McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture.
- Common criteria EAL2+ and FIPS 140-2 Level 2 certified
- Available in multiple hardware models and as a virtual machine supporting VMware and Microsoft Hyper-V
- Integrated with complementary Intel® Security solutions including McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange
- Rated number one anti-malware in a secure web gateway (AV-TEST)
McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture. For user-initiated web requests, McAfee Web Gateway first enforces an organization’s Internet use policy. For all allowed traffic, it then uses local and global techniques to analyze the nature and intent of all content and active code entering the network via the requested web pages, providing immediate protection against malware and other hidden threats. And, unlike basic packet inspection techniques, McAfee Web Gateway can examine SSL traffic to provide in-depth protection against malicious code or control applications that have been hidden through encryption.
Threat Intelligence Exchange (TIE)
McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time.
Adaptive threat protection closes the gap from encounter to containment for advanced targeted attacks from days, weeks, and months down to milliseconds.
Collaborative threat intelligence is built out of global intelligence data sources combined with local threat intelligence gathering.
You get immediate visibility into the presence of advanced targeted attacks in your organization.
Relevant security intelligence is shared in real time among endpoint, gateway, network, and data center security solutions.
You are empowered to make decisions on never-before-seen files, based on endpoint context (file, process, and environmental attributes) blended with collective threat intelligence.
Integration is simplified through the McAfee Data Exchange Layer. Implementation and operational costs are reduced by connecting together Intel Security and non-Intel Security security solutions to operationalize your threat intelligence in real time.
McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time. Combining imported global threat information with locally collected intelligence and sharing it instantly, allows your security solutions to operate as one, exchanging and acting on shared intelligence. McAfee Threat Intelligence Exchange narrows the gap from encounter to containment from days, weeks, and months down to milliseconds.
McAfee Threat Intelligence Exchange consists of the following components:
- McAfee Threat Intelligence Exchange Server 1.2.0
- McAfee Data Exchange Layer Client 1.1.0
- McAfee Threat Intelligence Exchange Module 1.0.1 for VirusScan Enterprise
Additional requirements for McAfee Threat Intelligence Exchange include:
McAfee Endpoint Protection
- McAfee VirusScan Enterprise 8.8, Patch 4 with Hotfix 929019, Patch 5
- McAfee Endpoint Security 10.1 or later
McAfee Security Management
- McAfee ePolicy Orchestrator 5.1.1
- VMWare vSphere 5.1.0 with ESXi 5.1 or later
Network Security Platform (NSP)
McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network.
Unparalleled Advanced Threat prevention
- Signature-less, advanced malware analysis
- Advanced botnet and malware callback detection
- Behavior-based analysis and DDoS protection
- Integration with McAfee Advanced Threat Defense
- Real-time threat sharing with McAfee Threat Intelligence Exchange (TIE)
- Endpoint context via ePolicy Orchestrator® (McAfee ePO™)
- Endpoint process correlation via Endpoint Intelligence Agent
- Data Sharing and Quarantine with McAfee Enterprise Security Manager (SIEM)
- Host Risk Analysis via McAfee Vulnerability Manager
- Predictive malware detection via McAfee GTI
McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network. Using advanced detection and emulation techniques, it moves beyond mere pattern matching to defend against stealthy attacks with extreme accuracy. This next-generation hardware platform scales to speeds of more than 40 GBPS with a single device to meet the needs of demanding networks. The Security Connected approach to security management streamlines security operations by combining real-time McAfee Global Threat Intelligence (McAfee GTI) feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.
Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response.
Designed to monitor, control and alert when endpoints are compromised.
An endpoint detection and response tool for advanced threats.
Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defense lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:
Collectors: Find and visualize data from systems.
Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.
Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.
Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.
Supported client operating systems
- CentOS 6.5, 32-bit
- RedHat 6.5, 32-bit
- Microsoft Windows
- Windows 8.0, Base, 32-bit, and 64-bit
- Windows 8.1, Base, U1; 32-bit and 64-bit
- Windows 2012, Server Base, R2; U1; 64-bit
- Windows 2008 R2 Enterprise, SP1, 64-bit
- Windows 2008 R2 Standard, SP1, 64-bit
- Windows 7 Enterprise, up to SP1; 32-bit and 64-bit
- Windows 7 Professional, up to SP1; 32-bit and 64-bit
Next Gen Intrusion Detection & Protection System (IDS / IPS)
Detect and Prevent Advanced Targeted Attacks
- Always-On Full-Packet Capture
- Whitelisted Executables
- Endpoint Lock-Down/Quarantine
- Automatic Signature-based Intrusion Detection and Prevention
- IP Range Blocking (Geo-location blacklisting)
- Whitelisting, Blacklisting and Custom Rules
- Zero Network Latency
- Decrypted SSL Traffic Analysis
Detect and Prevent Advanced Targeted Attacks
Mid-sized organizations now represent 54%(1) of all cybersecurity breaches and what’s troubling is that you might not even be aware that you’re a prime target. These attacks are becoming more sophisticated and much harder to detect. Yet traditional cybersecurity technologies haven’t evolved at the same pace and as a result, fail to effectively protect you from today’s sophisticated attacks.
Now more than ever, your organization needs protection against more than just signature-based attacks. It needs holistic protection that’s also capable of defending against zero-day targeted attacks and advanced persistent threats (APTs). Network Interceptor protects against both known and unknown threats.
At the core of the Managed Detection and Response™ service is Network Interceptor, a next-gen IDS/IPS designed for mid-sized enterprise. It fuses robust threat intel to deliver real-time signature-based threat detection and prevention, while introducing the unique ability to identify unknown cyber threats through behaviour-based anomaly detection and attack pattern analysis.
With always-on full traffic capture, our team of highly skilled threat analysts get the full picture they need to hunt, investigate, identify and escalate unique threats in real-time, always. Completely customizable to your specific business context and policies, Network Interceptor is redefining cyber protection for mid-sized organizations in the face of today’s constantly evolving cyber threat landscape.
Firewall / Next Generation Firewall
Check Point provides customers of all sizes with the latest data and network security protection in an integrated next generation firewall platform, reducing complexity and lowering the total cost of ownership.
- Comprehensive Threat Prevention
- Prevent Known and Zero Day Threats
- GAIA – A Unified Secure Operation System
- Measurement of Security Appliances
Check Point provides customers of all sizes with the latest data and network security protection in an integrated next generation firewall platform, reducing complexity and lowering the total cost of ownership. Whether you need next-generation security for your data centre, enterprise, small business or home office, Check Point has a solution for you.
Advanced Threat Protection
Designed to work with other products, a central system to verify files.
- User interactive mode: Enables analysts to interact directly with malware samples.
- Extensive unpacking capabilities: Reduces investigation time from days to minutes.
- Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
- Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
- Detailed reports from disassembly output to graphical function call diagrams and embedded or dropped file information: Provides critical information for analyst investigation.
Designed to work with other products, a central system to verify files. Works with: McAfee Active Response, McAfee Application Control, McAfee Enterprise Security Manager, McAfee ePolicy Orchestrator software, McAfee Network Security Platform, McAfee Threat Intelligence Exchange, McAfee Web Gateway McAfee Advanced Threat Defense protects against advanced malware, including zero-day and advanced persistent threats, providing the strongest advanced threat protection available. Advanced targeted attacks are designed to defeat security systems through approaches that either confuse or evade defenses. McAfee Advanced Threat Defense detects targeted attacks and connects with existing defenses, converting threat intelligence into immediate action and protection. Unlike traditional sandboxes, it provides multiple analysis engines to broaden detection and expose evasive threats. As part of the Security Connected platform, McAfee Advanced Threat Defense is tightly integrated with other Intel Security solutions—from network to endpoint—enabling instant sharing of threat intelligence across the entire infrastructure to enhance zero-day threat protection, reduce time from detection to containment, and aid investigation to remediate post-attack.
ATD-3000 – 30 VMs, Form factor 1U Rack-Mount ATD-6000 – 60 VMs, Form factor 2U Rack-Mount File/media types supported: PE files, Adobe files, MS Office Suite files, Image files, Archives, Java, Android Application Package Analysis methods: McAfee Anti-Malware, GTI reputation: file/URL/IP, Gateway Anti-Malware (emulation and behavioral analysis), dynamic analysis (sandboxing), static code analysis, custom YARA rules Supported OS: Win 8 (32-bit/64-bit), Win 7 (32-bit/64-bit), Win XP (32-bit/64-bit), Win Server 2003, Win Server 2008 (64-bit); Android All Windows operating system support available in: English, German, Italian, Japanese, and Simplified Chinese.
The transfer, storage, analysis, and elimination of these security logs can, however, become extremely complex and sometimes even unmanageable for organizations. Cognosec’s solutions allow you to easily log data from sources such as operating systems, network devices, applications, and databases.
Security monitoring is the gathering, analyzing and presenting information from:
- network and security devices
- identity and access-management applications
- vulnerability management and policy-compliance tools
- operating-system, database and application logs
- external threat data
The extent of event logging has evolved incredibly over they years and is now used for almost everything from troubleshooting problems to optimizing system and network performance, tracking user actions, and providing vital information for the investigations of malicious activity. Due to the ongoing implementation of new legislation and the vast deployment of networked servers, workstations, and other devices over the last decade, the sheer amount of logging information available has become incredible. The transfer, storage, analysis, and elimination of these security logs can, however, become extremely complex and sometimes even unmanageable for organizations. Cognosec’s solutions allow you to easily log data from sources such as operating systems, network devices, applications, and databases. We ensure that the data is collected, filtered, normalized, and stored centrally in order to facilitate analysis, correlating, reporting, and alerting. Cognosec fully supports the design, implementation, and customization of log management systems to ensure that the desired objectives are still achieved with absolute minimal impact to performance, resulting in the safest and most easily managed systems possible.
Incident Response, Business Continuity & Forensics
Security Incident and Event Management (SIEM) tools analyze & provide a consolidated view of the overall security posture in the organization.
We provide a full service offering from consulting, gap analysis, technology choice, architecture & design, implementation and management of:
- Managed Compliance Services (eg. Monitoring and reporting based on specific PCI-DSS or SOX requirements)
- On premise SIEM implementations
- Hybrid SIEM implementations
- Cloud based SIEM implementations
Security Incident and Event Management (SIEM) tools are used to collect, correlate, aggregate and store security logs from servers, network devices, DLP Systems, security devices, databases and Access Control Systems (any device that can provide a log file with a security context) on a network. They analyze & provide a consolidated view of the overall security posture in the organization. These systems allow security professionals to quickly identify suspected breaches & malware incidents in near real time and to conduct forensic investigations using historical data. SIEM systems can be enormously expensive and require a high level of skill to run. They require constant tuning and maintenance so it makes sense for many businesses to outsource to experts.
We provide bespoke managed compliance services for customers who are required to monitor and report on the compliancy of their systems, against certain standards and regulations such as PCI, Sarbanes – Oxley, HIPPA, COBIT, ISO, BASEL II, FISMA, GLBA, NERC, but who wish to outsource this function. Examples of these Managed Compliancy Services are:
- Managed PCI Compliance
- Managed IPS Reporting Service for Sarbanes – Oxley
- Penetration Testing for compliance
- Security Awareness training for compliance
- Venerability Scanning Services for compliance
- Gap assessments and configuration analysis of security tool sets
Network Security components keep your network safe.
Network Security refers to the security components which reside at the network layer of the business. The network layer connects the individual computers servers, applications and data storage areas together. Many attacks and interception attempts take place at this level, so it is a critical area to protect. The rapid adoption rate of cloud services and smart apps is becoming increasingly complex to manage, for both businesses and individuals in their own capacity. We provide a full service offering for any size of business from 25 users to 80,000 users, ranging from consulting, gap analysis, architecture & design, implementation and management of:
- Host-based Intrusion Prevention Services HIPS) – For Servers
- Perimeter facing and Internal facing Firewalls
- Web Application Firewall Services
- Network Access Control (NAC)
- Network Intrusion Prevention (NIPS) Services
Network Security components keep your network safe and include some or all of the following, depending on your requirements:
Firewalls (FW) – These are network devices that operate like border controls – only allowing the traffic you want to pass in and out of your company.
Web Application Firewalls (WAF) – These are similar to firewalls but designed to protect public websites. They only allow specific web traffic through in either direction to protect sensitive or confidential information often held in databases linked behind the website. WAFs are Essential for eCommerce businesses, who need public facing websites that facilitate payments.
Network Intrusion Prevention Services (NIPS) – protects against malicious hidden processes and hacking using devices on the network. These devices process large volumes of traffic and generate many lines of log data, which have to be managed properly to deliver proper value.
Network Access Control (NAC) – This technology prevents unauthorized (or “Rogue”) devices from joining your network. When a device does not meet your security policies or standards it should not be able to access your network.
Network Data Loss/Leakage Prevention (NDLP) – is a technology which utilizes policies on a computer that helps prevent sensitive data from being transmitted to the wrong people, both inside and outside the company.
Distributed Denial of Service (DDoS) Services –DDoS attacks have evolved into complex and overwhelming security challenges. The attacks target the transport and network layers of a communication system and flood network interfaces with traffic, causing inability to respond to legitimate traffic. This impacts your ability to conduct business using the network or internet, causing financial loss.
By choosing the correct managed cybersecurity services provider, all technologies can be deployed, configured and managed from a central console, but have to be properly tuned and managed to deliver ROI to the End User.
All reporting, remediation and escalation activities coordinated centrally.
Cognosec’s Network Security service offers tailored defense systems such as Unified Threat Management (UTM) solutions.
Developing a network with full-fledged security involves the implementation of many elements and need to be performed by experienced teams of specialists. Cognosec’s Network Security service offers tailored defense systems such as Unified Threat Management (UTM) solutions. UTM is the evolution of the traditional firewall and is an all-inclusive security product able to perform multiple security functions within one single appliance such as network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, and data leakage prevention. The combination of automated scanning and manual search filtering provides you with an extremely efficient and effective way of protecting yourself against even the most pesky attackers.
Network protection consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.