The proposal provides the following: - Executive Summary - Solution Overview - High-Level Architecture - Solution Components - McAfee Customer Success Group - System Requirements - Solution Offering Please note all the information is based prior to June 2019.

1. TECHNICAL PROPOSAL
Title/Solution/RFx/Project Name
APPLICATION CONTROL
Iftikhar Ali Iqbal, CISSP, CCSP, CISM
https://www.linkedin.com/in/iftikhariqbal/
VALID TILL JUNE 2019

2. TECHNICAL PROPOSAL
____________________________________________________________________________________ 2
Document Control
Revision History
Version Date Changes
1.0 24 July 2017 Initial Draft
1.1 15 February 2018 Addition of Application Control
1.2 17 November 2018 Changes in Document Format
1.3 10 May 2019 Addition of Customer Success Group | Removal of Technical Support
1.4 8 June 2019 Additional details on MAC | Appended TIE, ATD
1.5 9 June 2019 Refresh of Executive Summary
Contact Details
Organization Name Email Number
Consultant Iftikhar Ali Iqbal https://www.linkedin.com/in/iftikhariqbal/

3. TECHNICAL PROPOSAL
____________________________________________________________________________________ 3
Table of Contents
Executive Summary ......................................................................................................... 4
Solution Overview........................................................................................................... 5
High-Level Architecture ................................................................................................... 6
Solution Components ...................................................................................................... 8
McAfee Application Control (MAC)............................................................................................8
Key Features .....................................................................................................................................9
Workflow....................................................................................................................................... 12
McAfee ePolicy Orchestrator (ePO).........................................................................................13
System Components...................................................................................................................... 13
McAfee Agent.........................................................................................................................14
Optional Components.............................................................................................................15
Threat Intelligence Exchange (TIE)................................................................................................ 15
McAfee Advanced Threat Defense (ATD)...................................................................................... 15
McAfee Customer Success Group (CSG)...........................................................................16
Technical Support...................................................................................................................16
Support Options and Offerings...................................................................................................... 17
Service Level Goals (SLG)............................................................................................................... 17
Severity Levels........................................................................................................................................... 18
Consulting Services.................................................................................................................19
McAfee Solutions Services ............................................................................................................ 20
Methodology............................................................................................................................................. 20
McAfee Advanced Cyber Threat Services...................................................................................... 21
Practice Brief ............................................................................................................................................. 21
Education Services..................................................................................................................22
Product Training ............................................................................................................................ 23
McAfee Application Control and McAfee Change Control Administration (8.0)...................................... 23
Security Training............................................................................................................................ 23
System Requirements.....................................................................................................24
McAfee ePolicy Orchestrator ..................................................................................................24
Microsoft SQL Server ..............................................................................................................24
McAfee Agent Handler............................................................................................................24
McAfee Agent.........................................................................................................................25
McAfee Application Control Client ..........................................................................................25
Optional Components.............................................................................................................26
McAfee Threat Intelligence Exchange (TIE)................................................................................... 26
McAfee Advanced Threat Defense (ATD)...................................................................................... 26
Hardware Appliance.................................................................................................................................. 26
Virtual Appliance....................................................................................................................................... 27
Analyzer VMs............................................................................................................................................. 27
Solution Offering ............................................................................................................28
Software Licenses and Appliances...........................................................................................28
Optional Components ................................................................................................................... 28
Professional Services ..............................................................................................................28
Technical Support...................................................................................................................28
Education Services..................................................................................................................28

4. TECHNICAL PROPOSAL
____________________________________________________________________________________ 4
Executive Summary
Scrambling to adapt to the evolving landscape, many security teams have resorted to bolting on the latest “best-
of-breed” point solutions. While each solution may bring a new capability to the table, it’s important to look at
your overall ecosystem and how these different defenses work together.
There are serious shortfalls in deploying disparate, multivendor endpoint security technologies that don’t
collaborate with each other. Because point solutions have limited visibility and see only what they can see, the
burden of connecting the dots falls on you. Adversaries are quick to take advantage of the windows of
opportunity these manual processes create, evading defenses or slipping through the cracks unnoticed.
As a never-ending array of “next-generation” solutions started to emerge and flood the marketplace, you were
likely told more than once that antivirus isn’t enough and what you need to do is switch to next-gen. In reality,
it’s not about achieving a next-generation approach or finding the best use for antivirus. It’s really about
implementing a holistic device security strategy that connects and coordinates an array of defenses. This
includes signature-based defense (which eliminates 50% of the attack noise—allowing algorithmic approaches
to run more aggressively with less false alarms)2, plus exploit protection, reputations, machine learning, ongoing
behavioral analytics, and roll-back remediation to reverse the effects of ransomware and other threats.
McAfee has re-imagined device security to provide a single
console with flexible deployment options to defend a broad set
of devices with full-stack or overlay to native controls. Through
a single-agent architecture with deep integration and
automation, we remove silos between once-isolated
capabilities to enhance efficiency and protection.
As a leader in the industry, McAfee offers a broad portfolio of
security solutions that combine established capabilities
(firewall, reputation, and heuristics) with cutting-edge machine
learning and containment, along with endpoint detection and
response (EDR) into a single-agent all-inclusive management
console. The resulting integrated endpoint protection platform keeps users productive and connected while
stopping zero-day malware and advanced threats like ransomware before they can infect the first device—
“patient zero.”
• McAfee can unify your endpoint defenses and build a device security strategy based on:
• Single-console management with flexible delivery options: SaaS, virtual, or on-premises
• Integration with multiple operating systems (OSs): Microsoft Windows Defender and Android and iOS
• One platform that protects all your devices and enhances protection: A single-agent architecture to manage
and automate security for servers, traditional endpoints, mobile, and even embedded IoT devices
• An integrated, collective endpoint threat defense: Device hardening, fileless malware detection, behavior
analytics, machine learning, signatures, credential theft protection, endpoint detection and response (EDR),
and firewall
2 Neely, Lee and Torres, Alissa. “Endpoint Protection and Response: A SANS Survey”. June 2018.
https://www.mcafee.com/enterprise/en-us/assets/reports/restricted/rp-sans-endpoint-protection-response.pdf

5. TECHNICAL PROPOSAL
____________________________________________________________________________________ 5
Solution Overview
More threats than ever before are introduced by unknown executables being run on servers and desktops.
McAfee Application Control provides signature-less protection against zero-day malware and Advanced
Persistent Threats (APT’s) by way of intelligent application whitelisting, file reputation, and memory protection.
It creates and maintains a dynamic whitelist of binaries comprised of executables, DLLs, drivers, and scripts
locally on every system. Whitelisted files are protected and cannot be deleted or modified unless a change is
“trusted”. The trust model specifies updaters, publishers, installers, trusted directories, trusted users and time
windows by which changes can be made. Note that trusted changes are dynamically added to the whitelist.
Maintaining maximum uptime is essential for systems such as Point of Sale terminals, ATMs, and critical servers.
App Control provides a quick, simple check against the whitelist when an application is executed. Simply put,
only those files in the whitelist can execute. If it’s not on the whitelist, execution is blocked. Every whitelisted
file also benefits from built-in Memory Protection, preventing whitelisted applications from memory tampering
and exploits via buffer overflow attacks.
For more dynamic systems, such as desktops and laptops, a bit more freedom may be desired. Application
Control can perform a reputation check on new executables before allowing or blocking execution. Reputation
is checked against McAfee’s Global Threat Intelligence (McAfee GTI), or an internal Threat Intelligence Exchange
Server (TIE) if one is deployed in the environment.
Furthermore, TIE integrates with McAfee Advanced Threat Defense (ATD), McAfee’s advanced malware analysis
with sandboxing solution, in real time to provide detailed assessment and data on malware classification.

6. TECHNICAL PROPOSAL
____________________________________________________________________________________ 6
High-Level Architecture

7. TECHNICAL PROPOSAL
____________________________________________________________________________________ 7
1. McAfee ePolicy Orchestrator (ePO)
The centralized management console will connect to the McAfee services for product downloads and
content updates. It will also be used to deploy and manage McAfee Agent and endpoint security
products. All configuration and policies will be provided from this central location and dashboards and
queries to track activity and detections.
At the backend the McAfee ePO utilizes a Microsoft SQL database to store all data about your
network managed systems and its repositories. The database can be clustered using Microsoft’s
native clustering services.
2. McAfee Agent
Installed on all managed endpoints it ensures policy enforcement, product deployments and updates
and sends events and system properties to McAfee ePO. The McAfee Agent also includes the Data
Exchange Layer (DXL) client.
3. McAfee Threat Intelligence Exchange (TIE)
TIE provides reputation information which is shared across the McAfee ecosystem via DXL.
4. McAfee Advanced Threat Defense (ATD)
ATD performs malware analysis, including sandboxes. TIE sends files with unknown reputation to ATD
to gather further data points and provide a malware classification for the files.
5. Client Modules
Security modules such as Application Control and more are deployed on endpoints and all managed
within a single McAfee Agent. Policies and configurations for the specific solution are managed
through the McAfee ePO.
6. McAfee Global Threat Intelligence (GTI)
TIE query’s McAfee GTI for reputation information to determine how to handle files on the system.
7. McAfee Labs
A threat library where from the McAfee ePO downloads the latest content files and engine updates.

8. TECHNICAL PROPOSAL
____________________________________________________________________________________ 8
Solution Components
McAfee Application Control (MAC)
McAfee Application Control blocks unauthorized executables on servers, corporate desktops, and fixed-function
devices. Application Control uses dynamic whitelisting to guarantee that only trusted applications run on
servers, devices, and desktops. It eliminates the need for IT administrators to manually maintain lists of
approved applications. It also gives IT control over endpoints to help enforce software license compliance.
The software uses a dynamic trust model and innovative security features to prevent advanced persistent
threats (APT) without requiring signature updates. It guarantees protection without impacting productivity.
With Application Control, you can:
• Prevent any malicious, untrusted, or unwanted software from being executed.
• Automatically identify trusted software and grant it authorization to run.
• Block users from introducing software that poses a risk to your company.
Application Control ensures that only legitimate and authorized applications run on the system. It can operate
in four different modes. Each mode is different in principle and usage.
Disabled Mode
This mode indicates that Application Control isn't running on your system. Although the application is installed,
its features are disabled. After installation, the application appears in Disabled mode by default. You can then
switch to Observe, Update, or Enabled mode.
Enabled Mode
This mode indicates that Application Control is running, and protection is enabled. Enabled mode supports
reputation-based execution. When you execute a file, Application Control fetches its reputation and that of all
certificates associated with the file to determine whether to allow or ban the file execution. Application
Control works with TIE Server and McAfee GTI to fetch reputation information for a file.
Observe Mode
This mode indicates that Application Control is running but it only monitors and logs observations. The
application does not prevent any execution or changes made to the endpoints. Instead, it monitors execution
activities and compares them with the local inventory and predefined rules.
Update Mode
This mode indicates that protection is effective, but changes are allowed on protected endpoints. When you
perform software updates in Update mode, Application Control tracks and records each change. Also, it
dynamically updates the whitelist to make sure that the changed or added binaries and files are authorized to
run when the system returns to Enabled mode.

9. TECHNICAL PROPOSAL
____________________________________________________________________________________ 9
Key Features
Discovery: Knowledge Acquisition
In Observe Mode, Application Control allows you to discover policies for dynamic desktop environments without
enforcing a whitelist lockdown. This mode helps you deploy the software in pre-production environments
without affecting the operation of existing applications.
Observations record execution, installation, and uninstallation activities for managed endpoints. A file is allowed
to execute unless it is banned by a specific rule or has malicious reputation. All observations generated on an
endpoint are sent to the McAfee ePolicy Orchestrator (ePO) server after agent-server communication intervals
(ASCI).
Protection: Reputation
Application Control accepts new software only when it is added through an authorized process. This dynamic
trust model allows you to configure what can run on devices in your environment.
Before allowing or blocking a file, Application Control considers the file reputation and whether it is added to
the whitelist and checks other existing rules.
It integrates with a reputation source to receive reputation information for files and certificates. Based on the
reputation received from one of these sources, Application Control allows or bans the execution and software
installation.
Based on the configuration, the software regularly synchronizes with these sources:
• McAfee Threat Intelligence Exchange (TIE) - The TIE server is a local reputation server that
communicates with multiple reputation sources. It effectively combines and collates intelligence from
global sources with local threat intelligence and customized organizational knowledge to provide
aggregated reputation values.
TIE can further it’s intelligence by integrating with McAfee Advanced Threat Defense (ATD).
• McAfee Global Threat Intelligence (GTI) - McAfee GTI is a cloud-based service that functions as a
reputation source. Application Control periodically synchronizes with the McAfee GTI server to fetch
ratings for executable files and certificates.

10. TECHNICAL PROPOSAL
____________________________________________________________________________________ 10
Protection: Dynamic Whitelisting
Application Control helps you manage whitelist in a secure and dynamic way. IT administrators don't need to
manually maintain lists of approved applications. Application Control groups executables (binaries, libraries, and
drivers) across your company by application and vendor.
Before allowing or blocking a file, Application Control considers the file reputation and whether it is added to
the whitelist and checks other existing rules.
• Whitelist
Application Control creates a whitelist of executables (binaries, libraries, and drivers) and script files.
The whitelist includes all authorized files and determines trusted or known files. All files in the whitelist
are protected and cannot be changed or deleted. In Enabled mode, only executables or script files
included in the whitelist or files with trusted reputation are allowed to run.
• Other Methods
Application Control provides multiple other methods to authorize execution of a program or file on a
protected endpoint. To design a trust model and allow additional users or programs to execute or
change files on a protected endpoint, you can use one of these methods on endpoints running in
Enabled mode:
• Trusted Processes:
o Updater Process - An application allowed to update the endpoint.
o Executable File - An executable file allowed or restricted from running on the endpoints.
o Installer - An application that is allowed to install or update software.
• Trusted Certificates:
A trusted certificate (associated with a software package) that
is permitted to install and change files on a protected
endpoint.
• Trusted Directory:
A trusted directory (local or network share) identified by its
Universal Naming Convention (UNC) path.
• Trusted User:
An authorized Windows user with rights to dynamically add
files and applications to the whitelist.

11. TECHNICAL PROPOSAL
____________________________________________________________________________________ 11
Protection: Advanced Memory Protection
Application Control offers multiple memory-protection techniques to prevent zero-day attacks. Memory-
protection techniques provide extra protection over the protection from native Windows features or signature-
based buffer overflow protection products. These techniques also prevent whitelisted applications from being
exploited by memory buffer overflow attacks on Windows 32-bit and 64-bit systems.
The following techniques are currently available with Application Control:
TECHNIQUE DESCRIPTION
CASP — Critical
Address Space
Protection (mp-casp)
CASP is a memory-protection technique that renders useless any shellcode running
from the non-code area. This shellcode is an abnormal event that usually happens
because of a buffer overflow.
CASP allows code to execute from non-code area but disallows the code from
invoking any meaningful API calls, such as CreateProcess() and DeleteFile(). When
exploit code invokes these APIs, CASP blocks it and it fails to do any damage.
NX — No eXecute (mp-
nx)
The NX feature uses the Windows Data Execution Prevention (DEP) feature to
protect processes against exploits that try to execute code from writable memory
area (stack/heap). NX also provides granular bypass capability and raises violation
events that can be viewed on the McAfee ePO console.
Windows DEP prevents code from being run from a non-executable memory
region. This abnormal event mostly occurs due to a buffer overflow. The malicious
exploit attempts to execute code from these non-executable memory regions.
Forced DLL Relocation
(mp-vasr-forced-
relocation)
This feature forces relocation of those dynamic-link libraries (DLLs) that have opted
out of the Windows native ASLR feature. Some malware relies on these DLLs always
being loaded at the same and known addresses. By relocating such DLLs, these
attacks are prevented.
Coverage: Application Types
Application Control extends coverage to executable files, libraries, drivers, Java applications, ActiveX controls,
and scripts for greater control over application components. It enforces control on connected or disconnected
servers, virtual machines, endpoints, and fixed devices, such as kiosks and point-of-sale (POS) terminals. It also
locks down protected endpoints against threats and unwanted changes, with no file system scanning or other
periodic activity that might impact system performance.
Coverage: Execution Control (Attribute-Based)
Application Control performs multiple checks to determine whether to allow or block a file's execution. If a file's
execution is allowed after the Application Control checks, attribute-based or granular rules, if any are defined,
come into play. The rules are based on the concept of fine-grained whitelisting and can be created on the
attributes of a file.
You can define specific rules using attributes to allow, block, or monitor the file. Rules that allow execution take
precedence over rules that block or monitor execution.
Attribute-based rules help you allow or block files in different scenarios based on file context. On a protected
system, only whitelisted interpreters are allowed to run. But, in certain scenarios, whitelisted interpreters might
be misused to execute malicious scripts. You can prevent misuse of interpreters by defining attribute-based
rules to block potentially malicious scenarios.
Attribute-based rules provide flexibility to allow or block file execution, as needed. If an administrator needs to
block a user from running a specific file, they can add an attribute-based rule to prevent its execution by that
user. Similarly, an administrator can choose to block execution of a certain file altogether, unless when run by a
specific parent process.

12. TECHNICAL PROPOSAL
____________________________________________________________________________________ 12
Workflow
Application Control creates a whitelist of all authorized executable files. When you run an executable file that
isn't whitelisted, Application Control checks the reputation of the file and allows or blocks its execution.
1. A user or application tries to execute a file on a managed endpoint where Application Control and McAfee
Agent are installed.
2. Application Control checks the reputation of the file and allows or blocks its execution.
3. Application Control communicates with the McAfee Threat Intelligence Exchange (TIE) servers to receive
reputation information for the file and any associated certificates. Based on this information, Application
Control allows or blocks the file execution.
4. If the TIE server is unavailable, Application Control communicates with the McAfee Global Threat
Intelligence (McAfee GTI) server to fetch the reputation of the file.
5. McAfee Data Exchange Layer (DXL) provides the framework for communication between Application
Control and TIE or McAfee GTI, so products can share threat information.
6. The administrator manages all endpoints, deploys policies, creates rules, adds certificates, manages the
inventory, monitors activities, and approves requests.
7. Information about the attempt to run the application is sent to the McAfee ePolicy Orchestrator server,
where it appears in a dashboard, report, or log.

13. TECHNICAL PROPOSAL
____________________________________________________________________________________ 13
McAfee ePolicy Orchestrator (ePO)
McAfee ePolicy Orchestrator (ePO) is the foundational central security management software that manages
every McAfee security solution, as well as over 140 solutions from our partners. ePO “connects” and manages
all the products that make up the Security Connected framework—with the automation and extensibility that
enterprises need.
ePO is the command and control for security operations. It is the single pane of glass for managing policies,
deployment, and reporting to make managing and “connecting” security simpler and more efficient. From a
single console, ePO provides flexible, automated security management capabilities so users can identify,
manage, and respond to security issues and threats. That makes it possible for customers to extract more value
from management-level investments and enables the improved risk postures and cost-effective security that
are central to the Security Connected approach.
System Components
McAfee ePO has the following components:
• Microsoft SQL
Stores all data about your network-managed systems, McAfee ePO,
Agent Handlers, and repositories.
• McAfee ePolicy Orchestrator
Manage, deploy and report on the security of endpoints.
• McAfee Agent
Provides communication to the server for policy enforcement,
product deployment and updates, and connections to send events,
product, and system properties to the McAfee ePO server.

14. TECHNICAL PROPOSAL
____________________________________________________________________________________ 14
McAfee Agent
McAfee® Agent is the client-side component providing secure communication between McAfee ePolicy
Orchestratoand managed products. It also serves as an updater for McAfee products. Systems can be managed
by the McAfee ePO server only if they have an agent installed. While running silently in the background, the
agent:
• Installs products and their upgrades on managed systems.
• Updates security content such as V3 DAT* files associated with McAfee® Endpoint Security.
• Enforces policies and schedules tasks on managed systems.
• Gathers information and events from managed systems, and sends them to McAfee ePO.
* Virus definition or DAT files contain virus signatures and other information
that McAfee anti-virus products use to protect your computer against existing
and new potential threats. DAT files are released on a daily basis. We also
release new DAT files when any threat is assessed by McAfee Labs to have a
medium or higher risk. To ensure that your anti-virus software can protect your
system or network against the latest threats, you must ensure you are using
the most recent DAT files.
The McAfee Agent is not a security product on its own; instead it communicates
to all McAfee and partner security products and passes the information to and
from the McAfee ePO server. Once a McAfee Agent is installed on a system, it
is used to update most products on that client.

15. TECHNICAL PROPOSAL
____________________________________________________________________________________ 15
Optional Components
Threat Intelligence Exchange (TIE)
McAfee Threat Intelligence Exchange (TIE) is a system where reputation information about files and certificates
is shared in real time to endpoints running Endpoint Security (ENS) and network devices, such as McAfee’s
Intrusion Prevention System (IPS), McAfee Enterprise Security Manager (McAfee ESM), McAfee Web Gateway,
and McAfee Advanced Threat Defense (McAfee ATD), all communicating on the Data Exchange Layer (DXL). This
allows all participating devices on the DXL to instantly receive information on recently convicted files andor
reputation changes of files in the environment.
Put another way, TIE is a system that not only detects unknown malware sooner, but also distributes that
information to connected devices which can then take action to block it. Knowledge obtained from a single
encounter with new malware is automatically shared, and defense mechanisms modified to provide new
protection within the environment in a matter of seconds.
TIE is specifically designed to provide protection against targeted and zero-day (unknown) attacks. It is not just
an early warning system, but also an early protection system. For example, information on a new threat
discovered at the gateway can be passed to endpoint systems, which in turn dynamically augment their
defenses.
McAfee Advanced Threat Defense (ATD)
McAfee Advanced Threat Defense (ATD) is an on-premise and virtual appliance that facilitates detection and
prevention of malware.
Advanced Threat Defense provides protection from known, near-zero day, and zero-day malware without
compromising on the quality of service to your network users. Advanced Threat Defense has the added
advantage of being an integrated solution. In addition to its own multi-level threat detection capabilities, its
ability to seamlessly integrate with other McAfee security products, protects your network against malware and
other Advanced Persistent Threats (APTs).
Tight integration is also available with other security solutions and support for open standards enables
immediate sharing of threat intelligence across the entire infrastructure—including multivendor ecosystems—
to enhance zero-day threat protection, reduce time from encounter to containment, and speed post-attack
investigation. This enables to:
• Minimize time-consuming manual intervention when threat intelligence is shared among products.
• Streamlined workflows enable efficient alert management through a single interface.
• Support for STIX over TAXII and OpenIOC open standards for indicators of compromise and threat
intelligence output and sharing, further enhances integration in a mixed environment.

16. TECHNICAL PROPOSAL
____________________________________________________________________________________ 16
McAfee Customer Success Group (CSG)
The McAfee Customer Success Group (McAfee CSG) encompasses three
groups, united as one—technical support, consulting services, and
education services—all focused on proactively ensuring you achieve your
desired security outcomes through your deployment and use of McAfee
solutions. Our mission is simple: we are dedicated to helping you
successfully deploy and use McAfee solutions, manage your operational risk
and see a sustained value over time. From deployment services and
proactive account management to self-help resources, communities, and
on-call expert assistance, the McAfee Customer Success Group delivers the
people, processes, tools, and technology to ensure that you achieve the
security outcomes you want.
Technical Support
At McAfee, we have a passion for security and that extends to our McAfee Customer Success and Customer
Service. Regardless of the size of your business, McAfee offers highly trained and certified security professionals
who can provide the right information, tools, and programs. Our goal is to address potential issues quickly and
efficiently to help you combat today’s threats so you can focus on the demands of your business.
Our programs are tailored to meet the needs of a Small Business through to the largest Fortune 500 companies.
• McAfee Business Support – 24/7 Support by Phone and online Service Portal
• McAfee Enterprise Support – Direct access to expert Technical Support Engineers and an assigned Support
Account Manager
Our Customer Success Plans transform traditional technical support by providing a comprehensive roadmap
combining solution and Foundstone services, education/training, and technical support with personalized
management and tools. Plan your security strategy, maintain your solutions, manage your operational risk, and
see a sustained value over time with a plan that enables you to successfully deploy, manage, and optimize
McAfee products and solutions, turning your security into a business driver. All Customer Success Plans provide
direct access to expert Technical Support Engineers for technical issue resolution.
• McAfee Premier Success Plan includes integrated Professional Services committed to helping you maximize
your security investments across people, process and technology so that they deliver the desired value over
time; on-demand eLearning courses and instructor-led training. Product based solution services options,
delivered by consultants, including technical assessments, upgrade assessments, design reviews and
optimization services. Solution Advisory options include custom workshops to address timely topics such as
data privacy and cloud security. The Premier Success Plan also includes the services of an assigned Customer
Success Manager* (CSM) and an Assigned Technical Contact (ATC), who complements strategic programs
with breaking issues and threat trends and streamlines escalation and situation management. (*A Resident
Customer Success Manager option is available in the Premier Success Plan)
• McAfee Enhanced Success Plan also includes integrated Professional Services, on-demand eLearning, and
product-based solution services options including technical assessments, upgrade assessments and design
reviews. The Enhanced Success Plan also includes the services of an assigned Customer Success Manager
(CSM).
• McAfee Essential Success Plan targeted for medium-size businesses; helps you succeed at being on top of
your network security challenges. The plans provide a strategically packaged set of services designed to help
you optimize solutions, manage risks, and sustain value. The Essential Success Plan includes the services of
a Support Account Manager (SAM) who serves as the point of contact for escalation management of
technical issues.

17. TECHNICAL PROPOSAL
____________________________________________________________________________________ 17
Support Options and Offerings
CUSTOMER SUCCESS PLANS
OFFERINGS BUSINESS ESSENTIAL ENHANCED PREMIER
Daily Product Updates
Product Upgrades
24/7 Support by Phone, Web & Remote Desktop
Malware Analysis Service & Remediation Analysis
Online Service Portal
Best Practice Videos & Guides
Support Notification Service (SNS)
Direct Access to Technical Experts
Service Request Prioritization
Contacts Authorized to Engage with TSE1 15 25 Unlimited
Support Account Manager (SAM) - -
Customer Success Manager (CSM)2
Assigned Technical Contact (ATC) -
Success Planning with the CSM
Business Reviews
Professional Services and/or Advisory Services3 1 Health Check 1 Week 4 Weeks
Educational Services 30 Vouchers 80 Vouchers 280 Vouchers
eLearning Subscriptions
Onsite Technical Support Assistance4 2/Year 6/Year
1. McAfee Technical Support Engineer.
2. Resident Customer Success Manager option available.
3. Subject to regional availability.
4. Subject to Terms & Conditions. Regional variations may apply.
Service Level Goals (SLG)
Support Requests (SR) are assigned a SR number to manage the resolution of the issue. We attempt to resolve
every issue on the first interaction. Unresolved customer issues are evaluated based on severity and priority of
the reported issue. Based on this information, SRs are assigned an impact level value.
BUSINESS Severity 1 Severity 2 Severity 3 Severity 4
Initial Response 30 Minutes 60 Minutes 8 Hours 1 Business Day
Update Frequency
At least once per
hour unless agreed
otherwise with the
customer
At least twice per
day unless agreed
otherwise with the
customer
Negotiated with
the customer
Negotiated with
the customer
CUSTOMER SUCCESS Severity 1 Severity 2 Severity 3 Severity 4
Initial Response 15 Minutes 30 Minutes 4 Hours 1 Business Day
Update Frequency
At least once per
hour unless agreed
otherwise with the
customer
At least twice per
day unless agreed
otherwise with the
customer
Negotiated with
the customer
Negotiated with
the customer
Note: The Service Level Goals reflect business hours and days
The frequency you should be contacted about the status of a Service Request will be agreed between you and
the Technical Support Engineer during initial contact and at each communication interval. This will be discussed
and agreed based on the individual needs and availability of the customer, as well as the time it is likely to take
to complete the next action.

18. TECHNICAL PROPOSAL
____________________________________________________________________________________ 18
Severity Levels
A severity code is associated with Service Requests to indicate the impact and the urgency of the request.
LEVEL DESCRIPTION
Severity 1
Severe Issue or
Business Wide
Impact
This would be a very serious issue or business wide impact with the issue.
• Example: McAfee ePO is down, Web Gateway is blocking all customer traffic
• There is no viable workaround
Severity 2
Major Issues or
Large Impact
This is a major issue or where a large number of users are impacted.
• Example: Regional office not in a secured posture due to McAfee ePO is not functioning, DLP
policy is causing the Executive Staff to be not able to use USB drives
• There is no viable workaround
Severity 3
Minor Issue or
Small Impact
This is a minor issue or small number of users impacted.
• Example: Few users unable to authenticate to Drive Encryption, Data Loss Prevention rule
requiring justification for a few users but not stopping business activities.
Severity 4
General Questions
This is a question without impact on business operations. This may be around documentation or
Knowledge Base entries.
• Example: Looking for Best Practices, Reference Configurations, clarification on entries in KB
or Product Guide.
• Product Enhancements Requests

19. TECHNICAL PROPOSAL
____________________________________________________________________________________ 19
Consulting Services
With today’s security teams needing day-to-day security management and maintenance, they don’t have the
bandwidth to learn every aspect of a product and how it can help their organization handle cyberthreats and
attacks more effectively and efficiently. This lack of resources and time puts enterprises at greater risk,
potentially resulting in a weakened security posture, financial loss, and negative impact on company reputation.
Trust matters. With over 30 years’ experience in cybersecurity, McAfee is dedicated to keeping the world safe
from cyberthreats. Purchasing the right tools is just the beginning. Making full use of the tools you have is vital
to achieving your security goals.
McAfee Consulting Services are delivered by our team of trusted Professional Services consultants who have
collective decades of product and security expertise across various industries. Among McAfee consultants are
respected instructors, speakers at major conferences, and security-certified professionals.
Our professionals are highly qualified and trained consultants who help you get the most out of your McAfee
security products and design strong security programs, so you can reach new levels of performance. We help
you gain a deeper, broader use of your McAfee technologies and products across the full lifecycle and strengthen
your security posture and cyber resilience.
At McAfee we believe that the whole system, together, is far more powerful than sum of the parts. Working
with McAfee Professional Services, you can expect expertise, ecosystem, extensive portfolio, and efficiency.
To help you use our products effectively and achieve your security goals, McAfee offers a broad-based consulting
services portfolio consisting of two distinct practice areas: McAfee Solution Services and McAfee Advanced
Cyber Threat Services.
• McAfee Solution Services are a group of product-related services which help ensure your security
products are effectively deployed, integrated, assessed, and optimized in alignment with your security
strategy.
• McAfee Advanced Cyber Threat Services are a group of strategic, hands-on security services which
help you design strong security programs and enforceable policies for your enterprise.

20. TECHNICAL PROPOSAL
____________________________________________________________________________________ 20
McAfee Solutions Services
McAfee Solution Services enable you to gain a deeper, broader use of your McAfee technologies and products
across the full lifecycle of your technology. Our experienced product consultants and ecosystem of experts help
you realize the full value of your security solutions and avoid the challenges that can lead to unexpected risks.
If you don’t have the right talent at the right
time, we help you make sure your security
products are effectively deployed,
integrated, assessed, and optimized in
alignment with your security strategy.
During our process we provide a gap
analysis, so you can understand the current
state of your security, where you are going,
and how to get there. We offer customized
services for businesses of all sizes—
addressing the simplest to the most
complex requirements.
McAfee is committed to strengthening your security posture and maximizing your return on investment. Using
our proven Solution Services Methodology, we provide a path to help you reach new levels of performance,
while driving down risk and cost by automating security processes and progressively enhancing policies and
procedures.
McAfee's methodology leverages best current security practices, including International Organization for
Standardization (ISO), Information Technology Infrastructure (ITIL), and PCI standards to ensure that your
customers' security investments provide the best security posture while minimizing total cost of ownership and
risk.
Methodology
1. Step 1: Strategize
• Develop vision
• Security posture goals and initiatives
2. Step 2: Consolidate tasks into action plan
• Mature tasks to set goals
• Define project elements and timeframes
3. Step 3: Design
• Customize solution for environment
• Draft functional elements and procedures
4. Step 4: Implement
• Pilot to production deployment
• Managed process
5. Step 5: Operate
• Knowledge transfer
• Realize goals
6. Step 6: Optimize
• Health checks
• Efficiency audits
7. Step 7: Strategize
• Refine vision
• Update security posture goals and initiatives

21. TECHNICAL PROPOSAL
____________________________________________________________________________________ 21
McAfee Advanced Cyber Threat Services
McAfee Advanced Cyber Threat Services help you find the best ways to establish and maintain a strong security
posture. The services include identifying network and application vulnerabilities, providing remediation
recommendations and actionable threat intelligence, and designing strong security programs and enforceable
security policies.
If you need to be better prepared to
combat emerging threats and defend
valuable corporate assets, our domain
security experts act as trusted partners to
deliver independent, strategic guidance.
McAfee also offers a resident consultant
option. *
Acting on your behalf as a trusted advisor,
the resident consultant spends one to five
years on site helping
you advance your business strategies,
manage your solutions, and drive your
agenda internally at McAfee.
* Resident consultant subject to change.
Practice Brief
• Data Protection
Includes one-on-one interviews with key stakeholders, a high-level review of your current policies,
directives, risk management program documentation, and information security governance materials. It
helps gain control over sensitive data, reduce the cost of data breaches, and achieve greater visibility into
how data is used across your organization.
• Threat Intelligence
Receive intelligence deliverables in the form of queries of samples, domains and IP addresses; bulk queries,
static or dynamic analysis of samples, domains or IP addresses; pivots on currently tracked campaigns;
malware reversing. Social network analysis high impact event analysis.
• McAfee “as a service”
Receive a full service which includes real time, 24/7 monitoring and management of the security devices
located on your premise. These services include configuration, management, and support of your current
security device and rapid response to threats.
• Sec Ops
Identifies and uncovers operational challenges in your environment providing the ability to assess the
maturity of their security operations in terms of tools, technologies and/or processes.
• Incident Response
Work with experts who will help reduce the risk of cyberattacks, extend your team, maximize your ROI and
conquer complex breaches.

22. TECHNICAL PROPOSAL
____________________________________________________________________________________ 22
Education Services
Like many enterprises, you struggle to keep pace with the increasing volume of rapidly evolving threats. Limited
time and a skills shortage make it difficult to optimize your current McAfee solutions and adopt others that you
need to further your security goals and desired outcomes. The McAfee Education Services portfolio provides
flexible, cutting-edge training options delivered by our seasoned security experts. We help accelerate, improve,
support, and boost your IT administration and security capabilities. A fully trained staff makes for a more secure
organization.
Training Methods
Guided on-demand training
• Get comprehensive and focused multimedia training in a variety of ways, from experienced instructors, in
a self-paced environment, while at your desk, saving time and travel costs.
• Virtual, on-demand coursework
• Full immersive training experience from experts
• Recorded instructor presentation
• Use-case scenarios from McAfee best practices and experiences
• Hands-on lab exercises
• Community support
• Email access to instructor
Instructor-led training
• Get comprehensive and focused in-person classroom training from experienced security instructors.
• Instructor-led training at a public site or private classes at your location
• Full immersive training experience from experts
• Network with other cybersecurity industry professionals
eLearning training
• Gain knowledge at your desk and on your schedule.
• McAfee solution training on demand
• Self-paced modules, anytime, anywhere
• Option of adding hands-on lab exercises for deeper learning

23. TECHNICAL PROPOSAL
____________________________________________________________________________________ 23
Product Training
To gain maximum value from your McAfee solutions, you need expertly trained staff to configure and manage
your McAfee solutions more efficiently, and optimally safeguard your critical data. You also need your staff on-
site, doing their job. Now, you can have both. McAfee offers a wide range of hands-on product training courses
to help you design, set up, configure, and manage your McAfee solutions. Delivered in classrooms and online,
our courses help you make the most of your product investment.
McAfee Application Control and McAfee Change Control Administration (8.0)
The McAfee Application Control and McAfee Change Control Administration course from McAfee Education
Services provides in-depth training on the tools you need to efficiently install, configure, operate, and
troubleshoot issues relating to McAfee Application Control and McAfee Change Control to safeguard intellectual
property and ensure compliance.
The course details how this solution uses McAfee ePolicy Orchestrator (McAfee ePO) software for centralized
management. It also explains how to use McAfee Application Control’s dynamic whitelisting to ensure that only
trusted applications run on devices, servers, and desktops and how to use McAfee Change Control to monitor
and prevent changes to the file system, registry, and user accounts
https://www.mcafee.com/enterprise/en-us/assets/course-descriptions/cd-application-change-control-administration.pdf
Security Training
Security training courses focus on building security software and applications, assessing vulnerabilities, and
gaining critical computer forensics skills to help your IT professionals become proficient in developing best
practices for implementing your security strategy. Security training is only offered through instructor-led training
in private classrooms.

24. TECHNICAL PROPOSAL
____________________________________________________________________________________ 24
System Requirements
The system requirements have been provided based on requirement for a single McAfee ePolicy Orchestrator
(ePO) to manage <10,000 endpoints and servers.
For the latest important sizing recommendations from McAfee, please visit KB571370.
McAfee ePolicy Orchestrator
COMPONENT REQUIREMENT
Processor (CPU) 4 CPU minimum
Memory (RAM) 8 GB minimum
Hard-Disk 300 GB
Operating Systems Windows Server – 2008 R2, 2012, 2012 R2, 2016, 2019
Browser • Safari 10 and later (on Mac OS X)
• Chrome 51 and later
• Microsoft Edge
• Microsoft Internet Explorer 11 and later
• Firefox 45 and later
Database Microsoft SQL Server 2012, 2014, 2016, 2017
Virtual Infrastructure • VMWare ESXi 5.1, 5.5, 6
• Microsoft Hyper-V Server 2008 R2, 2012, 2012 R2, 2016
• Citrix XenServer 6, 6.2
For the latest information on the supported platforms, environments, and operating systems for McAfee ePolicy
Orchestrator, please visit KB51569.
Microsoft SQL Server
COMPONENT REQUIREMENT
Processor (CPU) 4 CPU minimum
Memory (RAM) 16 GB minimum
Hard-Disk 1 TB
Version Microsoft SQL Server 2012, 2014, 2016, 2017
Performance (IOPS) -
Database Microsoft SQL Server 2012, 2014, 2016, 2017
Please note ePO provides high availability for server clusters with Microsoft Cluster Server (MSCS) software.
Also, McAfee supports ePO installations where the ePO database itself is stored on a clustered instance of SQL.
Clustering the SQL Database Server is done at the SQL Server level and is not specific to the ePO database. For
details about how to configure an SQL Database Cluster, please refer to Microsoft.
McAfee Agent Handler
COMPONENT REQUIREMENT
Quantity 0
Processor (CPU) 0
Memory (RAM) 0
Hard-Disk 0
Operating Systems -

25. TECHNICAL PROPOSAL
____________________________________________________________________________________ 25
McAfee Agent
COMPONENT REQUIREMENT
Processor (CPU) 1 GHz (minimum) Pentium-class processor
Memory (RAM) 512-MB RAM (minimum)
Hard-Disk 50 GB
Operating Systems • Windows Desktop – 7, 8, 10 (for McAfee Investigator)
• Windows Desktop – XP, Vista, 7, 8, 10
• Windows Server – 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
• Apple macOS – 10.9 onwards
• Limux – Amazon Linux AMI, CentOS, Debian, Fedora, OpenSUSE, Oracle
Enterprise Linux, RHEL, SUSE Linux Desktop, SUSE Linux Enterprise, Ubuntu
Virtual Infrastructure • VMWare ESX, Workstation, Server, Player
• Microsoft Hyper-V Server
• Citrix XenServer, Citrix XenDesktop
For the latest information on the supported platforms, environments, and operating systems for McAfee Agent,
please visit KB51573.
McAfee Application Control Client
COMPONENT REQUIREMENT
Software McAfee Agent
Software (Management) McAfee ePolicy Orchestrator
Operating Systems • Windows Desktop – 7, 8, 8.1, Embedded 8/8.1, 10, 10 IoT
• Windows Server – 2008, 2008 R2, 2012, 2012 R2, 2016
• RHEL, CentOS, OL - 5,6, 7
• SLES – 11
• SLESD – 11, 12
• openSUSE – 10, 11
• Ubuntu – 12.04, 14.04, 16.04
• AIX 6.1, 7.1
For the latest information on the supported platforms, environments, and operating systems for McAfee
Application Control, please visit KB87944.

26. TECHNICAL PROPOSAL
____________________________________________________________________________________ 26
Optional Components
McAfee Threat Intelligence Exchange (TIE)
COMPONENT REQUIREMENT
Quantity 1
Processor (CPU) 1 CPU x 8 Cores minimum
Memory (RAM) 16 GB minimum
Hard-Disk 120 GB (thick-provisioning)
Operating Systems • McAfee Linux Operating System (MLOS)
• OVA and ISO Package
• VMware, Microsoft Windows Hyper-V
For the latest information on the supported platforms, environments, and operating systems for McAfee
Application Control, please visit KB83368.
McAfee Advanced Threat Defense (ATD)
Hardware Appliance
The McAfee ATD requires the proposed hardware appliances and is managed entirely through a web interface.
Appliance Models
• McAfee ATD-6100 – 59 Analyzer VMs
• McAfee ATD-3100 – 29 Analyzer VMs
The minimum requirements for a host connecting to the ATD are:
COMPONENT REQUIREMENT
Operating Systems • Windows Desktop - 7, 8, 8.1, 10
• Windows Server - 2003, 2008, 2012, 2016
Browser • Mozilla Firefox - Version 54.0 to 56.0
• Google Chrome - Version 59 to 62
• Microsoft Internet Explorer - Version 6.x to 11

27. TECHNICAL PROPOSAL
____________________________________________________________________________________ 27
Virtual Appliance
COMPONENT REQUIREMENT
Quantity 1
Processor (CPU) 16 vCPU
Memory (RAM) 32 GB minimum
Hard-Disk 750 GB (VMware ESXi), 400 GB (Hyper-V)
Operating Systems • McAfee Linux Operating System (MLOS)
• OVA and VHDX
• Hypervisor:
o VMware ESXi 5.5 server: Hardware version 9, 10
o VMware ESXi 6.0 server: Hardware version 9, 10, 11
o VMware ESXi 6.5 server: Hardware version 9, 10, 11
o Microsoft Hyper-V
Physical Network Interface 1 (E1000); You can configure 2 interfaces for a separate malware interface.
Virtual Network Interfaces 1 Management interface. You need to add a second virtual network interface
manually, if a separate malware interface is required.
Physical system Setting Enable Virtualization Technology option in BIOS.
For the latest information on the supported platforms, environments, and operating systems for McAfee
Advanced Threat Defense please visit Business Product Documentation.
Analyzer VMs
Advanced Threat Defense uses secure virtual machines, or analyzer VMs, for dynamic analysis. During dynamic
analysis, Advanced Threat Defense executes suspicious files in the analyzer VM, then monitors the file behavior
for malicious activities.
For the latest information on the supported platforms, environments, and operating systems for McAfee
Advanced Threat Defense Analyzer VMs please visit Business Product Documentation.

28. TECHNICAL PROPOSAL
____________________________________________________________________________________ 28
Solution Offering
Software Licenses and Appliances
SOFTWARE DESCRIPTION METER QTY
MAC McAfee Application Control for PCs Node
MAC McAfee Application Control for Servers Server
Please note that the McAfee ePolicy Orchestrator (ePO) is included with the above licenses.
Optional Components
SOFTWARE DESCRIPTION METER QTY
TIE
• McAfee Threat Intelligence Exchange
• McAfee Data Exchange Layer
Node
Please note that the McAfee ePolicy Orchestrator (ePO) is included with the above licenses.
APPLIANCE DESCRIPTION METER QTY
ATD McAfee Advanced Threat Defense 3100/6100 Unit
vATD McAfee Virtual Advanced Threat Defense Appliance - ATD-VM1008 Virtual Server
Professional Services
SERVICES DESCRIPTION METER QTY
MFE McAfee Consulting Services: Solution Services Day/Hour
PARTNER Partner Professional Services Day/Hour
Technical Support
SERVICES DESCRIPTION METER QTY
MFE McAfee Customer Success Plan – Premier/Enhanced/Essential Year
PARTNER Partner Annual Maintenance Contract (AMC) Year
Education Services
SERVICES DESCRIPTION METER QTY
MFE
McAfee Education Services: Instructor-led Training
• 2/3/4/5 Day
• 6 Students
User/Voucher