The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- Device Security, Network Security, Cloud Security
- Open Architecture
- Industry Analyst
- Services
- MVISION
- Unified Cloud Edge (UCE)
Please note all the information is based prior to Feb 2020.
3. Portfolio Overview
An Integrated And Open Security SystemTogether, Is Far More Powerful Than Sum Of The Parts
SECURITY
OPERATIONS
DEVICE CLOUD
MANAGEMENT
THREAT INTELLIGENCE
ANALYTICS
AUTOMATION / ORCHESTRATION
NETWORK
STRATEGY
Threat Defense Lifecycle Portfolio Strategy
10. Portfolio Overview
MVISION
MVISIO
NMulti Vendor InSights &Intelligence Open eNvironments
MVISION ePO
A dramatically simple cloud-based
SaaS management service.
MVISION Endpoint
Advanced augmented defense for
Windows 10 with a unified
management experience.
MVISION Cloud
Cloud-Native Data and Application
Security Across SaaS, IaaS, and
PaaS.
MVISION EDR
Powerful threat detection, investigation,
and response – simplified.
MVISION Mobile
Centrally manage and defend IOS and
Android just like any other device.
MVISION Insights
Intelligence at scale and actionable, with
detailed threat assessments .
McAfee is one of the largest pure-play cybersecurity companies in the world.
Through 30 years, we’ve grown and evolved with the market, both through organic and inorganic means.
And, during that time, we’ve listened to customers to understand where their environments are headed and how to drive successful security outcomes.
Today, we’re pleased to reintroduce McAfee – the device-to-cloud cybersecurity company – to you:
A company focused on protecting data and stopping threats…
…within the architectural control points of modernized cybersecurity environments – the device and cloud, with Security Operations providing continuous analytics, management, automation and orchestration…
…and via an open, proactive, intelligence-driven approach.
Since McAfee spun out in 2017 to create a pureplay cybersecurity company, they have sort of created a new brand. McAfee brands itself as a device-to-cloud cybersecurity company. With 30+ years of experience, it provides security SOLUTIONS to control device, network and cloud points. It strongly believes that no one person, product or organization can secure the digital world – not even McAfee.
That’s why their approach has ben deliberately different, by providing an OPEN ARCHITECTURE McAfee partners with other vendors (partners and competitors alike) to deliver customer’s a cohesive solution to a problem – the adversaries that plot against the collective digital freedom + orchestrate security components so that they to work together and present a unified, coordinated defense.
Apart from having the right solution, it is equally important to have sound security decisions around design, deployment, maintenance, risk management and education SERVICES. For this reason, McAfee provides and integrated approach to professional and solution services, training and technical support with personalized management.
Cybersecurity has now become more of a team sport, because the job is too much and too important to fly solo. No single vendor can solve all your cybersecurity challenges. You need to have all your security technologies—regardless of vendor—working together. McAfee’s tagline, “TOGETHER IS POWER” is just not a marketing call but it is an embodiment of McAfee’s own technologies working together, multivendor solutions to play well together and most importantly people (all of us) working as one team.
McAfee believes that the whole system, together, is far more powerful than sum of the parts. McAfee provides highly adaptive environments that detect a threat once and immediately protect all nodes—giving customers a proactive security posture.
The Threat Defense Lifecycle is McAfee’s key design principle
Siloed defensive technologies fail to share threat intelligence automatically. In contrast, proactive environments detect a threat once and immediately protect all other nodes from it. McAfee uses the threat defense lifecycle (protect/detect/correct/adapt) as a design principle in our portfolio roadmaps:
Protect - The goal of this Protect stage is two-part: to stop the most pervasive attack vectors while disrupting never before-seen techniques and payloads, and to derive insights that can strengthen countermeasures and inform investigators of unfolding activities.
Detect – Detect covers advanced monitoring to identify anomalous, outlier behavior to perceive low-threshold attacks that would otherwise go unnoticed. As you uncover evidence, your system should share findings to enrich decision-making throughout your security infrastructure.
Correct – Correction facilitates triage and prioritization for fluid investigation and rapid remediation. As you learn, your solution should apply insights immediately throughout a collaborative infrastructure.
McAfee’s Portfolio Strategy is one that brings an integrated, open system from device to the cloud. Our strategy is about putting controls on devices and in the cloud, and then bringing it all together at the SOC, which has different layers to it: core management, threat intelligence, analytics. Then, we believe automation and orchestration is how you bring it all together over the long term.
We will continue to cloudify products to put their control in the cloud. For example, our networking is cloud-focused in the future. We have to think of the network and the cloud becoming the same thing. That doesn't mean the network is going away, but one unique focus of ours is orienting more of our capabilities to help customers protect themselves there. We have more work, more investments to make.
Our ability to continue to make investments in areas that will help us better compete, with this strategy, is what the future will be about for us. Customers and the market are saying this is the right place to be headed, so it’s a good time to take step back and ask…how do we go faster? Execution is key in making McAfee the device-to-cloud cybersecurity company of choice in the industry.
McAfee works along with other cybersecurity vendors as part of the McAfee Security Innovation Alliance (SIA). The McAfee Security Innovation Alliance (SIA) provides customers with integrated security solutions that allow them to resolve more threats faster with fewer resources. Through the SIA program, we help accelerate the development of interoperable security products, simplify the integration of these products with complex customer environments, and provide a truly integrated, connected security ecosystem to maximize the value of existing customer security investments.
McAfee’s approach is different.
We have a clear vision of where cybersecurity is headed and how we can add value to customers by:
preventing data loss and leakage and stopping threats
doing so from device to cloud
with an open, proactive intelligence-driven approach.
We bring our customers massive scale that accompanies a 30-year history and significant footprint that serves the largest governments and companies and consumers alike.
McAfee’s offering is dividing into point products for DEVICE, NETWORK & CLOUD with some solutions being pervasive across these architectural points such as DATA SECURITY and then bringing it all together at the SOC.
With McAfee’s DEVICE security solution, organizations can combat emerging and unknown threats. This collective endpoint defenses include various antimalware techniques, including machine learning and application containment; application and device whitelisting solutions, on-device threat detection and protection for iOS and Android mobile devices and optimized security for server workloads across virtual and cloud environments. McAfee also provides an integrated endpoint detection and response solutions that provides investigation capabilities across endpoint and server environments.
The NETWORK security offerings include signature matching and layered signature-less technologies to discover and block sophisticated threats via network intrusion prevention system solutions; and secure web gateway solutions to detect and protect from web-borne attacks and controlling web traffic. These solutions are available as hardware and virtual appliances that support deployments on both on-prem and IaaS environments. A SaaS based offering is also available for secure web gateway/proxy.
Since modern IT architectures have been rapidly evolving, the CLOUD has become a new anchor for enterprise data centers and data in general. For some award-winning solution such as McAfee IPS, they are cloud-ready and available as virtual instances to provide the same level protection on your IaaS environments as for the on-prem data center. You can even protect your server and container workloads with agent-based security solutions.
Most importantly, with the proliferation of BYOD and easy-to-get cloud-native solutions, whether they are Shadow or Sanctioned, requires security solutions which are cloud-native and insight driven. Traditional security solutions do not have the visibility and control to monitor and protect these cloud resources. With the Cloud Access Security Broker (CASB) solution, you get data visibility, data loss prevention, access control and advanced threat protection features for your SaaS, PaaS and IaaS environments. McAfee’s CASB solution is part of a dedicated portfolio of security solutions build in and for the cloud called McAfee MVISION. These also include endpoint security solutions which are cloud based.
As mentioned before, few of McAfee’s solution are extraterritorial, meaning they work across control points. From a threat perspective, McAfee’s advanced persistent threat (APT) protection provides malware analysis including sandboxing an machine learning to increase zero-day threat detection. The intelligence form these detections could then be shared across other point solutions such as McAfee’s endpoint security and network security solution and to solutions of other cybersecurity vendors who work on open standards and platforms.
Moving towards the other side of security is having the visibility and control on an organizations most important asset today, DATA. Data is everywhere—in the cloud, on your network, at employees’ home offices, and on mobile devices—the risk is in the unknown. The uncertainty of where your data resides, who has access to it, and what they are doing with it, can feel like you’re flying blind. In particular, Mobile devices and cloud services shift data far off your network, making it difficult to know exactly where your critical information has landed. Cloud services may store data in locations without formal tracking to manage its movement.
McAfee’s data loss prevention solution works in conjunction with its CASB solution, providing you a single framework for your data leakage prevention program with unified policy management, response and reporting. Whether you want to discover sensitive information on endpoints, data repositories (on-network or cloud) or you would like to enforce policies such as blocking a print from the endpoint or revoking collaboration rights from SaaS applications or block downloads of sensitive files to a personal/unmanaged device, McAfee’s pervasive data protection strategy is end-to-end and can extend this ability to enforce custom cloud applications as well.
With all these different solutions in place and others in the environment there would be a shear growth of volume in security data. In order to find the right signal from the noise, any organization and specially Enterprise-level customer would eventually look into SECURITY OPERATIONS. McAfee’s portfolio of SecOps solutions include a modular and scalable SIEM solution which is build for big data and analytics. It collects, enriches, and shares data at any scale, rapidly turning events into insights, and quickly investigating and acting on identified threats. You can combine local and global threat intelligence to not only enrich McAfee’s SIEM solution but other solutions which are part of the open fabric. McAfee’s SEIM does not need to be passive, SecOps team can integrate with McAfee and non-McAfee solutions to provide response capabilities. For SecOps teams requiring a dedicated EDR solution, McAfee’s solution provides AI-guided threat investigations so SecOps can reduce alert noise and prioritize threats, this works with both McAfee and other SIEM and endpoint security solutions.
All these products and solutions come in various form factors. You can deploy them on-premise or IaaS and for some solutions McAfee provides a total SaaS based platform so you do not need to deploy the infrastructure. For example, McAfee’s management platform, ePolicy Orchestrator (ePO) provides the capability to deploy, manage policies and reports for endpoint security, mobile threat defense, integrated EDR, device & data encryption, DLP and more all from a single console and single agent. You can deploy the same management solution on IaaS; with AWS a solution template is already available, on Azure for now it has to be done manually OR if the customer requires they can go complete SaaS.
One of the elements you will see the resonates again and again is that McAfee’s belief in having an open architecture for cybersecurity. They are constantly evolving to become the leading open platform cybersecurity company in the market. With solutions from both complementary and competing third-party vendors to build integrations that are useful and just as feature rich as the integrations between our own solutions.
Since 2008, McAfee Security Innovation Alliance has been working with independent software vendors (ISVs) to build integrations that reduce the number of management consoles, provide streamlined workflows, and automate tasks. They have expanded on this open ecosystem approach by building the OpenDXL (Open Data Exchange Layer). Although anyone can learn and create integrations for their own environment, when a vendor partner’s with McAfee, it is rigorously lab-tested and certified McAfee Security Innovation Alliance partner solutions are integrated with our solutions for unified workflows and centralized management. Currently there are more than 150+ vendors who have integrations available with the McAfee line of products.
For example:
The Attivo BOTsink solution can be integrated with the McAfee’s IPS. BOTsink adds insight McAfee NSP providing detailed forensic information on attacker methods, malicious domains, and provides snort signatures based on botnet behavior that can be used to block infected systems from exfiltrating valuable company data or other malicious intent.
Although, McAfee DLP does provide a manual data classification feature, with the integration of TITUS Classification solutions with McAfee Data Loss Prevention reduces the risk of data loss by capturing users’ knowledge about the sensitivity and context of the data being transmitted, so organizations don’t have to solely rely on automated content scans. McAfee Enterprise Security Manager captures and aggregates the activities of both TITUS Classification and McAfee Data Loss Prevention for situational analysis and corresponding actions so-required. McAfee Data Exchange Layer transmits user actions with sensitive information as well as TITUS policy violations to McAfee Enterprise Security Manager in real-time, allowing for analysis and immediate policy modification to prevent insider threats. With McAfee ePolicy Orchestrator organizations can easily manage deployments of TITUS Classification to the client.
Cisco Email Security Appliance interoperates with McAfee Advanced Threat Defense to identify and forward unknown email attachments to McAfee Advanced Threat Defense for in-depth analysis and identification of potential zero-day threats.
Cisco and McAfee have interconnected their platforms and ecosystems for comprehensive visibility, threat context sharing, and real-time security orchestration based on policies. Together, we lay the foundation for a universal, unified, and nimble infrastructure for threat detection and response. With this solution, DXL brokers bridge to Cisco pxGrid Controllers for bi-directional, one-to-many communication and shared services between these fabrics. Now, high-speed messaging and automated workflows can maximize the value of contextual, threat, network, and endpoint data by sharing it with any connected application. This ground-breaking integration links two ecosystems and leverages the open source OpenDXL initiative to help enterprises reduce friction, gaps, and delays that hinder effective security operations. Truly, together is power.
This integration with IBM Resilient automatically searches McAfee TIE for reputation when IOCs and artifacts are tracked within the Resilient IRP, alerting the incident response team to significant IOCs. This ensures that security analysts can operationalize threat intelligence data in real time, allowing them to focus energy on investigation and response.
Splunk Phantom integrates with McAfee Enterprise Security Manager and McAfee ePolicy Orchestrator (McAfee ePO) to make security operations smarter, faster, and stronger. Security events ingested from McAfee Enterprise Security Manager trigger the automated execution of playbooks on the Splunk Phantom platform. Phantom Playbooks automate workflows for threat investigation, indicator hunting, containment with McAfee ePO, remediation, and other scenarios.
This idea has also been extended to the cloud, McAfee’s Cloud Access Security Broker (CASB) already provides integration with majority-known SaaS applications such as Microsoft Office 365, Teams, Google G Suite, Box, Salesforce etc but due to the adoption of cloud, applications other than productivity and CRMs are also embracing the cloud and are being embraced by the customer as well. So few months ago, McAfee introduced the McAfee’s CASB Connect. It enables any cloud service provider or partner to rapidly build API connectors to McAfee MVISION Cloud to empower enterprises to securely adopt any cloud service and enforce the same set of security policies across all cloud services. Furthermore, McAfee’s CASB also provides support for custom apps, who do not have APIs.
The McAfee Security Innovation Alliance program is a direct reflection of McAfee’s belief that “Together is Power,” and they make sure we work with our partners to create strong, successful product integrations to ensure that even stronger cybersecurity solutions are available for our customers.
https://www.mcafee.com/enterprise/en-us/about/awards.html
DEVICE
AV Comparitives: https://www.av-comparatives.org/awards/mcafee/
AV Test: https://www.av-test.org/en/antivirus/business-windows-client/windows-10/april-2019/mcafee-endpoint-security-10.6-191515/
Cybersecurity Excellence Awards:
https://cybersecurity-excellence-awards.com/candidates/mcafee-endpoint-security/
https://cybersecurity-excellence-awards.com/candidates/mcafee-mvision-endpoint/
https://cybersecurity-excellence-awards.com/candidates/mcafee-mvision-mobile/
SC Magazine: https://www.scmagazine.com/review/mcafee-mvision-endpoint-1905/
Frost & Sullivan: Best Practice Award, 2017. https://www.mcafee.com/enterprise/en-us/assets/product-reviews/prv-frost-sullivan-award.pdf
CRN: Tech Innovators Awards, Finalist 2018. https://www.crn.com/rankings-and-lists/ti2018-details.htm?c=203
The Radicati Group: Endpoint Security – Market Quadrant, 2018 – Top Player
Gartner Peer Insights: Customers Choice, 2018. https://www.gartner.com/reviews/market/endpoint-protection-platforms/vendor/mcafee/product/endpoint-security-ens
NETWORK
Gartner: Magic Quadrant, IPS, 2018 – Leaders
NSS Labs: Data Center Intrusion Prevention Systems, 2018 – Recommended
The Radicati Group: Corporate Web Security, 2019 – Top Player
The Radicati Group: Advanced Persistent Threat (APT) Protection, 2019 – Top Player
Gartner Peer Insights: Customers Choice, 2019. https://www.gartner.com/reviews/market/secure-web-gateways/vendor/mcafee/product/mcafee-web-gateway-appliance
CLOUD
Cybersecurity Excellence Awards: Cloud Security, 2019 – Leaders
Frost & Sullivan: Best Practice Award, 2018, CASB. https://www.prnewswire.com/in/news-releases/mcafee-commended-by-frost--sullivan-for-helping-companies-securely-adopt-cloud-solutions-with-mcafee-skyhigh-security-cloud-695142231.html
Garner: Magic Quadrant, CASB, 2018 – Leaders
Forrester: The Forrester Wave, CSG, 2019 – Leaders
IDC: MarketScape, CSG, 2017 – Leaders
Kuppingercole Analyts: Leadership Compass, CASB, 2018 – Overall Leader, Innovation Leader, Market Leader
The Radicati Group: CASB, 2018 – Top Player
Gartner Peer Insights: Customers Choice, 2019. https://www.gartner.com/reviews/market/cloud-access-security-brokers/vendor/mcafee/product/mcafee-mvision-cloud
https://www.scmagazine.com/home/security-news/company-news/the-winners-of-the-2019-sc-awards-honored-in-the-u-s/
PERVASIVE DATA PROTECTION
Please note that Gartner Magic Quadrant for Enterprise DLP has been retiered.
The Radicati Group: DLP, 2018 – Top Player
Gartner Peer Insights: Customers Choice, 2018. https://www.gartner.com/reviews/market/enterprise-data-loss-prevention/vendor/mcafee/product/mcafee-dlp
Intelligent Security Operations
Gartner: Magic Quadrant, SIEM, 2018 – Leaders
SC - https://www.mcafee.com/enterprise/en-us/assets/product-reviews/prv-sc-magazine-esm-5-star-rating.pdf
https://www.scmagazine.com/review/mcafee-enterprise-security-manager-3/
The McAfee Customer Success Group (McAfee CSG) encompasses three groups, united as one—technical support, consulting services, and education services—all focused on proactively ensuring you achieve your desired security outcomes through your deployment and use of McAfee solutions. Our mission is simple: we are dedicated to helping you successfully deploy and use McAfee solutions, manage your operational risk and see a sustained value over time. From deployment services and proactive account management to self-help resources, communities, and on-call expert assistance, the McAfee Customer Success Group delivers the people, processes, tools, and technology to ensure that you achieve the security outcomes you want.
Technical Support
McAfee Business Support – 24/7 Support by Phone and online Service Portal
McAfee Enterprise Support – Direct access to expert Technical Support Engineers and an assigned Support Account Manager
Our Customer Success Plans transform traditional technical support by providing a comprehensive roadmap combining solution and Foundstone services, education/training, and technical support with personalized management and tools. Plan your security strategy, maintain your solutions, manage your operational risk, and see a sustained value over time with a plan that enables you to successfully deploy, manage, and optimize McAfee products and solutions, turning your security into a business driver. All Customer Success Plans provide direct access to expert Technical Support Engineers for technical issue resolution.
Consulting Services
With today’s security teams needing day-to-day security management and maintenance, they don’t have the bandwidth to learn every aspect of a product and how it can help their organization handle cyberthreats and attacks more effectively and efficiently. This lack of resources and time puts enterprises at greater risk, potentially resulting in a weakened security posture, financial loss, and negative impact on company reputation.
To help you use our products effectively and achieve your security goals, McAfee offers a broad-based consulting services portfolio consisting of two distinct practice areas: McAfee Solution Services and McAfee Advanced Cyber Threat Services.
McAfee Solution Services are a group of product-related services which help ensure your security products are effectively deployed, integrated, assessed, and optimized in alignment with your security strategy.
McAfee Advanced Cyber Threat Services are a group of strategic, hands-on security services which help you design strong security programs and enforceable policies for your enterprise.
Education Services
Like many enterprises, you struggle to keep pace with the increasing volume of rapidly evolving threats. Limited time and a skills shortage make it difficult to optimize your current McAfee solutions and adopt others that you need to further your security goals and desired outcomes. The McAfee Education Services portfolio provides flexible, cutting-edge training options delivered by our seasoned security experts. We help accelerate, improve, support, and boost your IT administration and security capabilities. A fully trained staff makes for a more secure organization.
Product Training
To gain maximum value from your McAfee solutions, you need expertly trained staff to configure and manage your McAfee solutions more efficiently, and optimally safeguard your critical data. You also need your staff on-site, doing their job. Now, you can have both. McAfee offers a wide range of hands-on product training courses to help you design, set up, configure, and manage your McAfee solutions. Delivered in classrooms and online, our courses help you make the most of your product investment.
Security Training
Security training courses focus on building security software and applications, assessing vulnerabilities, and gaining critical computer forensics skills to help your IT professionals become proficient in developing best
practices for implementing your security strategy. Security training is only offered through instructor-led training in private classrooms.