September 21, 2012

McAfee ePolicy Orchestrator 4.6 The Foundation of McAfee Security Management Platform

Name Title

2

Agenda

Current State of Security Management

Advantages of ePolicy Orchestrator

Overview of ePO 4.6

Demo

Today’s Security Landscape

Daily new malware threats 55,000 More Malware

Variations

Active new zombies per month 5M Attack Target

Users vs. Machines

New malicious website detected

30 Seconds

Malware is obfuscated 85%

Web 2.0 is the Catalyst!

Toolkits & Obfuscation

Of all threats are financially

motivated

90%

4

Cyber Crime Altering Threat Landscape

Password Stealers Malicious websites Email Attacks Autorun Malware

Value of Data on Black Market

$980–$4,900 Trojan to Steal Account Information

$490 Credit Card Number with Pin

$147 Birth Certificate

$78–$294 Billing Data

$147 Driver’s License

$98 Social Security Card

$6–$24 Credit Card Number

$6 PAyPal Account Logon and Password

End User = DATA

Cybercrime “Ecosystem”

Spammers Identity Thieves

BOT Herder

Malware Developer

Tool Developers

Vulnerability Discovers

Current Trends:

Botnets Zero-day exploits ‘Scareware’ Also Mac and Linux

September 21, 2012 5

Proliferation of Security Products from Multiple Vendors

IPS

NAC

Vulnerability Manager

Encryption

Policy & Remediation

EndPoint Firewall Web

NUBA

eMail

Data

Security Landscape

McAfee TippingPoint

Sourcefire Juniper

Cisco IBM

Entrasys NitroSecurity

DeepNines StillSecure

Check Point Stonesoft

McAfee Cisco

Juniper Symantec

Aruba Sophos

Check Point TippingPoint

Entrasys StillSecure

Nortel

McAfee Symantec

CodeGreen Credant

Lumension Cisco

WebSense

Lumension NetIQ Rapid7 WhiteHat Acunetix SourceForge Nikto (freeware)

McAfee Symantec

IBM Microsoft

ConfigureSoft BigFix Oracle

ThirdBrigade (TrendMicro)

McAfee Mazu Cisco Lancope ArborNetwork

SkyRecon Microsoft G data Trust Port eScan BitDefender Avira Dr Web F-Port BullGuard Arcabit Risisng Software Clam VBA AVG

McAfee SecureWave winMagic SafeNet Wave Systems Mobile Aromr Microsoft IBM TrendMicro

McAfee Cisco Juniper Check Point Fortinet Stonesoft SonicWALL Watchguard NETSQ Astaro Phion HP

Cisco Trend ScanSafe Symantec Websense BlueCoat Aladin Finjan Mi5(Symantec) Facetime CP Secure

McAfee Barracuda TrendMicro Symantec Cisco Google SonicWALL WebSense BorderWare Microsoft ProofPoint

McAfee Symantec

TrendMicro Sophos

Kaspersky Panda

Microsoft Eset

CA F-secure

eEye Digital Prevx

Check Point IBM

Landesk BigFix

McAfee Barracuda

ContentKeeper CA

Webroot Clearswift

8e6 (Marshal) Cymphonix

Check Point Sophos Credant

PGP GuardianEdge

Symantec Information

Security Corp. iAnyWhere

Solutions BeCrypt

Tumbleweed SoloBreaker Verdasys Oakley Fidelis BorderWare IBM WinMagic RSA Vericept

InfoExpress Insightx Impulse Point Forescout Bradford Consentry Trustwave

Top Layer Radware Snort HP McAfee

IBM Microsoft

nCircle Qualys Nessus

6

Security Landscape

Leads to Proliferation of Security Management Consoles and Reporting Tools

Anti-virus Management Tools 1

Network Access Control Management Tools

8

Anti-spyware Management Tools 2

Host Intrusion Prevention Management Tools

7

Desktop Firewall Management Tools 3

Data Protection (DLP, Encryption, etc.) Management Tools

6

Policy Auditing Management Tools 4

Web Security Management Tools 5

7

Leads to Proliferation of Security Management Consoles and Reporting Tools

• Lack of automation, reporting from disparate systems: resource drain

Maintenance & Audit Fatigue

• Siloed processes and management tools: slows incident response times

Operational Complexity

• Lack of integration, no correlation of data: increases effort, time to diagnose issues

Low Visibility

Pain Points

8

Leads to Proliferation of Security Management Consoles and Reporting Tools

Problems

Security Gaps

Higher Costs

9

McAfee ePolicy Orchestrator 4.6 ePolicy Orchestrator

McAfee ePolicy Orchestrator

• Automate solutions with open API

• Leverage ecosystem

• Connect to your IT infrastructure

• Streamline processes

• Speed incident responses

• Reduce audit fatigue

• Central point of reference

• Enterprise-wide visibility

• Reduce management complexity

• Distributed architecture supports deployments of any size

• Flexible reference architecture

Extensible Automated

Unified Enterprise-ready

10

McAfee ePolicy Orchestrator Key Feature Overview

McAfee ePolicy Orchestor

• End-to-End Visibility – Unified point of reference across

security solutions • Personalized Command Center

– Tune work environment to optimize efficiencies

• Drag-and-Drop Dashboards and Actionable Reports

– Immediate insight to action slashes response times

• Role-based Access Control – Distribute administration and

information

• Rogue System Detection – Identify and manage all networked

assets to lower risk • Powerful Workflows

– Automate common routines, streamline processes across systems

• Enterprise-ready – Flexible, scalable architecture minimizes

CAPex and OPex • Extensible Framework

– Increase value of existing security assets, optimize for future needs

Confidential McAfee Internal Use Only September 21, 2012 11

End-to-End Visibility

• Single version of the truth across systems, networks, compliance solutions

• Delivers real-time threat intelligence from McAfee Labs for contextual risk assessment

• Unified command center – Create, enforce, manage policies and workflows – Centralized reporting for endpoint, data, network, risk

management

• Access from anywhere – Web-based UI

• System of record

Achieve immediate insight into enterprise security and compliance postures

Confidential McAfee Internal Use Only September 21, 2012 12

Personalized Command Center

• Personalize views, navigation and action bar • Drag-and-drop controls to place most used

within easy reach • Create query groups and related workflows

based on your priorities automate common tasks

Tune your work environment to best suit your needs

Confidential McAfee Internal Use Only September 21, 2012 13

Role-based Access Control

• Distribute administrative tasks and information by role

• Roles defined by permission sets – Permission sets for functionality such as

Reporting, Automation, Configuration

– Upon login, user is presented only with the features that they have permission to access; everything else is hidden

• Increase management confidence in security posture and cut reporting time

– Create role-based dashboards for executive users

Permission sets determine what users can see and do to facilitate efficiencies

Confidential McAfee Internal Use Only September 21, 2012 14

Drillable Dashboards and Actionable Reports

• Dashboards provide at-a-glance understanding of security posture

– Dashboards display complex information quickly – Correlated threat intelligence provides risk

assessments – Drill to detail – Drag-and-drop editing – Share with others

• Actionable Information – Execute tasks directly from a dashboard or report

(update now task button) – Kick off workflows based on predefined reporting

thresholds

• Generate reports on-demand, on a schedule or with an event

– Schedule and email html, xml, csv, or pdf reports – Multiple queries within a single report – Parameter-based reports – develop on-demand

reports with user-driven filters

Dramatically slash incident response times

Confidential McAfee Internal Use Only September 21, 2012 15

Rogue System Detection

• Identifies rogue systems connecting to network

• Rogue sensors strategically deployed to detect rogue systems

• Detect all systems connecting to your network such as

– PC, routers, printers

• Provides system of record to identify assets

Identify assets to bring under control and to mitigate risk

Confidential McAfee Internal Use Only September 21, 2012 16

Powerful Automations & Workflows

• Automatic response system works with existing infrastructure

• ‘Tag’ assets and policies to take future actions based on tags

– Example - As new Exchange servers come into the system tree run task to deploy GroupShield protection

• Create tickets within HP OpenView and BMC Remedy ticketing systems

– Make security processes a transparent part of IT operations

• Connect to external systems and customize workflows with ePO Web API

– Supports business logic

Streamline workflows to eliminate security gaps and achieve efficiencies

MALWARE ATTACK

Report Sent to Team through phone and

issue is created

Issue sent to 3rd party help desk

Patch update sent; ePO and help desk synched in system

Event Trigger Report Help Desk Resolved

Confidential McAfee Internal Use Only September 21, 2012 17

Enterprise-class Scalability

• Dramatically improve scalability

• Improve security policy and DAT coverage for remote and roaming endpoints solutions

• Policy sharing and usage reporting across servers

Multi-tiered, distributed architecture elegantly scales

ePO Server ePO DB Web Console

McAfee Network Security

McAfee Update Servers

Agent Handler

Distributed Repository

Super Agents Distributed Repository

Notifications Ticketing Systems

Extensible Framework McAfee’s Open Platform for Security Risk Management

SIA Associate Partner SIA Technology Partner (McAfee Compatible)

19

McAfee ePO Users Manage More with Less

Simple. Flexible. Efficient.

MSI International, survey of 488 ePO & non-ePO users

• ePO users manage more – 30% more endpoints – Using 50% less hardware

• Spend less time managing security

– 38% less time on security reporting – 41% less time on developing security policies – 31% less time repairing endpoints after an infection

Confidential McAfee Internal Use Only September 21, 2012 Title of presentation 20

McAfee Strengthens Protection, Achieves Cost Efficiencies for the Agile Business

“We are extremely confident with ePO and all the threat protection managed by it. Using McAfee, our clients have not had a single outage by a security incident in that area in seven years.”

Martin Reindl, Business Unit Leader System Security, Atos Origin Germany

Confidential McAfee Internal Use Only September 21, 2012 Title of presentation 21

McAfee Strengthens Protection, Achieves Cost Efficiencies for the Agile Business

“With McAfee, I can provide better, more comprehensive protection for the Agency — and spend less time doing so. Best of all, I have much greater peace of mind.”

Rogelio Garcia, Systems Administrator, Agencia de Defensa de Competencia de Andalucia

Confidential McAfee Internal Use Only September 21, 2012 Title of presentation 22

McAfee Strengthens Protection, Achieves Cost Efficiencies for the Agile Business

“McAfee best meets our need for central managing, and we agreed with their future views on anti-virus technologies and policies. We knew we could evolve easily with McAfee over time.”

Kjell Larsson, Technical Product Manager for Security and Access, TeliaSonera AB

Confidential McAfee Internal Use Only September 21, 2012 Title of presentation 23

McAfee Strengthens Protection, Achieves Cost Efficiencies for the Agile Business

“I want to have more control in managing security as Draka expands globally, and ePO will play a very important role in that evolution.”

Aad Oudeman, Global Infrastructure Shared Services Manager, Draka Holding

Q&A Session

24

September 21, 2012

Customer Success

Maximum Protection with Minimal IT Resources at the Agencia de Defensa de la Competencia de Andalucia

26

Industry Government

Environment MS Windows 2003 environment with 23 desktops and five servers

McAfee Products Deployed Total Protection for Secure Business with ePolicy Orchestrator® (ePO®)

Challenges • Poor performance and inadequate administration tools for previous antivirus system

• Exposure to security threats through memory devices plugged into USB ports

Optimized Solution Summary • Time spent checking and updating systems reduced from one day to two minutes

• Prevents malware or other threats from entering the system via a USB device

• Saves money compared to multiple point security solutions; device control alone would have cost almost as much as the entire McAfee solution

• Blocks users’ access to harmful websites

“With McAfee, I can provide better, more comprehensive protection for the Agency— and spend less time doing so. Best of all, I have much greater peace of mind.” Rogelio Garcia, Systems Administrator, Agencia de Defensa de Competencia de Andalucia

Customer Success: TeliaSonera AB

“McAfee best meets our need for central managing, and we agreed with their future views on anti-virus technologies and policies. We knew we could evolve easily with McAfee over time.” Kjell Larsson, Technical Product Manager for Security and Access, TeliaSonera AB

•Challenge – Protect endpoints with a common, integrated security solution – Avoid system-wide outbreaks that could paralyze their customer service desk – Maintain control of and visibility into company’s network

•McAfee VirusScan Enterprise, AntiSpyware, Host Intrusion Prevention, and EPO

– Provides protection of its 23,000 desktops and 3,500 servers against malicious attacks

– Minimizes risk of malware intrusion on the desktops and laptops – Reduces time managing security via consolidated console

Customer Success: Draka Holding

“I want to have more control in managing security as Draka expands globally, and ePO will play a

very important role in that evolution.” Aad Oudeman, Global Infrastructure Shared Services Manager, Draka Holding • Challenge

– Global centralization of IT services forced 6th largest worldwide cable provider to update its security solutions for 9,000 employees in 29 countries

– Limited IT staff burdened the management of IT and security for 80 worldwide sites

• McAfee ToPS for Endpoint Simplifies Global Security Standardization – Enforces 24x7 centrally managed protection for 80 sites worldwide – Automates distribution of patches and software upgrades in minutes – Enables customization of new policies, rules and network access at local sites – Ensures IT services standardization and compliance in every country – Reduces administrative time for worldwide IT staff by intelligently monitoring

security

Customer Success: Scania AB

“We’ve stayed with McAfee for a few reasons. McAfee’s anti-virus coverage is very comprehensive, and McAfee’s industry reputation and solution knowledge are widespread.” Frederik Tomasson, IT Security Manager, Scania AB

•Challenge – Ensure overall Internet and desktop security for 35,000 employees worldwide – Manage specific user access policies across different countries – Increase security coverage without increasing administrative tasks or staff – Avoid downtime for employees during new anti-virus solution or upgrade rollouts

•McAfee Total Protection (ToPS) for Endpoint Strengthens Anti-virus Protection for Scania AB for the Long Haul

– Protects 15,000 endpoints against virus attacks – Saves 30% of IT manpower in managing anti-virus activities – Allows for customization of anti-virus usage policies within a distributed

organization – Simplifies and streamlines worldwide rollouts of upgrades, and new Internet and

desktop security solutions – Nearly zero downtime amongst users during upgrade rollouts

Customer Success: Abtran

• Challenge

– Ensure security of thousands of credit card transactions daily – Meet PCI DSS and ISO 27002 standards – Protect client information coming in and out of 2 call centers, 2 data centers, 500 desktops, and 30

servers – Prevent potential data loss on laptops – Provide multiple layers of security risk management protection without negatively impacting IT

administrator’s time

• McAfee ToPS for Endpoint, Network Security Platform, Endpoint Encryption, Vulnerability Manager,

and Email Security Service—Helps Abtran Save Time while Meeting Compliance Regulations – Cuts time to produce weekly security reports from 3 to 4 hours to less than 2 minutes – McAfee ePO 4.0 saves IT support hours each week in administering and monitoring endpoint security – Guards Abtran from risks of financial loss, brand damage, public disclosure, or noncompliance – Management of multiple solutions made easy—by gaining full visibility in the enterprise while

consolidating data, all through a centralized console that is transparent to users

“Because McAfee provides centrally managed anti-virus protection, encryption, intrusion detection and prevention, vulnerability management, and more, it plays a key role in our road to compliance with PCI, ISO, and other information security standards and customer requirements.” Robert Ravenscroft, IS Security Manager, Abtran

31

ePolicy Orchestrator

Large Enterprise (>10K) Mid-Sized Enterprise (1K-10K)

ePO Non ePO ePO Non ePO # of Security

Admin Servers

# of Security Administrators

Mean Hours per Week per Administrator Spent on IT

Security Operations

Total Full Time Employees (FTE)

2.1

7.9

3.9

0.8

7.2

15.8

9.5

3.7

5.3

15.3

10.3

4.0

10.7

27.1

16.2

10.9

387 survey interviews completed by Insight Express, dated June 2007 -- 176 ePO customers, 211 non-ePO -- Mid-sized avg 4,100 nodes, Larger avg 46,000 nodes

Footnote: Actual numeric values are based on the “means” calculated using the midpoints of the ranges used in the survey