McAfee Debuts Endpoint Detection And Response, Unveils Other Tools


McAfee has thrown itself head-first into the crowded endpoint detection and response (EDR) space and introduced cloud and unified data protection offerings that increase visibility across the whole ecosystem.

The Santa Clara, Calif.-based platform security vendor said attackers are evolving and advancing their techniques to keep up with the threat landscape, according to Raja Patel, vice president and general manager of corporate products. As a result, Patel said McAfee has built a robust offering to address what happens should a threat get in.

MVision EDR takes context and data present at the endpoint and moves it up to the cloud to allow for the introduction of analytics and automation, Patel said. Specifically, Patel said McAfee uses its framework to examine the threat landscape and leverages automation to drive investigations based on the context received from the endpoint.

[Related: McAfee Re-Enters Mobile Security Space, Unveils Other New Offerings]

Sponsored post

Once a company has determined whether the item being examined is malicious or harmless, Patel said MVision EDR can help with cleaning the environment. MVision EDR will be available in the first quarter of 2019, Patel said, and pricing information has yet to be determined.

The endpoint detection and response arena is packed with both emerging vendors that launched into the space in recent years as well as legacy vendors such as Sophos that have built out EDR capabilities of their own. McAfee can differentiate itself, Patel said, through integrations with its endpoint protection and security tools, allowing for protection, detection and adoption to be more tightly aligned.

In addition, Patel said MVision EDR can move beyond more reactive forms of threat hunting and conduct guided investigations based on the type of alert being generated. By combining analytics and context, Patel said MVision EDR allows companies to get more efficiency out of their SOC and open up more seasoned to junior analysts.

Plus McAfee's ability to deploy, manage and maintain in a scaled environment means that MVision EDR customers can benefit from having a deeply integrated product that's more than just another tool or another management console, according to Patel.

"In the long game, I think EDR is just another feature of our overall security architecture," Patel said.

Kudelski Security has frequently been asked about EDR by customers, but up until now, the Phoenix-based solution provider has been forced to layer a product from a different vendor on top of the McAfee security suite to deliver that functionality, said Mark Miller, vice president South Central. Having EDR baked into McAfee's security suite will ensure the entire transaction stays with Kudelski, Miller said.

"[EDR] is kind of a shiny new toy," Miller said. "To keep McAfee relevant and competitive, I think it's necessary."

MVision Cloud is derived from the rebranding and enhancements around the company's acquisition of cloud access security broker Skyhigh Networks late last year, Patel said. The flexibility baked into MVision cloud means that protection can be provided at the origination on the endpoint, through a proxy using the cloud, or on an application moving to a platform such as AWS or Microsoft Azure.

Enhancements to the Skyhigh Networks platform include CASB Connect, which can be wrapped around applications moving to the public cloud so that security teams can deliver data protection in a more streamlined fashion, Patel said. MVision Cloud also takes the cloud elements of data protection and hooks them together with the endpoint and network to provide more holistic security, Patel said.

MVision Cloud is available today, and is available as a one-year subscription or as a multi-year license with per user simplified pricing, McAfee said. Customers will pay begin $12 and $25 per user per application for MVision Cloud, according to the company.

McAfee didn't have a great cloud strategy prior to its acquisition of Skyhigh Networks, according to Kudelski's Miller. But the company's strategy around the cloud started to unfold once Skyhigh was brought in, Miller said, and the new capabilities included as part of MVision Cloud will only help push that strategy further along.

The first integration across both Skyhigh and the core McAfee portfolio was focused around data protection, Patel said. Five years ago, Patel said data primarily lived on computers or file shares such as SharePoint inside the data center.

But now, Patel said data resides everywhere from the computer itself to Dropbox to an Amazon S3 bucket. Therefore, Patel said McAfee's ePO-Unified Data Protection tool is focused on driving commonality across the endpoint, network and cloud so that the engine being used is the same and the visibility across all three vectors is consistent.

As a result, Patel said organizations using ePO-Unified Data Protection can write a policy based on the assets they care most about, and then apply it across the entire stack from devices to the cloud to the network. ePO-Unified Data Protection will be available later this month as part of the MVision suite.

MVision is available at a standard or plus tier, with the standard offering provided SaaS management of advanced threat protection for endpoint and the plus offering providing flexibility to manage on-prem, cloud or SaaS with protection available across all devices.

MVision Standard costs between $21 and $34 per user application, while MVision Plus costs between $43 and $69 per user application. Like MVision Cloud, MVision Standard and MVision Cloud are available as a one-year subscription or as a multi-year license with per user simplified pricing.

McAfee customers understand the benefit of a single, managed console thanks to their experience with the company's ePO (ePolicy Orchestrator), said Kudelski's Miller. As the company moves into the unified data protection space, Miller said McAfee will find itself competing against other security vendors that already have a foothold in the space.

"This was a gap that McAfee had," Miller said, "and they're filling that hole."