4 Replies Latest reply on Apr 5, 2017 8:50 AM by Troja

    TIE & McAfee ePO

    karthik.chinnasamy@wipro.com

      I have installed the TIE server and its communicating to the McAfee ePO server.

       

      What should i do next for reputations ?  Is there anything to be done in TIE server ?

       

      Please advice me ! Thanks in advance

        • 1. Re: TIE & McAfee ePO
          Richard Carpenter

          Moved to TIE for better support

           

          Rich

          McAfee Volunteer Moderator - Business Products

          • 2. Re: TIE & McAfee ePO
            VriendP

            I would recommend to read the product guide for both TIE and DXL to find out what your next steps should be. If you want to go with the express method, you could go for the TIE POC Guide, it has a pretty straightforward procedure for installation of TIE and DXL. Google it.

             

            Have to warn you though, it's outdated (2014). To be honest, there really is no substitute for reading the product documentation.

            • 3. Re: TIE & McAfee ePO
              Richard Carpenter

              You can find the product guides in the Knowledgebase

               

              TIE Server Product Guide

              DXL 3.0.1 Product Guide

               

              Rich

              McAfee Volunteer Moderator - Business Products

              • 4. Re: TIE & McAfee ePO
                Troja

                Hello karthik.chinnasamy@wipro.com,

                TIE is not only a product, much more TIE is also a strategy. TIE is one possible Information storage. If you are using TIE, i think so, you have also installed DXL Brokers (or DXL Service on TIE), DXL Client (Extension) in EPO, DXL Client on the endpoint.

                 

                WIth this infrastructure now the McAfee components are sharing Information using the DXL fabric. It gives you more Information about your Environment, because you can take a look which unknown Code has been executed in your Environment. Also the reaction time is reduced to a Minimum. If you figure out a file which may be malicious you can block it within a second in your whole environment.

                Also DXL is now OpenDXL and you can share Information with "non McAfee security products".

                The next step is to "enrich" your data (like in a SIEM product) in TIE. This could be based on virustotal.com Information or any other source.

                 

                How about using a MISP Environment, doing Threat Information sharing using STIX/TAXII. All of this is possible, where TIE is a part of it. How about connecting a Checkpoint Firewall. How about connecting Proxy Systems. How about connecting a SIEM solution?? .... so much useful opportunities. :-)

                So finally, TIE is not only a product, it is also an Approach, a strategy.....

                 

                One thing is important from my side, you will see much unknown Code in TIE. Do not start to figure out the Reputation of any file, you will never finish that. But, if you want ro reduce the Grey in TIE the following links may be useful.

                 

                 

                Hope this helps,

                Cheers