Complete Endpoint Protection

Ahmed Sharaf – Managing Director, Xband Enterprises, Inc.

Malware Continues to Grow…

2

Source: McAfee Labs, 2013

Malware continues to grow and get more sophisticated…

\

0

2,000,000

4,000,000

6,000,000

8,000,000

10,000,000

12,000,000

Q12010

Q22010

Q32010

Q42010

Q12011

Q22011

Q32011

Q42011

Q12012

Q22012

Q32012

Q42012

Q12013

14,000,000

New Malware Samples

2012 new malware sample discoveries increased 50% over 2011

New malware samples grew 22% from Q4’12 to Q1‘13

Four Phases of an Attack

3

Example: Fake AV

How the attacker first crosses path with target.

First Contact

Malicious Website

Network Access

Physical Access

Unsolicited Message

How the attacker gets code running first time on target machine.

Local Execution

Configuration Error

Exploit

Social Engineering

How the attacker persists code on the system, to survive reboot, stay hidden, hide from user and security software.

Establish Presence

Persist on System

Self-Preservation

Download Malware

Escalate Privilege

The business logic, what the attacker wants to accomplish, steal passwords, bank fraud, purchase Fake AV.

Malicious Activity

Adware & Scareware

Identity &Financial Fraud

Propagation

Bot Activities

Tampering

Malicious Website

Exploit

Persist on System

Adware & Scareware

Removable Media Storage

Laptop

Desktop

ATM’s

Medical Devices

Servers (Physical and Virtual)

Databases

Storage

The Evolving Endpoint

WORKSPACE FIXED FUNCTIONDATACENTER

4

Mobile Devices Systems Management Agent

Traditional Architecture for Endpoint Security

HIPSAgent Encryption

DLPAgent

Every SOLUTION has a CONSOLE

Every CONSOLErequires a SERVER

Every SERVER requiresa OS and a DATABASE

Every OS/DB requires PEOPLE, MAINTENANCE, PATCHING

WHERE DOES IT END?

5

McAfee Endpoint Protection Platform Strategy

6

Complete endpoint security

Cloud

Application

Database

OSHW-Enhanced

Security Information and EventsRisk and Compliance

Unified Security Operations

Desktop

Laptop

Mobile

Server

Virtual

Embedded

Data C

enter

Desktop/Laptop

Windows Only

Blacklist Files

Focus on Devices

Static Device Policy

Disparate, Disconnected Management

COMPLETE ENDPOINT SECURITYFIRST-GENERATION

LOCAL EXECUTION ESTABLISH PRESENCE MALICIOUS ACTIVITYFIRST CONTACT

4 Phase Protection Methods

McAfee® SiteAdvisor®

Website Filtering

McAfee Device Control

Physical File Transfer

McAfee Desktop Firewall

McAfee Desktop Firewall

McAfee Web Gateway and McAfee Email Gateway

Web Filtering Email Filtering

McAfee VirusScan® Enterprise

On-Access Scanning File Scanning Write Blocking

McAfee Database Activity Monitor

Database Vulnerability Blocking

McAfee VirusScan® Enterprise

Rootkit Detection

McAfee Host Intrusion Prevention

Buffer Overflow Prevention Behavioral Prevention

McAfee Application Control for Servers or Desktops

Install and Execution Prevention Change Protection

7

Intel Security - A Proven Leader in Endpoint Security

8

Gartner Magic Quadrant Leader for 7 straight years!

• Placed furthest on Completeness of Vision axis

• Superior Manageability with ePO

• Next Generation Endpoint Platform

• Security Connected Vision attainable for customers

• Advancing Protection Rankings

• Comprehensive Solution

• Strength of Intel / McAfee Together

Gartner DisclaimerThis graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from http://www.gartner.com/technology/reprints.do?id=1-26F1285&ct=141223&st=sb. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Complete Endpoint Protection—EnterpriseComplete Simplicity

• Unified, open security management for all endpoints

• One solution for PC, Mac, Linux, or virtual

• Turnkey simple installation in minutes

• Use less resources to manage security with single console

Complete Performance

• Security optimized for high performance across all platforms

• Dynamic whitelisting offers a no -scanning, small desktop footprint

• Real-time visibility reducing time to reaction by 10 to 1000 times

• Smart scanning technology optimizes CPU and memory usage

Complete Protection

• The market’s broadest set of security technologies

• Proven leader in blocking exploits, evasion and stealthy threats

• Application Whitelisting shown to provide 100% protection

9

Endpoint Protection Windows & Unix AV

Mac & Linux AV

Endpoint Firewall

Host Intrusion Prevention

Application Blocking

Application Control – Desktop

Web/Messaging SecuritySiteAdvisor with Web Filter

Anti-malware Email

Data ProtectionDevice Control

Management & DeploymentePO

Complete Endpoint Protection—BusinessComplete Simplicity

• Unified, open security management for all endpoints

• One solution for PC, Mac, Linux, or virtual

• Turnkey simple installation in minutes

• Use less resources to manage security with single console

Complete Performance

• Security optimized for ultimate performance on any platform

• Real-time visibility reducing time to reaction 10x to 1000x

• Smart scanning technology optimizes CPU and memory usage

Complete Protection

• The market’s broadest set of security technologies

• Proven leader in blocking exploits and stealthy threats

10

Endpoint Protection Windows & Unix AV

Mac & Linux AV

Storage Server AV

SharePoint AV

Endpoint Firewall

Intrusion Prevention

Application Blocking

Web/Messaging SecurityAntimalware Email

SiteAdvisor with Web Filtering

Data ProtectionDevice Control

Drive Encryption

File & Removable Media Protection

Management & DeploymentePO

Complete Protection—Proven by Independent Testing

11

Collection Missed Detected Total Detected (%) Missed (%)Anti-Malware Desktop 0 4634 4634 100.000 0.000Spyware 0 1773 1773 100.000 0.000Trojan 0 910 910 100.000 0.000Overall 0 7317 7317 100.000 0.000

VSE On-Access, HIPS, and Dynamic Application Control

Source: Westcoast Labs 2012

Exploit Evasion CombinedMcAfee 97% 100% 99%Symantec 91% 100% 96%Sophos 88% 97% 93%Kaspersky 92% 92% 92%F-Secure 79% 88% 84%Microsoft 65% 100% 83%AVG 76% 88% 82%ESET 71% 92% 82%Trend 73% 53% 63%Norman 47% 75% 61%Panda 41% 75% 58%

Combined Detection Rates

Source: NSS Labs 2013

• Complete Data Protection• Encryption• Native Encryption Management• DLP: Endpoint and Network

DataProtection

Broad Solution Coverage for Enterprise Problems

12

• Data Center Suites• Application Control for Servers• MOVE (McAfee Optimized for Virtual Environments)• Database Security

ServerProtection

• Policy Auditor • Risk Analytics

RiskManagement

• ePO Deep Command• ePO Cloud

Security Management

For More Information: www.McAfee.com/endpoint

On The Web

Third Party Reviews

Whitepapers and Solution

Briefs

Four Phases Video

www.mcafee.com/endpoint

13

#1 in Exploit and Evasion Protection.Complete Protection

Complete Performance, Protection, Simplicity

14

Dynamic Whitelisting, Smart Scanning, Dynamic Risk Assessment.

Complete Performance

McAfee leads in Management, Scalability and Reaction time. Complete Simplicity

ePolicy Orchestrator McAfee ePolicy Orchestrator (McAfee ePO) Security Management Platform for unified management of endpoint, network, and data security.

• End-to-end visibility• An open, extensible architecture• Proven efficiencies

16

• Personalized Command Center

• Drag-and-Drop Dashboards and Actionable Reports

• Role-based Access Control• Powerful Workflows

• Enterprise-ready • Extensible Framework

Complete Management

McAfee Application Control for Desktop

17

McAfee Application Control software provides complete protection from unwanted applications and code—blocking threats without requiring signature updates.

• Protect against zero-day and APTs without signature updates• Strengthen security and lower ownership costs with dynamic whitelisting • Automatically accept new software added through your authorized processes• Provide flexibility to desktop users by optionally allowing them to approve new

applications

• Block known and unknown threats

• Use whitelisting to only allow approved applications to run

• Integrates with McAfee ePO console for centralized IT management

• Easily protect unsupported legacy systems, such as Microsoft Windows NT and 2000

Complete Endpoint Security

McAfee Data Center Suites

18

McAfee Data Center Suites provide complete protection for physical and virtualized server—superior threat blocking with minimal signature-based scans.

• Low overhead, increased security for demanding server environments• Use whitelisting to only allow approved applications to run, denies malware• Protect against zero-day and APTs without signature updates• Strengthen security and lower ownership costs with dynamic whitelisting • Integrates with GTI to classify binaries as Good, Bad and Unknown

• Integrates with McAfee ePO console for centralized IT management

• Integrates with VMware, Microsoft HyperV and Citrix

• Easily protect unsupported legacy systems, such as Microsoft Windows NT and 2000

McAfee Datacenter Security Suite for Server

McAfee Virus Scan Enterprise – Windows and Linux

McAfee Application Control – Server

McAfee MOVE – Virtual Desktop Infrastructure

McAfee ePO

Complete Endpoint Security

Performance

19

McAfee application control = low performance impact

50%

60%

40%

30%

20%

10%

Endpoint Resource Usage(for illustration only)

Util

izat

ion

70%

80%

90%

100%

McAfee App Control

AV + HIPs

McAfee VirusScan Enterprise

20

McAfee VirusScan Enterprise proactively stops and removes threats, extends coverage for new security risks, and reduces the cost of managing responses.

• Protect your files from viruses, worms, rootkits, Trojans, and other threats

• Proactive protection against new and unknown buffer-overflow exploits that target vulnerabilities in Microsoft applications

• Easily configure policies to manage and remove quarantined items

• Supports users who are using both Microsoft Outlook and Lotus Notes

• Supports Windows desktop OS (2000, XP, Vista, 7, 8) and Windows Server OS (2000, 2003, 2008, 2012)

Exploit Evasion Combined

McAfee 97% 100% 99%

Symantec 91% 100% 96%Sophos 88% 97% 93%Kaspersky 92% 92% 92%F-Secure 79% 88% 84%Microsoft 65% 100% 83%AVG 76% 88% 82%ESET 71% 92% 82%Trend 73% 53% 63%Norman 47% 75% 61%Panda 41% 75% 58%

Combined Detection Rates

NSS Labs Protection & Evasion Test 2013: (VSE/HIPS/SAE)

• Unbeatable malware detection and removal

• Proactive protection from zero-day attacks

• Integrates with McAfee GTI for real-time defense

• Managed by ePO for deployment, configuration, enforcement and reporting

• Optimized for fast performance and educed system impact

Complete Endpoint Security

McAfee Host IPS

21

McAfee Host Intrusion Prevention for Desktop delivers unprecedented levels of protection from known and unknown zero-day threats by combining signature and behavioral intrusion prevention system (IPS).

• Enforce the broadest IPS and zero-day threat protection coverage across all levels: network, application, and system execution

• Advanced threat protection through dynamic, stateful desktop firewall

• Single, unified management by ePO• Patch endpoints less frequently and

with less urgency• Location aware policies provide

specific protection based on location• Behavioral Analysis - zero-day attack

protection• Mitigates patch deployment

urgency• Ensure applications only

perform legal operation• Vulnerability shielding capabilities for up

to 100% MS vulnerability coverage

Complete Endpoint Security

McAfee Endpoint Encryption

22

McAfee Endpoint Encryption solutions use industry-leading encryption algorithms and offers multiple layers of data protection to transparently secure a broader scope of confidential information.

• Drive and file/folder encryption for Microsoft Windows PCs or Mac OS X

• Enables automatic, transparent encryptionwithout hindering performance

• Enhanced performance through support for Intel AES-NI technology

• Remote out-of-band management with ePO Deep Command

• Supports: Windows 8, 7, Vista, XPServer 2008, 2003; (32- and 64-bit)

• Enforces strong access control with pre-boot authentication

• Prevents unauthorized access to information on PCs, laptops, network servers, and removable media

• Provides key-sharing mechanisms that allow users to share files securely

• Centrally managed with ePO

Complete Endpoint Security

McAfee Device Control

23

McAfee Device Control protects data from falling into the wrong hands via removable storage devices and media, such as USB drives, MP3 players, CDs, and DVDs.

• Control how users copy or retrieve data

• Supports USB drives, iPods, recordable CDs/DVDs, Bluetooth and infrared devices, imaging equipment, COM and LPT ports

• Centrally define, deploy, manage, and update security policies and agents

• Set device and data policies by user, group, or department.

• Support compliance with detailed user- and device-level logging

• Gather details such as device, time stamp, and data evidence for prompt and proper audits

• Protect your business from data loss

• Maintain control over your confidential data

• Enable productivity while ensuring data protection

• Centralize and simplify your security management

• Prove compliance with less effort

Complete Endpoint Security

McAfee VirusScan Enterprise for Storage

24

McAfee Enterprise VirusScan for Storage extends proven real-time threat protection to mission critical NAS environments.

• McAfee’s proven, award-winning scanning technology has been extended to storage environments

• Rely on always-on, up-to-date, real-time security

• High availability ensures business continuity in the unlikely event of a product failure

• Multi-vendor support saves time and IT overhead and eliminates the need for separate point products for each vendor

• Deploy ePO to manage all of your new security solutions or leverage your current investment by adding VSE for Storage to your ePO infrastructure

• Continuous protection for storage devices and their data

• Cost-effective solution

• Common security management with ePO

• Supports: IBM StoreWize V7000 Unified System, IBM Sonas,

• HP StorageWorks X9000 Network Storage Systems

• Sun Storage 7000 Unified Storage Systems

• Isilon

Complete Endpoint Security

McAfee VirusScan Enterprise for Linux

25

McAfee VirusScan Enterprise for Linux delivers always-on, real-time anti-virus protection for Linux environments. Its unique, Linux-based on-access scanner constantly monitors the system for potential attacks.

• Secure your enterprise with always-on protection

• Heuristic scanning

• Archive scanning

• Cross-platform protection

• Save time with automatic updates

• Make management easy with McAfee ePolicy Orchestrator (ePO)

• Deploy new kernels quickly and easily

• Supports various Linux distributions

• SuSE Linux 9, 10, 11• Novell Open Enterprise Server 1, 2• Red Hat Enterprise 4.x; 5.x; 6.x• CentOS 4.x, 5.x, 6.x• Fedora Core 10, 11, and 12• Ubuntu 8.04, 9.04, 9.10, 10.04, 10.10,

and 11.04

Complete Endpoint Security

McAfee SiteAdvisor Enterprise with Web Filtering

26

McAfee SiteAdvisor Enterprise rates website safety using comprehensive behavioral and web reputation tests.

• Advanced anti-phishing and blocking capabilities

• Websites are classified into 104 categories

• Secure web browsing and content filtering for business users

• GTI integration provides protection at a URL level instead of domain level

• Supports IE, Firefox, Chrome browsers

• Educate end users about the dangers of searching or surfing the Internet

• Browse safely - color-coded rating system lets users know which websites are safe and which are risky improve productivity

• Advanced customization to authorize or block websites based on overall site ratings or threat factors

• Integrated URL & content filtering• Manage with ePO for deployment,

configuration, and reporting

Complete Endpoint Security

McAfee ePO Deep Command

27

McAfee ePO Deep Command provides secure and remote out-of-band security management access to PCs that may be powered off or disabled.

• Utilizes Intel® vPro™ Active Management Technology (AMT)

• Discovers Intel vPro-based PCs in infrastructure

• Easily configure and provision Intel AMT from ePO console

• Put protection in place ahead of threats, even if systems are powered off or using encryption

• Ensure that powered-off and remote endpoints adhere to policies and configurations

• Connect to the keyboard, video, and mouse (KVM) capabilities of supporting Intel® vPro™ systems

• Securely extend the reach of remote remediation with IP-KVM functionality

• Remotely remediate PCs when disabled

• Conduct wake and patch• Access PCs at hardware level• Improve security to all PCs regardless of

state

• Remote out-of-band encryption management

• Supports Intel Core i5 vPro or Core i7 vPro

Complete Endpoint Security

McAfee Endpoint Protection for Mac

28

McAfee Endpoint Protection for Mac secures Apple endpoints with complete, advanced protection, including anti-virus, anti-spyware, firewall, and application protection.

• Educate On-access scanning - always-on protection to stop threats before they execute

• Scan archives & compressed files, Apple Mail messages & network volumes

• System firewall stops network-based attacks from infecting the Mac

• Application protection provides the ability to deny applications that are not approved to run

• Managed by ePO

• Adaptive Mode - Helps to learn network traffic and fine tuning the existing firewall policies

• Regular mode - Ensures your firewall policies are enforced strictly

• DNS Blocking - Blocks access to unwanted sites

• Location awareness - Ensures correct policies are enforced based on the location from where you are connecting to the network.

Complete Endpoint Security

McAfee Security for Email Servers

29

McAfee Security for Email Servers provides comprehensive content security for Microsoft Exchange and Lotus Domino servers.

• Comprehensive inbound security against all email-borne threats• Integrated encryption and data loss prevention capabilities for compliance

and policy enforcement• Security-as-a-Service (SaaS), on-premises,

and integrated hybrid deployment options• Cloud-based computing provides virtually

limitless capacity

• Platforms supported:

• Microsoft Exchange 2003, 2007, 2010, 2013

• Lotus Domino 8.0, 8.5• Windows Server 2003, 2008, 2012

• Linux (Domino 8.5) Server• Novell SUSE Linux Enterprise Server

10, 11

• Red Hat Enterprise Linux

Complete Endpoint Security

McAfee Security for Microsoft SharePoint

30

McAfee Security for Microsoft SharePoint ensures that your corporate SharePoint deployment does not spread malware, store inappropriate content, or lead to data loss.

• Prevent SharePoint from becoming a malware vector by blocking viruses, worms, Trojans, and other potentially unwanted programs

• Centralized and local reporting via the McAfee ePO• Prevent data loss through flexible content filtering• Store quarantined documents locally and

search the database by infection name, file name, and other parameters

• Prevent inappropriate and unauthorized documents from being stored on your SharePoint server

• Supported Platforms:

• Microsoft SharePoint Server 2003, 2007, 2010

• Microsoft SharePoint Services 2.0, 3.0• Microsoft Windows Server

Complete Endpoint Security

McAfee Policy Auditor

31

McAfee Policy Auditor software automates manual audit processes and helps you report consistently and accurately against internal and external policies.

• Unify management of policy audits and endpoint security• Run consolidated audits across both managed (agent-based) and unmanaged

(agentless) systems• Report against key industry mandates

and internal policies• Up-to-date data, powerful dashboards

and reports, and built-in waiver management simplify every step

• SCAP-FDCC validated• Validated by the National Institute of

Standards and Technology (NIST) as conforming to the SCAP standard

Supported operating systems.• Microsoft Windows XP, Vista, 7

• Windows Server 2000, 2003, 2008

• Red Hat Enterprise Linux 3.0,4.0, 5.0, 5.1

• MAC OS X 10.4, 10.5

• HP-UX (RISC) 11iv1, 11iv2

• AIX (Power5, Power6) 5.3 TL8 SP5, 6.1 TL2 SP

Complete Endpoint Security

McAfee Web Gateway

32

McAfee Web Gateway delivers comprehensive security for all aspects of web traffic, regardless of location or device. McAfee Web Gateway enables today’s web-centric enterprises with a powerful rules-based engine for optimal policy flexibility and control.

• Protect Geo-location (McAfee GTI)• Web reputation (McAfee GTI)

• Web filtering (McAfee GTI)

• Dynamic categorization

• File reputation (McAfee GTI)

• SSL scanning

• Media/file analysis

• Data loss prevention

• Signature-based antivirus

• Proactive anti-malware

• Common criteria EAL2+ and FIPS 140-2 Level 2-certified

• Leader in Gartner Magic Quadrant, Web Gateway for four years running

• Number one-rated antimalware solution on the market (AV-Test.org)

Complete Endpoint Security

Product Resources (click on image to browse to web)

33