7 Replies Latest reply on Jun 8, 2017 5:40 AM by secnubs

    McAfee Active Response

    secnubs

      Hi,

       

       

      Just want to have a better understanding on Active Response. I've already read on the internet some docs. Just need a profesional opinion on how this machine really works. I know that the pre-requisite are ePO and Mcafee Agent, can it run only having those two components?. Right now I only have ePO 5.1.2 and a Mcafee Agent 5.0.5.

       

       

      Hope someone with the experience on Active Reponse read my post

        • 1. Re: McAfee Active Response
          catdaddy

          Moved to  Business > Active ResponseDiscussions

          For better assistance and better exposure.

          1 of 1 people found this helpful
          • 2. Re: McAfee Active Response
            syedali

            Hi

             

            Please follow the below guide

            McAfee Active Response Getting Started Guide

            1 of 1 people found this helpful
            • 3. Re: McAfee Active Response
              secnubs

              Thanks, but I already read the guide, and I still not quite sure how will this benefit our company

              • 4. Re: McAfee Active Response
                syedali

                Why will it not benefit when it's made to thwart most of the advanced persistent threats and block zero day attacks. Active response along with TIE is harcoded with great intelligence to monitor your environment.

                 

                McAfee Active Response discovers, detects, and responds to previously unseen threats. Active Response offers real-time visibility of endpoint data and immediate operation on endpoint systems. Out of the box, Active Response provides built-in data collectors, triggers, and reactions to get started right away. Also, incident responders can easily introduce custom content for specific usage. These powerful features increase system management capabilities while reducing time and cost, and will ensure that your organization will be able to discover, detect, and respond in a far more efficient manner than before.

                 

                     Discover

                 

                      Use Active Response to look for incidents. Its search and data collectors produce actionable information by exploring data.

                  • Discover weaknesses in your network endpoints.
                  • Prepare for planned protection activities.
                  • Identify data flows and patterns.
                  • Learn what to include in security policies.

                     Detect           Use Active Response to detect threats when systems are compromised. Its triggers and reactions catch threatening events on the spot, and react immediately.

                  • Monitor the network for your custom indicators of compromise.
                  • Catch known threats automatically, and react accordingly.
                  • Assess needs for data protection based on ongoing data flow.

                     Respond           Use Active Response to stop threats when they are detected. You can take immediate action on affected endpoints.

                  • Contain compromising events by acting on endpoints remotely.
                  • Minimize impact by automatically reacting to detected threats.
                  • Build code to run on compromised systems
                2 of 2 people found this helpful
                • 5. Re: McAfee Active Response
                  secnubs

                  "Why will it not benefit when it's made to thwart most of the advanced persistent threats and block zero day attacks. Active response along with TIE is harcoded with great intelligence to monitor your environment." - this is the kind of response i've needed, with this I need a TIE for Active response to be used properly. Therefore my present ePO alone cannot used Active response without (DXL,TIE, Cloud Storage and Endpoint Security) products right?

                   

                   

                  • 6. Re: McAfee Active Response
                    syedali

                    Yeah, You got it right. You would need to integrate the same.

                    • 7. Re: McAfee Active Response
                      secnubs

                      Nice thank you I've got what I needed

                      1 of 1 people found this helpful