4 Replies Latest reply on Jun 13, 2011 5:30 PM by jsherouse

    Full Time McAfee Employee Duties?

      Hi Guys,

       

      I am new to McAfee products, as until this year I have been a SCCM admin.  I am rolling out a 12 month project within my company to deploy McAfee encryption products.  Currently we do not have a dedicated McAfee admin, as our last one left at the end of 2010.  As part of this 12 month project i need to justify to upper management the need for one full time employee to administer the McAfee environment.  What I dont really know is what kind of tasks will be undertaken by a McAfee Admin on a daily/weekly/monthly basis which would require 40 hours a week effort?

       

      Our environment has 5500 machines, EPO 4.5, Virus Scan 8.7, HIPS (only the firewall part of this is enabled so far, nothing else), and within a few months we will have EEPC, HDLP and EEFF up and running, encrypting all harddrives, and external usb media.  At this stage we are not touching email, and DVD/s.  We are not touching Network shares at this stage either.  And McAfee is not doing our Web filtering.

       

      So can I please ask for some daily/weekly monthly tasks an EPO admin would normally carry out?  How often do the servers and workstations need to be patched?  What kind of support effort is usually required to maintain a 5000 strong domain?

       

      Thanks, Any suggestions would be welcome

       

      Cheers, Sando75.

        • 1. Re: Full Time McAfee Employee Duties?
          joeleisenlipz

          I work for a McAfee Professional Services partner. In my travels I have seen a huge variety of staffing levels.

           

          First, it would be helpful to define the scope of responsiblities: architecture/design, implementation, functional testing, performance testing, user support, application/server/database maintenance, policy creation, reporting, compliance, incident response, remediation.... you get the point.

           

          Second, the number of products dictates how much time is need to keep up with new versions/patches/etc. If the McAfee admins aren't already experts with the software, double or triple this to include time for self-study, or even formal training/certification.

           

          Finally, the size of the environment matters far less than the complexity of the environment. I've done 200,000 node deployments in less than 3 days, and 15,000 node deployments that took 9 months.

           

           

          :::Hopefully obvious afterthought:::

          Most places need at least two or three people to be involved, just for redundancy (not necessarily 100%, full-time McAfee). Almost everywhere I've been these folks are considered essential staff and would be on-call 24/7.

          • 2. Re: Full Time McAfee Employee Duties?

            Hi joeleisenlipz,

             

            That is a very helpful answer thankyou.  I realise it was a bit of a vague, open ended question, but this will give me something to jot down on paper and elaborate on for upper management

            • 3. Full Time McAfee Employee Duties?

              We are a shop much like you.  We use SCCM as well, we have roughly 3000 nodes, 500 are mobile.  We have been using McAfee for ten years.  We have deployed HIPS, also only in firewall mode, we are a mix of mostly XP and moving to W7.  During all those times I spent an hour a day administering McAfee products.

              For nearly the last year I have been full time dedicated to McAfee products.  We choose EEPC 6 a year ago, at the same time we put in HDLP 9,  encrypted thumbdrives and the normal updates and troubleshooting of the products.

              In the last year we have only managed to get <300 devices encrypted, HDLP is not in any enforcement mode nor have we had an opportunity to even create rules, we have not been able to even think about the encrypted sticks, and we are still fighting encryption on a daily basis.

              We brought in Professional services for 2 weeks to suppliment the initial deployment and another contractor has been on site for 3 months doing laptop encryption.  We determined within the first week of the professional services, that there were significant issues with the products and had to re-evaluate the deployment senario.

              Deploying agents and AV is easy, and the other comments about it varies are very true.

              Once ePO is running, the rules are in place, things have calmed down then perhaps not a FTE, but I would plan on an FTE for a year, while someone determines what you are going to control with HDLP, what your firewalls should be, works through the encryption bugs.

              By the time you get an FTE ePO 4.6 and perhaps eePC 6.1 will be out and that should make life better.  If you are going down eePC 5.x route, then that product is not so buggy and you may get away with lesser staff.

              1 of 1 people found this helpful
              • 4. Re: Full Time McAfee Employee Duties?

                Just a few thoughts off the top - theres a ton more but I have limited time so:

                 

                Daily:

                Learn how to create queries and apply them to dashboards in 4.x - Use them to stay aware of whats happening in your enironment - create tickets to remediate workstations & servers that are infected. Follow up on those tickets daily.

                Test upcoming new patches / software on test workstations:plan out test, pilot, deployment, cleanup phases of upcoming ppatches and software updates according to McAfee's release schedule. Work with appropriate groups to get these updates scheduled and deployed.

                 

                Weekly:

                Run Compliance Reports from your ePO console twice a week (Tuesdays and Thursdays) for both servers and workstations, then create tickets to the appropriate groups to have the non-compliant devices remediated. Non-compliant devices are usually out of date on their dat files, outdated Agent software etc. Keep a spreadsheet with the list of non-compliant devices and their associated ticket numbers and a status for each. Change the status to closed once someone has reinstalled an ePO agent or has update a device that previousy had out dated software.

                Verify you have a database backup for the week

                Check the size of the database.