cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

McAfee Active Response

Jump to solution

Hi,

Just want to have a better understanding on Active Response. I've already read on the internet some docs. Just need a profesional opinion on how this machine really works. I know that the pre-requisite are ePO and Mcafee Agent, can it run only having those two components?. Right now I only have ePO 5.1.2 and a Mcafee Agent 5.0.5.

Hope someone with the experience on Active Reponse read my post

1 Solution

Accepted Solutions
syedali
Level 11
Report Inappropriate Content
Message 5 of 8

Re: McAfee Active Response

Jump to solution

Why will it not benefit when it's made to thwart most of the advanced persistent threats and block zero day attacks. Active response along with TIE is harcoded with great intelligence to monitor your environment.

McAfee Active Response discovers, detects, and responds to previously unseen threats. Active Response offers real-time visibility of endpoint data and immediate operation on endpoint systems. Out of the box, Active Response provides built-in data collectors, triggers, and reactions to get started right away. Also, incident responders can easily introduce custom content for specific usage. These powerful features increase system management capabilities while reducing time and cost, and will ensure that your organization will be able to discover, detect, and respond in a far more efficient manner than before.

     Discover

      Use Active Response to look for incidents. Its search and data collectors produce actionable information by exploring data.

    • Discover weaknesses in your network endpoints.
    • Prepare for planned protection activities.
    • Identify data flows and patterns.
    • Learn what to include in security policies.

     Detect           Use Active Response to detect threats when systems are compromised. Its triggers and reactions catch threatening events on the spot, and react immediately.

    • Monitor the network for your custom indicators of compromise.
    • Catch known threats automatically, and react accordingly.
    • Assess needs for data protection based on ongoing data flow.

     Respond           Use Active Response to stop threats when they are detected. You can take immediate action on affected endpoints.

    • Contain compromising events by acting on endpoints remotely.
    • Minimize impact by automatically reacting to detected threats.
    • Build code to run on compromised systems
7 Replies
Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: McAfee Active Response

Jump to solution

Moved to  Business > Active ResponseDiscussions

For better assistance and better exposure.

Cliff
McAfee Volunteer
syedali
Level 11
Report Inappropriate Content
Message 3 of 8

Re: McAfee Active Response

Jump to solution

Hi

Please follow the below guide

Re: McAfee Active Response

Jump to solution

Thanks, but I already read the guide, and I still not quite sure how will this benefit our company

syedali
Level 11
Report Inappropriate Content
Message 5 of 8

Re: McAfee Active Response

Jump to solution

Why will it not benefit when it's made to thwart most of the advanced persistent threats and block zero day attacks. Active response along with TIE is harcoded with great intelligence to monitor your environment.

McAfee Active Response discovers, detects, and responds to previously unseen threats. Active Response offers real-time visibility of endpoint data and immediate operation on endpoint systems. Out of the box, Active Response provides built-in data collectors, triggers, and reactions to get started right away. Also, incident responders can easily introduce custom content for specific usage. These powerful features increase system management capabilities while reducing time and cost, and will ensure that your organization will be able to discover, detect, and respond in a far more efficient manner than before.

     Discover

      Use Active Response to look for incidents. Its search and data collectors produce actionable information by exploring data.

    • Discover weaknesses in your network endpoints.
    • Prepare for planned protection activities.
    • Identify data flows and patterns.
    • Learn what to include in security policies.

     Detect           Use Active Response to detect threats when systems are compromised. Its triggers and reactions catch threatening events on the spot, and react immediately.

    • Monitor the network for your custom indicators of compromise.
    • Catch known threats automatically, and react accordingly.
    • Assess needs for data protection based on ongoing data flow.

     Respond           Use Active Response to stop threats when they are detected. You can take immediate action on affected endpoints.

    • Contain compromising events by acting on endpoints remotely.
    • Minimize impact by automatically reacting to detected threats.
    • Build code to run on compromised systems

Re: McAfee Active Response

Jump to solution

"Why will it not benefit when it's made to thwart most of the advanced persistent threats and block zero day attacks. Active response along with TIE is harcoded with great intelligence to monitor your environment." - this is the kind of response i've needed, with this I need a TIE for Active response to be used properly. Therefore my present ePO alone cannot used Active response without (DXL,TIE, Cloud Storage and Endpoint Security) products right?

syedali
Level 11
Report Inappropriate Content
Message 7 of 8

Re: McAfee Active Response

Jump to solution

Yeah, You got it right. You would need to integrate the same.

Re: McAfee Active Response

Jump to solution

Nice thank you I've got what I needed

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community