Intel Security Endpoint Protection 2015

.

McAfee Confidential1

, Web Mail

[email protected]

http://radetskiy.wordpress.com/mailto:[email protected]

radetskiy.wordpress.com

[email protected]

2011 .

.

McAfee:

Data Protection

Email Security

Endpoint Security

Mobile Security

One Time Password

Security-as-a-Service

Security Management

http://radetskiy.wordpress.com/mailto:[email protected]://bakotech.ua/http://www.mcafee.com/ru/products/data-protection/index.aspxhttp://www.mcafee.com/ru/products/email-and-web-security/email-security.aspxhttp://www.mcafee.com/ru/products/endpoint-protection/index.aspxhttp://www.mcafee.com/ru/products/mobile-security/index.aspxhttp://www.mcafee.com/ru/products/one-time-password.aspxhttp://www.mcafee.com/ru/products/security-as-a-service/index.aspxhttp://www.mcafee.com/ru/products/security-management/index.aspx

EPS

Web Email (MEG + MWG)

McAfee = ~ 70 ,

DLP

Encryption

Web & Email Gateway

Endpoint Protection

DB Protection

Vulnerability Manager

IPS & NGFW

SaaS

SIEM

TIE + ATD

ePO Cloud StandaloneePO On-premise Security Center

McAfee 6

McAfee ePO

MS BitLockerApple FileVault

McAfee Drive Encryption+ File and Media

EMM Portal

iOS & Android

, McAfee Agent

ePO :

McAfee ePO

McAfee Agent

Encryption

Endpoint

443 TCP

80 TCP

8081 TCP

ePO :

McAfee ePOMcAfee Agent

VSE

Endpoint

LEGO. . .

ePO :

McAfee ePOMcAfee Agent

VSE

DLP

Encryption

HIPS

Endpoint

LEGO. . .

ePO :

MS AD

()

IP /

ePO : ()

( )

.

ePO :

My Default !

:

-

-

-

ePO :

:

();

Help-Desk` ( );

( );

/ ()

ePolicy Orchestrator 5.1.0 Best Practices Guide . 18 - 23

ePO :

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/25000/PD25519/en_US/epo_510_bpg_Rev_B.pdf

ePO :

McAfee ePO

Super Agent Lazy Caching

SMB / FTP / WEB

McAfee

EPS

Endpoint ProtectionEndpoint Protection

Advanced Suite

Complete Endpoint Protection Business

(only 2k< users)

Complete Endpoint Protection Enterprise

Suite

VSE for Windows

VSE for Linux

VSE for command line

EPS for Mac

HIPS for Windows (Desktop)

Site Advisor (web-filtering)

Firewall

Device Control

Application Control

EMM (MDM)

Encryption (DE + MNE + FRM)

Security for Exch. & Lotus

. !

VirusScan Enterprise (VSE)

.

.

:

DAT

GTI (!) GTI Proxy

Access Protection Rules (!) by Default VSE

http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspxhttps://kc.mcafee.com/corporate/index?page=content&id=KB53733https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22818/en_US/Access_Protection_Rules.pdf


Windows. XP 2012. .VSE (Win)

VSE (Lin)

VSE (Mac)

VSE for Storage

VSE for Android

VSE (cmd)

MOVE

deb rpm . .

MacOS X Server Mac OS 10.7 . .

NAS NetApp . .

Android 2.1 4.. ().

AIX, FreeBSD, HP-UIX, Sun, Linux, Windows. Standalone.

Windows . . Hyper-V/VMware/Xen ..

MOVE ( vShield)

McAfee ePO

VMware vShield EndpointVMware ESX

Vmware vMotion NSX

VM VM MOVE Security

Appliance

OS OS

VMtools VMtools

MOVEMOVE

MOVE

VMCI

MOVE (Multi-Platform)

MOVE Security

Appliance

VM VM VM

MOVE MOVE MOVE

OS OS OS

hypervisor2

network

McAfee ePO

, RAM , ePO

MOVE

hypervisor1

MOVE Multi-platform 3.6 Agentless 3.6

Anti-Virus Features

(On-Access Scanning)

(On-Demand Scanning)

ePO

SVA NSX

/

GTI

450 1 1 ESX

VMware vShield

(SVA Manager)

McAfee Agentless Firewall

MOVE McAfee MOVE AV for Virtual

ServersMcAfee Server Security Suite

EssentialsMcAfee Server Security Suite

Advanced

ePolicy Orchestrator

MOVE AV for Servers

Advanced MOVE AV feature: ePO Easy Deployment

Advanced MOVE AV feature: McAfee Agentless Firewall for VMware environments

Data Center Connector for VMware vSphere

Data Center Connectors for AWS, Azure, and OpenStack

VSE and VSEL license for the scan server only


VirusScan Enterprise for Linux (VSEL)

Host IPS for Servers & Linux Firewall

Application Control for Servers

Change Control for Servers

Licensing Meter Per OS Instance Per OS Instance

+

HIPS

0-day

buffer overflow

HIPS (Adobe Flash, Oracle Java, Windows etc)

, /

Windows Filtering Platform

XP 8.x, 10; 2003 - 2012

:

- - - - IP GTI- - :

- - -

Web

HIPS

Web Server Shield

Decryption & Decoding

TCP/IP StackHTTP

ProtectionWeb Server

Engine

System Call & API

System Call Interception Engine

Operating System

Audit Logs

HIPS

Database Shield

Database Network Libraries

Incoming queries fromdatabase clients SQL

Interception Engine

Database Engine

System Call & API

System Call Interception Engine

Operating System

Audit Logs

/

Application Control

( , )

, Microsoft Windows NT, 2000 Windows

zeroday

standalone ,

McAfee Application Control , .

, .

Device Control

: , , r/o USB .

fingerprints .

USB-, 3G Wi-Fi , mp3 , Bluetooth , COM LPT

McAfee Device Control PnP , : USB-, MP3-, .

()

upgrade DLP Endpoint*

* , DLP

, .

Device Control

/

USB, PCI

SN, VID + PID, Device ID etc

, .

Device Control

()

*

(Online/Offline)

** DLP Endpoint :

https://radetskiy.wordpress.com/2013/06/10/dlp-endpoint-9-3/

DLP

Device Control > DLP Endpoint

. , , r/o USB .

.

: 1) ; 2) ,

().

Content Security Suite

(MWG + MEG + NDLP Prevent + DC = DLP )

Device Control + (Email, Web, Print..).

: 1) ; 2) , ; 3)

Discover OST/PST .

.

, .. *

* Windows Mac OS

.

Device Control

DLP Endpoint

https://radetskiy.wordpress.com/2014/08/15/device_control_vs_dlp_endpoint/

McAfee ePO

MS BitLocker

Apple FileVault

McAfee Drive Encryption+ File and Media

Drive Encryption

FDE HDD, Opal, SED SSD

Windows (XP 8.1)

: AES-NI, SSO, TPM, AMT, UEFI, GPT, Secure/Hybrid Boot

pre-boot ,

(KB79787) - (KB79788)

6

AES256-CBC

DRBG HMAC SHA256

RSA 2048 bit

https://kc.mcafee.com/corporate/index?page=content&id=KB79787https://kc.mcafee.com/corporate/index?page=content&id=KB79788

/

Drive Encryption

Self-recovery -

Admin recovery (challenge-response) - email, phone

EETech boot USB/CD -

DeepCommand on intel AMT systems - Internet (IPsec)

Endpoint Assistant (Android & iOS devices) - / 7.1

Self Service Portal (DPSSP) - Internet / 7.2

: 6

https://www.youtube.com/watch?v=k1LhoagIlC8

Management of Native Encryption

Apple FileVault MS BitLocker

(report only & control)

MNE MBAM

Self Service Portal (DPSSP)

DEGO Mac

Windows To Go, Microsoft Surface Tablets

File and Removable Media Protection

/ / (AES 256)

USB , CD/DVD,

(User based / System based)

CD/DVD USB

File and Removable Media Protection

// Read Only

(USB)

(USB) (Windows & Mac)

.

Web- .

Site Advisor

URL GTI

/ URL

URL McAfee Web Gateway

URL-,

:

IE, Firefox Chrome

Deep Command

Intel vPro Active Management Technology (AMT);

Intel vPro ;

Intel AMT ePO;

/ ;

IPsec VPN ;

KVM IP- (IP-KVM)

Intel AMT

CPU Intel Core i5 vPro Core i7 vPro

, . .

Deep Defender

MBR BIOS

ePO

rootkits

McAfee Intel

(VSE, HIPS etc)

CPU:Intel Core i3, i5, i7

. Intel VT. . , .. . rootkit / bootkit / 0-day etc

EMM ( )

(MDM)

BYOD

iOS, Android, WinPhone

Enterprise Mobility Management (EMM)

, (AES 256)

Secure Container for Android

.

VirusScan Mobile for Android

, :

EMM ( )

BYOD

. API

()

Wi-Fi, 3G, VPN

(Compliance)

jailbrake\root

non-compliance

iOS Android, Secure Container

AD

Wi-Fi/VPN

VirusScan Mobile Android

Secure Container Android ( )

(PIN, pass)

EMM ( )

Secure Container for Android

EMM ( )

,

[AES 256]

: Word, Excel, PDF

,

VirusScan Mobile

EMM ( )

Android,

,

EPS

Default Policy !

- VSE DAT,

- HIPS Content,

GTI - KB53733 , , GTI Proxy - KB71000

, Access Protection

EPS :

- VSE , 1/24 GTI

- HIPS & AppControl off-line

- VSE & HIPS & DevControl

http://www.mcafee.com/apps/downloads/security-updates/security-updates.aspxhttp://www.mcafee.com/us/content-release-notes/host-intrusion-prevention/index.aspxhttps://kc.mcafee.com/corporate/index?page=content&id=KB53733https://kc.mcafee.com/corporate/index?page=content&id=KB71000&pmv=printhttps://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22818/en_US/Access_Protection_Rules.pdf

Web Email

McAfee Web Gateway SiteAdvisor

Web Email Gateway Network DLP

HTTP(S)

MEG _ McAfee Email Gateway HW / VM

(McAfee, Commtouch);

, , URL;

- ;

SPF, Sender ID, DKIM, reverse DNS lookup etc;

;

S/MIME, PGP, TLS ;

+ SPAM ;

.

MEG _ McAfee Email Gateway HW / VM

(server to server) TLS by default

S/MIME & PGP

Secure Portal Pull-based MEG

URL

Secure Attachment Push-based

MEG

RecipientEmail Gateway

EmailProtection with Policy Engine

Message Recipient

Browser



Message Recipient



Message Recipient

Web

MEG _ McAfee Web Gateway HW / VM

URL;

;

;

;

SSO;

NTLM, Kerberos, Basic;

;

.

Web


Filter Known GoodKnown Bad Sandbox / Reverse-engineeringReal-time Emulation

Depth Of Inspection

McAfee Web Protection McAfee ATD

Advanced Threat Defense

Gateway Anti-Malware

URL/Category

AVGTI

Web +


Customize block page

with your logo, colors,

instructions

,

:

, ,

..

www.mcafee.com/expertcenter -

https://kc.mcafee.com -

https://radetskiy.wordpress.com -

https://www.youtube.com/user/McAfeeTechnical - YouTube

ftp://ftp.bakotech.com/Evaluation/Docs/ - FTP

ftp login: mcafee

ftp pass: mcafee

http://www.mcafee.com/expertcenterhttps://kc.mcafee.com/https://radetskiy.wordpress.com/https://www.youtube.com/user/McAfeeTechnicalftp://ftp.bakotech.com/Evaluation/Docs/

.

McAfee Confidential54

Intel Security

5

Web

DLP

Intel

on-premises | private cloud | public cloud | hybrid

1968: .

1987 Intel 2010:

McAfee Intel.

[email protected]

http://radetskiy.wordpress.com/mailto:[email protected]