro Cadarso
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye SolutionsPrime Infoserv
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptxuthayakumar174828
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachNetworkCollaborators
 

More Related Content

What's hot

Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilientPrime Infoserv
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security DemystifiedMichael Torres
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise SecuritySplunk
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 

What's hot (20)

Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Skybox security
Skybox security Skybox security
Skybox security
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
IBM Qradar & resilient
IBM Qradar & resilientIBM Qradar & resilient
IBM Qradar & resilient
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
 
Cloud Security Demystified
Cloud Security DemystifiedCloud Security Demystified
Cloud Security Demystified
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
Splunk Enterprise Security
Splunk Enterprise SecuritySplunk Enterprise Security
Splunk Enterprise Security
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 

Similar to McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)

Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachNetworkCollaborators
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Russia
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Kaspersky Endpoint overview
Kaspersky Endpoint overviewKaspersky Endpoint overview
Kaspersky Endpoint overviewsferinga
 
Kaspersky Endpoint Overview
Kaspersky Endpoint OverviewKaspersky Endpoint Overview
Kaspersky Endpoint Overviewsferinga
 
KASPERSKY Description, Ease of Performance and conformity Guide.pptx
KASPERSKY Description, Ease of Performance and conformity Guide.pptxKASPERSKY Description, Ease of Performance and conformity Guide.pptx
KASPERSKY Description, Ease of Performance and conformity Guide.pptxfrancis578223
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeeGaurav "GP" Pal
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...NetworkCollaborators
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & ResponseHarry McLaren
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Kaspersky Kesb ep10 no_cm_v01a
Kaspersky Kesb ep10 no_cm_v01aKaspersky Kesb ep10 no_cm_v01a
Kaspersky Kesb ep10 no_cm_v01aIgor Pandzic
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco #ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco ITSitio.com
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)PT Datacomm Diangraha
 

Similar to McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR) (20)

Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
 
Cisco SecureX.pdf
Cisco SecureX.pdfCisco SecureX.pdf
Cisco SecureX.pdf
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPs
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban Próspero
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Kaspersky Endpoint overview
Kaspersky Endpoint overviewKaspersky Endpoint overview
Kaspersky Endpoint overview
 
Kaspersky Endpoint Overview
Kaspersky Endpoint OverviewKaspersky Endpoint Overview
Kaspersky Endpoint Overview
 
KASPERSKY Description, Ease of Performance and conformity Guide.pptx
KASPERSKY Description, Ease of Performance and conformity Guide.pptxKASPERSKY Description, Ease of Performance and conformity Guide.pptx
KASPERSKY Description, Ease of Performance and conformity Guide.pptx
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfee
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Kaspersky Kesb ep10 no_cm_v01a
Kaspersky Kesb ep10 no_cm_v01aKaspersky Kesb ep10 no_cm_v01a
Kaspersky Kesb ep10 no_cm_v01a
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco #ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 

More from Iftikhar Ali Iqbal

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...Iftikhar Ali Iqbal
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookMcAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookIftikhar Ali Iqbal
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalMcAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalIftikhar Ali Iqbal
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Iftikhar Ali Iqbal
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Iftikhar Ali Iqbal
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales PlayIftikhar Ali Iqbal
 

More from Iftikhar Ali Iqbal (16)

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookMcAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalMcAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - Whitelisting
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio Overview
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
 
Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales Play
 

Recently uploaded

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)

  • 1. McAfee Active Response Endpoint Detection & Response Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/ Valid till Aug 2019
  • 2. 2 AGENDA Target Partners & RTM 1 2 3 Company Overview Portfolio Strategy Endpoint Security Platform 4 McAfee Active Response
  • 4. 4 MCAFEE: OVERVIEW • Founded in 1987 • Headquartered in California, United States • Provides Software and Services • Focus is on Consumer and Enterprise Security • 125,000+ Corporate Customers • 120 Countries • 217+ Innovation Alliance Partners • 800+ Security Patents • On April 4, 2017 – McAfee begun operating as a new standalone company (spun back out of Intel). • Solution Offering: • Cloud Security • Device Security • Network Security • Pervasive Data Protection • Intelligent Security Operations
  • 5. 5 Portfolio Strategy An Integrated And Open Security System Threat Defense Lifecycle Together, Is Far More Powerful Than Sum Of The Parts SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE MCAFEE: STRATEGY
  • 6. 6 SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE • Endpoint Protection • Endpoint Detection and Response • Enforcement Controls • File Integrity Monitoring • Advanced Threat Protection • Encryption • Data Loss Prevention • Cloud Workload Protection • Cloud Access Security Broker • Web Gateway Service • Intrusion Prevention System • Advanced Threat Protection • Server Protection • Advanced Threat Protection • Database Security • Mail Server Security • Storage Security • Secure Web Gateway • Intrusion Prevention System Local Threat Intelligence Global Threat Intelligence Skyhigh Threat Intelligence Security Information and Event Management User and Entity Behavior Analytics Incident Response and Remediation MCAFEE: TACTICAL OVERVIEW
  • 8. 8 Detecting and preventing advanced threats Adding new defenses in the future increases management problems Preventing deep investigations to aid in recovery Causing manual processes and delaying responses ComplexityAccuracy Visibility Sustainability ENDPOINT SECURITY: CHALLANGES
  • 9. 9 True centralized management Extensible endpoint security framework Actionable threat forensics in understandable language Advanced capabilities like machine learning analysis of sophisticated threats Integrated platform that unites defenses to work together ENDPOINT SECURITY: THE MCAFEE RESOLUTION
  • 10. 10 KNOWN THREATS UNKNOWN THREATS Threat Prevention Firewall Web Control Adaptive Threat Protection Threat Intelligence Exchange Active Response McAfee Endpoint Platform - Anti-malware - Host-based IPS - Exploit Prevention - Host-based Firewall - Web/Browser Control - Machine Learning - Application Containment - Reputation-based - Threat Sharing - EDR Single Agent (McAfee Agent) Single Management (McAfee ePolicy Orchestrator) Deployment Reporting & QueriesPolicy Configurations Dashboards Automated Responses ENDPOINT SECURITY: PLATFORM
  • 12. 12 ACTIVE RESPONSE: EDR ‘The EDR market is defined as solutions that record and store endpoint-system-level behaviors and events, such as user, file, process, registry, memory and network events. Multiple detection techniques are then used to continually search the stored data to detect security events that require human intervention to respond rapidly.’ ‘By 2021, endpoint protection platforms (EPPs) will provide automated, orchestrated incident investigation and breach response. Separate, stand-alone endpoint detection and response (EDR) solutions will focus on managed security service provider (MSSP) and large enterprise security operations center (SOC) environments..’ Market Guide for Endpoint Detection and Response Solutions, 9 November 2017, Peter Firstbrook Magic Quadrant for Endpoint Protection Platforms, 24 January 2018, Ian McShane, Avivah Litan, Eric Ouellet, Prateek Bhajanka
  • 14. 14  Find and visualize data from your endpoints  Search for files, network flows, registry and process mapping  Hunt and kill threats  Hunt for file hashes, endpoints connected to specific IP and kill processes, remove files, etc  Continuously monitor a critical event  Initiate an action before hand for future threats  Leverage Data Exchange Layer (DXL) to communicate with other products  Reduce risk and response time COLLECTORS REACTONS TRIGGERS INTEGRATION ACTIVE RESPONSE: FEATURES
  • 15. 15 ePolicy Orchestrator Data Exchange Layer Advanced Threat Defense (Malware Analysis) McAfee Agent Endpoints Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Active Response Endpoint Security Adaptive Threat Protection Active Response Endpoint Security Adaptive Threat Protection Active Response McAfee Linux OS McAfee Cloud Services ACTIVE RESPONSE: ARCHITECTURE
  • 16. 16 ePolicy Orchestrator McAfee Agent Endpoints Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Active Response Endpoint Security Adaptive Threat Protection Active Response Endpoint Security Adaptive Threat Protection Active Response McAfee Cloud Services ACTIVE RESPONSE: HOW IT WORKS 12 3 4 4 1 McAfee Active Response sends data to the cloud 2 McAfee ePO receives data from the cloud 3 Perform in-depth investigation in McAfee ePO 4 TIE updates the reputation of the threat
  • 17. 17 ACTIVE RESPONSE: LICENSING AND PACKAGING Complete Endpoint Protection (CEB) (CEB) Complete Endpoint Threat Protection Protection (CTP) Endpoint Threat Defense & Response Response (EDR) Endpoint Security Adaptive Threat Protection Device Control Application Control Encryption Threat Intelligence Exchange Active Response ePolicy Orchestrator
  • 18. 18 ACTIVE RESPONSE: SUMMARY A single-pane for investigation, prioritization, genealogy, reputation, historical behavior, and response over potential threats. Workflows Single view to see, investigate, and take action on threats Visibility A view into suspicious behaviors across all Endpoints Investigate Analyze timelines and live searches to find threats Action One click stops threats & updates protection on all Endpoints Simplify View operational status of all Endpoint threat defense services