Incident Response

cancel
Showing results for 
Search instead for 
Did you mean: 
Get in touch today

McAfee Security Connected

The recent uptick in high profile security breaches and attacks has made Incident Response a top of mind issue.

The McAfee Security Connected platform offers a broad range of incident response capabilities. You can use the Security Connected platform to baseline and harden your IT environment, and bolster your incident response capabilities by unifying and expediting your monitoring, response, and remediation processes.

  • McAfee Security Information and Event Management (SIEM)
    • McAfee SIEM receives input from a host of sources throughout the enterprise, both security and non-security related platforms (McAfee ePO, AV, HIPS, firewall, proxy, IPS, Windows/Unix/file server/Oracle/email logs, as well as many others). Additionally, its “content awareness” goes beyond simple log scraping. It fills in the gaps left by other SIEM and incident reporting solutions by adding relevant contextual data. Individual events that appear to be unrelated can take new meaning when correlated with a known attack.

      • Key Capabilities for Incident Response:
        • - Alerts based on event correlation and normalization
        • - Actionable integration with other McAfee products such as ePO, Network Security Platform, and Threat Intelligence Exchange
      Orchestrating McAfee SIEM Best Practices Guide

  • McAfee Threat Intelligence Exchange (TIE)
    • McAfee Threat Intelligence Exchange provides adaptive threat prevention and security manageability with a global reach. McAfee Threat Intelligence Exchange reaches endpoints no matter where they are and provides the means for management of threat policy, detections, and security updates and remote investigation. Security components operate as one, regardless of physical boundaries. They immediately share relevant security data between endpoint, gateway, and other security products—regardless of location—enabling adaptive threat prevention.

      • Key Capabilities for Incident Response:
        • - Identify impacted systems and “patient zero”
        • - Proactively immunize against emerging threats
        • - Remotely kill applications & processes associated with threats
        • - Actionable integration with other McAfee products such as ePO, McAfee SIEM, and Advanced Threat Defense

  • McAfee Advanced Threat Defense (ATD)
    • McAfee Advanced Threat Defense detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch antivirus signatures, reputation, and real-time emulation defenses with in-depth static code and dynamic analysis (sandboxing) to analyze actual behavior.

      • Key Capabilities for Incident Response:
        • - Automatic submission via Web Gateway, E-Mail Gateway, and Network Security Platform
        • - Automatic submission via Endpoint with McAfee Threat Intelligence Exchange
        • - Manual submission for ad hoc investigation, using both static & dynamic analysis
        • - Ability to import custom YARA rules for zero day threats
        • - Allows for Custom 64-Bit, Android and Windows Server gold images

  • McAfee ePolicy Orchestrator (ePO)
    • McAfee ePO is the centralized policy and management environment used by McAfee endpoint security products as well as many McAfee partner solutions. The McAfee ePO endpoint agent provides a wide range of information that is beneficial to managing and investigating security events.

      • Key Capabilities for Incident Response:
        • - Automated deployment of endpoint remediation
        • - Actionable integration with other McAfee products such as McAfee SIEM, Network Security Platform (NSP), Threat Intelligence Exchange (TIE)

  • McAfee Data Loss Prevention (DLP)
    • McAfee Data Loss Prevention safeguards intellectual property and ensures compliance by protecting sensitive data wherever it lives — on premise, in the cloud, or at the endpoints.

      • Key Capabilities for Incident Response:

  • McAfee Foundstone Professional Services
    • Even with security incidents and losses on the rise, many organizations don’t have a plan in place to diagnose and handle a breach. While it is unrealistic to have all the security controls to prevent every possible incident, an Incident Response (IR) Program allows you to respond quickly, and minimize damage and downtime when attacks and exploits occur. McAfee Foundstone takes a comprehensive and proactive approach to help you cover all the bases. The following service lines allow you to protect, detect, respond, and remediate. Click here to contact McAfee Foundstone today.

      • Incident Response & Forensic Services:
        • - Emergency Incident Response Services
        • - Forensic & Incident Response Education (FIRE)
        • - Forensic Investigative Services
        • - Incident Response Partner Program
        • - Incident Response Program Development
        • - SCADA Emergency Incident Response
  • 9/23/2014 >> Initial Release