1 Reply Latest reply on Nov 24, 2015 8:22 PM by andy777

    ATD Implementation

    sudhisudarsanan

      Hi Team,


       

      Currently we are implementing ATD, in our Organisation, before the implementation phase i have couple of concerns regarding the same, Currently we do not have McAfee epo and IPS, McAfee Network gateway etc. we do have Symantec endpoint protection, web-sense web-security gateway, Symantec email protection.


      is there any detailed document available for integrate NON-MCAFEE devices with ATD, can you please share the same.


      Thanks

      Sudheesh


        • 1. Re: ATD Implementation
          andy777

          I believe the ATD requires a McAfee device to automatically feed binaries otherwise you're running in what the manual calls Standalone mode:

           

          Standalone deployment — This is a simple way of deploying McAfee Advanced Threat Defense. In this case, it is not integrated with other externally installed McAfee products. When deployed as a standalone Appliance, you can manually submit the suspicious files using the McAfee Advanced Threat Defense web application. Alternatively, you can submit the samples using an FTP client. This deployment option is used, for example, during the testing and evaluation phase, to fine-tune configuration, and to analyze suspicious files in an isolated network segment. Also, research engineers might use the standalone deployment option for detailed analysis of malware.

           

          I'm a SIEM guy though so you may want to confirm with the ATD group. Thanks.