Key benefits: Flexible configuration, and ease of use
McAfee® Endpoint Security Firewall protects system resources and applications from external and internal attacks. Firewall acts as a filter between a computer and the network or the Internet. The firewall scans all incoming and outgoing traffic at the packet level. As it reviews each arriving or departing packet, the firewall checks its list of firewall rules, which is a set of criteria with associated actions. If a packet matches all criteria in a rule, the firewall acts according to the rule, blocking or allowing the packet through the firewall.
Endpoint Security firewall integrates with all security modules; Threat Prevention, Web Control, and Adaptive Threat Protection, and utilizes McAfee Global Threat Intelligence (McAfee GTI) network reputation to secure endpoints against advanced threats such as botnets, distributed denial-of-service (DDoS), and emerging malicious traffic before attacks occur.
You deploy and manage Firewall with the McAfee® ePolicy Orchestrator® (McAfee ePO™) management platform.
Endpoint Security Firewall 10.5 enhancements include the ability to:
Monitor and track Firewall activity with ePO dashboards, monitors, and reports
Block firewall traffic based on reputation, from network connections that McAfee GTI rates as high risk
Automate Firewall actions and configure automatic responses to threat events
Endpoint Security Firewall fully integrates with McAfee ePolicy Orchestrator, or ePO Cloud - single management solutions for configuration, delivery and enforcement of firewall related policies, or can be managed locally using the local client interface.
Configure Firewall policies using McAfee ePolicy Orchestrator, ePO Cloud, or locally, using the local client interface.
Define firewall rules and groups. Group firewall rules according to a work function, service, or application for easier policy management. Rule groups can be defined by network, transport, application, schedule, and location options. Make groups network or location aware to apply adapter or network specific rules, and controlling network traffic on non-corporate networks.
Define trusted networks - Trusted networks are IP addresses, IP address ranges, and subnets that your organization considers safe. Defining a network as trusted creates a bi-directional Allow rule for that remote network at the top of the Firewall rules list. Once defined, you can create firewall rules that apply to these trusted networks. Trusted networks also function as exceptions to McAfee GTI in the firewall.
Define trusted executables - Trusted executables are executables that have no known vulnerabilities and are considered safe. Trusted executables create bi-directional Allow rules for network traffic relating to that executable. Endpoint Security Firewall still monitors all trusted executables and related trusted network activity for threat and exploit prevention.
Supports user-based firewall policies
What is McAfee GTI?
McAfee GTI is a global Internet reputation intelligence system that determines what is good and bad behavior on the Internet. McAfee GTI uses real-time analysis of worldwide behavioral and sending patterns for email, web activity, malware, and system-to-system behavior. Using data obtained from the analysis, McAfee GTI dynamically calculates reputation scores that represent the level of risk to your network when you visit a webpage. The result is a database of reputation scores for IP addresses, domains, specific messages, URLs, and images.
How does firewall traffic reputation work?
When the McAfee GTI options are selected, two firewall rules are created: McAfee GTI — Allow Endpoint Security Firewall Service and McAfee GTI — Get Rating. The first rule allows a connection to McAfee GTI and the second blocks or allows traffic based on the connection's reputation and the block threshold set.
How is "network reputation" determined?
McAfee Labs GTI calculates reputation values for internet IP addresses by analyzing sending or hosting behavior, network and internet threat landscape attributes, and environmental data collected from customers and partners worldwide.
Network reputation is expressed in four classes, based on our analysis:
• Do not block (minimal risk) — Legitimate source or destination of content/traffic.
• Unverified — Appears to be a legitimate source or destination of content/traffic. However, the site also displays certain properties suggesting that further inspection is necessary.
• Medium Risk — Source/destination shows behavior that we believe is suspicious and content/traffic to or from it requires special scrutiny.
• High Risk — Source/destination is known or to or likely to send/host potentially malicious content/traffic. We believe that it presents a serious risk.
Does McAfee GTI introduce latency? How much?
McAfee GTI is performance optimized when performing reputation lookups and uses an intelligent caching architecture. In normal network usage patterns, the GTI cache resolves most wanted connections without a live reputation query.
<VIDEO LINK - coming soon>
“Securing Endpoints with Endpoint Security Firewall”