From Device To Cloud
McAfee has been laser-focused over the past year on advancing its device-to-cloud security platform to provide customers with more actionable insights that ensure both their applications and their data are protected, according to Ash Kulkarni, executive vice president and chief product officer of McAfee's enterprise business group.
The Santa Clara, Calif.-based platform security vendor has made a lot of progress recently on becoming cloud-native with its MVision portfolio as well as its new Unified Cloud Edge released. McAfee in July 2018 launched the MVision product line to make the company's portfolio more simple, inclusive, and comprehensive, kicking things off with tools in the mobile, endpoint, and ePolicy Orchestrator (ePO) space.
Three months later, McAfee added cloud and endpoint detection and response (EDR) to its MVision portfolio, as well as an ePO-Unified Data Protection Tool. From automated investigations to peer analysis tools to better management of native encryption, here's a look at 12 of the most interesting McAfee MVision features debuting this week at McAfee MPower 2019 in Las Vegas.
12. McAfee ePO Simplified Upgrade Process
Security management is complex, and can require unwieldy maneuvering between tools and data, according to McAfee. As a result, cybersecurity professionals often end up consumed with managing and upgrading security infrastructure.
McAfee ePolicy Orchestrator (ePO) now provides cumulative updates to help customers stay current and secure, the company said. This helps clients reduce the amount of time spent on maintenance and upgrade activities, according to McAfee.
11. McAfee ePO Support Center Extension
McAfee ePO is available on premises and from the cloud, and the company said it's looking to further streamline management of the integrated console.
The product is now able to provide insight and guidance into the health of McAfee ePO elements, the company said. Specifically, McAfee ePO can receive and tag Support Notification Service alerts, as well as search capabilities across McAfee content repositories, according to the company.
10. McAfee MVision ePO Native Approval Workflows
Cybersecurity professionals need to focus on critical security tasks such as detection and enforcement, according to McAfee, since adversaries will take advantage of the time security personnel are spending on more menial tasks to inflict significant damage.
McAfee MVision ePO eliminates the need for maintenance of an on-premises security infrastructure, the company said. This makes it possible for security professionals to focus exclusively on security, according to McAfee.
The product can now help customers vet policy changes for quality control and risk management, according to the company.
9. McAfee MVision ePO Expanded Global Services
McAfee's cloud orchestration journey began when the company first made it possible for partners and customers to manage their endpoint security, endpoint detection and response, and mobile security capabilities using the cloud-managed MVision functionality of MVision ePO, Kulkarni said.
McAfee MVision ePO is now able to provide the cloud-native SaaS ePO offering in additional countries thanks to new data centers in Sydney, Singapore, and Frankfurt, the company said.
8. McAfee MVision ePO Management Of Native Encryption
The management of McAfee's native encryption product can now be done through a cloud-managed forum using MVision ePO, according to Kulkarni.
A very large segment of McAfee's customers look to the company for threat prevention and data protection, and see encryption as a key element of both functions, Kulkarni said. Specifically, Kulkarni said native encryption of data on the customer's device is vital to them.
Until now, Kulkarni said customers desiring encryption had to stick with McAfee's on-premise ePO product and couldn't take advantage of the SaaS-driven, cloud-based capabilities offered by MVision ePO. But the integration of native encryption with MVision ePO means that customers will no longer be stuck with that unpalatable choice, according to Kulkarni.
7. McAfee MVision EDR Rollback Remediation
McAfee offers endpoint security and endpoint detection and response (EDR) as an integrated deployment, according to the company. The integration makes it possible for native security controls, advanced behavioral analytics, and credential theft monitoring to operate together and elevate threat event data for investigation and remediation, McAfee said.
McAfee MVision EDR is now able to reverse malicious changes made by malware and return an endpoint to its last known healthy state, according to the company. This frees up time for administrators that would have otherwise been spend remediating or reimaging systems, McAfee said.
6. McAfee MVision EDR Advanced Analytics
Assembling a collection of tools and interfaces can result in it taking longer to uncover and remediate threats, according to McAfee. By integrating products within the same McAfee ePO interface for seamless operation, the company said it's able to accelerate and simplify the threat discovery and remediation process.
McAfee MVision EDR can now identify and prioritize suspicious behavior from contextually rich endpoint data, according to the company. This helps guide and automate in-depth investigations to reduce the tactical train on security analysts, McAfee said.
In addition, McAfee said the advanced analytics enable rapid response with direct actions and broader integration to the security ecosystem.
5. McAfee MVision EDR Automated AI-Guided Investigations
Endpoint detection and response offerings often generate excessive data, Kulkarni said. Kulkarni said organizations will subsequently struggle with sifting through the data and obtaining a signal over the noise.
McAfee is better able to guide customer investigations by using its internally-generated machine learning and threat intelligence, Kulkarni said. The vendor is therefore now able to automatically generate guided rules for the investigation based on the kinds of indicators it's been seeing, according to Kulkarni.
All told, Kulkarni said McAfee's new capability means that a Level 1 or Level 2 Security Operations Center (SOC) is now able to function almost like a far more seasoned Level 3 or Level 4 threat hunting expert.
4. McAfee MVision Cloud Federal Authorization
McAfee has been selected by the Joint Authorization Board (JAB) for the Federal Risk and Authorization Management Program (FedRAMP) Connect program, according to the company. This selection was made based on demand from federal government agencies for McAfee's tools as well as approval by the JAB, according to the company.
McAfee MVision Cloud is FedRAMP Moderate Authorized and FedRAMP Ready for FedRAMP High, according to McAfee.
3. McAfee MVision Cloud Extended Threat Protection
McAfee MVision Cloud brings together data protection and threat prevention across Software-as-a-Service, Infrastructure-as-a-Service, and Platform-as-a-Serve environments, according to the company. The platform enables organizations to adopt cloud services with the requisite security, governance, and compliance they need, McAfee said.
Users can now detect zero-day threats based on behavior in a matter of milliseconds rather than minutes or hours thanks to McAfee's new Gateway Antimalware Engine, the company said.
2. McAfee MVision Cloud End User Remediation
McAfee MVision Cloud now makes it possible for organizations to involve end users in the Incident Remediation process. Specifically, McAfee said end users are now able to provide business justification for a flagged incident or mark it as a false positive.
The new feature makes it possible for incidents to be auto-resolved based on end-user input, according to McAfee. As a result, the company said the burden on SOC analysts is significantly and measurably reduced.
1. McAfee MVision Cloud Value And Maturity Advisor
As customers move workloads to the cloud, Kulkarni said they're really struggling with identifying what's the right architecture for securing their cloud workloads. Without an architecture model in place, Kulkarni said customers struggle to determine whether they're ahead or behind their peers as far as the maturity of their cloud security posture is concerned.
The McAfee MVision Cloud Value and Maturity Advisor studies the risk customers have based on the configuration settings they're put in place across all of the different clouds they're using, according to Kulkarni. Based on that information, Kulkarni said the tool gives customers a score comparing them to their peers in an anonymized way, as way as actionable guidance on how they could improve that score.
These insights should help organizations reduce the likelihood of being breached in the cloud, according to Kulkarni.