Server Security

Server Security

What is Server Security?

Server Security helps organizations protect servers providing internal and external services from cyber threats.

 

Our Server Security products

  • Advanced Threat Protection
  • Anti-Malware
  • Application Control
  • Application Readiness
  • Device Control
  • Endpoint Protection
  • HIPS
  • Multi-Factor Authentication
  • Sandboxing
  • Two-Factor Authentication

5 – Recover

Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.

Products

Web Gateway

McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture.

McAfee

McAfee

Features

  • Common criteria EAL2+ and FIPS 140-2 Level 2 certified
  • Available in multiple hardware models and as a virtual machine supporting VMware and Microsoft Hyper-V
  • Integrated with complementary Intel® Security solutions including McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange
  • Rated number one anti-malware in a secure web gateway (AV-TEST)

Description

McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture. For user-initiated web requests, McAfee Web Gateway  first enforces an organization’s Internet use policy. For all allowed traffic, it then uses local and global techniques to analyze the nature and intent of all content and active code entering the network via the requested web pages, providing immediate protection against malware and other hidden threats. And, unlike basic packet inspection techniques, McAfee Web Gateway can examine SSL traffic to provide in-depth protection against malicious code or control applications that have been hidden through encryption.

Links

Data Sheet 

Solution Brief 

Product Guide 

Best practices 

Case Study

ExpertCenter 

Review

Download as PDF

Threat Intelligence Exchange (TIE)  

McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time.

McAfee

McAfee

Features

Adaptive threat protection closes the gap from encounter to containment for advanced targeted attacks from days, weeks, and months down to milliseconds.

Collaborative threat intelligence is built out of global intelligence data sources combined with local threat intelligence gathering.

You get immediate visibility into the presence of advanced targeted attacks in your organization.

Relevant security intelligence is shared in real time among endpoint, gateway, network, and data center security solutions.

You are empowered to make decisions on never-before-seen files, based on endpoint context (file, process, and environmental attributes) blended with collective threat intelligence.

Integration is simplified through the McAfee Data Exchange Layer. Implementation and operational costs are reduced by connecting together Intel Security and non-Intel Security security solutions to operationalize your threat intelligence in real time.

Description

McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time. Combining imported global threat information with locally collected intelligence and sharing it instantly, allows your security solutions to operate as one, exchanging and acting on shared intelligence. McAfee Threat Intelligence Exchange narrows the gap from encounter to containment from days, weeks, and months down to milliseconds.

Specifications

McAfee Threat Intelligence Exchange consists of the following components:

  • McAfee Threat Intelligence Exchange Server 1.2.0
  • McAfee Data Exchange Layer Client 1.1.0
  • McAfee Threat Intelligence Exchange Module 1.0.1 for VirusScan Enterprise

Additional requirements for McAfee Threat Intelligence Exchange include:

McAfee Endpoint Protection

  • McAfee VirusScan Enterprise 8.8, Patch 4 with Hotfix 929019, Patch 5
  • McAfee Endpoint Security 10.1 or later

McAfee Security Management

  • McAfee ePolicy Orchestrator 5.1.1

Virtualization Infrastructure

  • VMWare vSphere 5.1.0 with ESXi 5.1 or later

Links

Data Sheet

Solution Brief 

Product Guide 1.3.0

Bank Case Study  

ExpertCenter  

Product Home Page

POC Guide

Download as PDF

Active Response

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response.

McAfee

McAfee

Description

Designed to monitor, control and alert when endpoints are compromised.

An endpoint detection and response tool for advanced threats.

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defense lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:

Collectors: Find and visualize data from systems.

Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.

Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.

Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.

Specification

Supported client operating systems

  • CentOS 6.5, 32-bit
  • RedHat 6.5, 32-bit
  • Microsoft Windows
    • Windows 8.0, Base, 32-bit, and 64-bit
    • Windows 8.1, Base, U1; 32-bit and 64-bit
    • Windows 2012, Server Base, R2; U1; 64-bit
    • Windows 2008 R2 Enterprise, SP1, 64-bit
    • Windows 2008 R2 Standard, SP1, 64-bit
    • Windows 7 Enterprise, up to SP1; 32-bit and 64-bit
    • Windows 7 Professional, up to SP1; 32-bit and 64-bit

 

Links

Data Sheet
Solution Brief
Product Guide
ExpertCenter

Download as PDF

Endpoint Protection

Identify and stop targeted attacks just as they are beginning.

Cylance

Cylance

Features

MALWARE EXECUTION CONTROL

  • Machine learning with predictive analysis
  • Automated static code analysis
  • Memory Control Script Control
  • Application Control
  • Pre-execution prevention in <100ms
  • No signatures |
  • No prior knowledge needed No Internet required
  • No daily scans Rejects potentially unwanted programs (PUPs)

Description

Cylance applies artificial intelligence, algorithmic science and machine learning to cybersecurity and improve the way companies, governments and end users proactively solve the world’s most difficult security problems. Using  predictive analysis, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats.

Specification

  • Windows Agent Requirements Supported Operating Systems (32-bit and 64-bit)
  • Windows XP SP3 (with KB 968730) through Windows 10 (excluding Windows RT)
  • Windows XP Embedded OS and newer
  • Windows Server 2003 SP2 (with KB 968730) through Windows Server 2012R2 
 System Memory and Local Storage
  • 2 GB+ RAM
  • Approximately 500 MB of local disk storage not including quarantined items Additional Requirements
  • .NET Framework 3.5 (SP1) or higher is required on all Windows versions , Internet browser, Internet connection to register product, local administrative rights to install software.
  • Server 2003 SP2 also requires .NET 3.5 SP1 and the patch referenced in KB2868626 to update crypt32.dll. Up-to-date root certificates. 
 Mac Agent Requirements Supported Operating Systems
  • OS X 10.9 Mavericks / OS X 10.10 Yosemite / OS X 10.11 El Capitan System Memory & Local Storage
  • 2+ GB RAM
  • 500 MB of local disk storage not including any items that may have been quarantined

Links

Data Sheet

Math vs. Malware

Fidelis

Fidelis

Features

  • Detect attacks other solutions miss.
  • Identify and stop targeted attacks just as they are beginning.
  • Correlate seemingly unrelated network activity and behavior.
  • Reduce time to detect and resolve incidents.
  • Discover unmanaged devices on your network.

Description

Accelerate Triage and Validate Suspected Incidents

Automatically harvest rich system information from endpoints and correlate it against threat reputation services, advanced threat detectors and threat intelligence to confirm when endpoints are compromised.

Automate Incident Response Workflows

Easily create and customize response workflows specific to the organization. Automatically kick off remediation or perform forensic analysis by defining trigger rules and actions with the alert response workflow engine.

Eliminate Blind Spots

Identify and validate threats on your endpoints anywhere in your environment – on or off your network.

Respond Immediately

Integrate with SIEMs, next-generation firewalls and alerting tools to accelerate your response and trace alerts to compromised endpoints.

Identify Compromised Endpoints

Automatically sweep all endpoints for signs of the compromise once an Indicator of Compromise (IOC) has been validated.

Proactively Hunt for Threats

Apply network- or host-based intelligence in any format, to rapidly identify compromised endpoints and automatically take action.

Know What Happened Using Playback

Protect your systems by recording key events (e.g. files accessed, running processes, registry changes, and network and DNS activity) and receiving a detailed timeline related to a suspected incident along with prioritized alerts.

Stop Data Theft and Remediate Endpoints

Halt data exfiltration and lateral movement by isolating endpoints, halting processes, wiping files, and kicking off a script to initiate an anti-virus scan.

Links

Datasheet
Gartner Review

McAfee

McAfee

Features

Endpoint Protection – delivers advanced antivirus, anti-malware, host intrusion prevention, device control, host-based firewall, and application control to protect PCs, Macs, Linux systems, servers, virtual systems, smartphones, and tablets from online threats.

Description

A combination of AV, Firewall, web security (SiteAdvisor). Traditional Windows, Mac, and Linux systems need essential security to block advanced malware, control data loss and compliance risks caused by removable media, and provide safe access to critical email and web applications. McAfee Endpoint Protection Suite integrates these core functions into a single, manageable, multiplatform environment ideal for safeguarding traditional desktops that have limited exposure to Internet threats.

This proven enterprise and small business endpoint security solution delivers operational efficiencies and cost savings with the convenience of a single suite. It includes real-time anti-malware and antivirus protection, proactive email and web security, desktop firewall, comprehensive device control, and unrivalled centralized management.

Links

Data Sheet
Solution Brief
Product Guide
Installation Guide
Independent Review
ExpertCenter

Download as PDF

Host Intrusion Prevention System (HIPS)

McAfee® Host Intrusion Prevention for Server delivers specialized web and database server protection to maintain system uptime and business continuity.

McAfee

McAfee

Features

  • Enforce the broadest IPS and zero-day threat protection coverage across all levels: network, application, and execution.
  • Reduce time and costs with one powerful, unified console for deployment, management, reporting, and auditing of events, policies, and agents.
  • Patch endpoints less frequently and with less urgency.
  • Manage compliance with easy-to-understand actionable views, workflow, event monitoring, and reporting for prompt and proper investigation and forensics.

Description

McAfee® Host Intrusion Prevention for Server delivers specialized web and database server protection to maintain system uptime and business continuity along with the industry’s only dynamic and stateful firewall to shield against advanced threats and malicious traffic. In addition, it also provides signature and behavioral intrusion prevention system (IPS) protection. McAfee Host Intrusion Prevention for Server reduces patching frequency and urgency, preserves business continuity and employee productivity, protects data confidentiality, and simplifies regulatory compliance.

Download as PDF

Advanced Threat Protection

Designed to work with other products, a central system to verify files.

McAfee

McAfee

Features

  • User interactive mode: Enables analysts to interact directly with malware samples.
  • Extensive unpacking capabilities: Reduces investigation time from days to minutes.
  • Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
  • Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
  • Detailed reports from disassembly output to graphical function call diagrams and embedded or dropped file information: Provides critical information for analyst investigation.

Description

Designed to work with other products, a central system to verify files. Works with: McAfee Active Response, McAfee Application Control, McAfee Enterprise Security Manager, McAfee ePolicy Orchestrator software, McAfee Network Security Platform, McAfee Threat Intelligence Exchange, McAfee Web Gateway McAfee Advanced Threat Defense protects against advanced malware, including zero-day and advanced persistent threats, providing the strongest advanced threat protection available. Advanced targeted attacks are designed to defeat security systems through approaches that either confuse or evade defenses. McAfee Advanced Threat Defense detects targeted attacks and connects with existing defenses, converting threat intelligence into immediate action and protection. Unlike traditional sandboxes, it provides multiple analysis engines to broaden detection and expose evasive threats. As part of the Security Connected platform, McAfee Advanced Threat Defense is tightly integrated with other Intel Security solutions—from network to endpoint—enabling instant sharing of threat intelligence across the entire infrastructure to enhance zero-day threat protection, reduce time from detection to containment, and aid investigation to remediate post-attack.

Specification

ATD-3000 – 30 VMs, Form factor 1U Rack-Mount ATD-6000 – 60 VMs, Form factor 2U Rack-Mount File/media types supported: PE files, Adobe files, MS Office Suite files, Image files, Archives, Java, Android Application Package Analysis methods: McAfee Anti-Malware, GTI reputation: file/URL/IP, Gateway Anti-Malware (emulation and behavioral analysis), dynamic analysis (sandboxing), static code analysis, custom YARA rules Supported OS: Win 8 (32-bit/64-bit), Win 7 (32-bit/64-bit), Win XP (32-bit/64-bit), Win Server 2003, Win Server 2008 (64-bit); Android All Windows operating system support available in: English, German, Italian, Japanese, and Simplified Chinese.

Links

Data Sheet Solution Brief Product Guide 3.6.2
Best practices to avoid being compromised by file infectors
Best practices to avoid being compromised by Worms
Bank Case Study
ExpertCenter

Download as PDF

Services

Network Security

Network Security components keep your network safe.

Cognosec Services

Cognosec Services

Features

Network Security refers to the security components which reside at the network layer of the business. The network layer connects the individual computers servers, applications and data storage areas together. Many attacks and interception attempts take place at this level, so it is a critical area to protect. The rapid adoption rate of cloud services and smart apps is becoming increasingly complex to manage, for both businesses and individuals in their own capacity. We provide a full service offering for any size of business from 25 users to 80,000 users, ranging from consulting, gap analysis, architecture & design, implementation and management of:

  • Host-based Intrusion Prevention Services HIPS) – For Servers
  • Perimeter facing and Internal facing Firewalls
  • Web Application Firewall Services
  • Network Access Control (NAC)
  • Network Intrusion Prevention (NIPS) Services

Description

Network Security components keep your network safe and include some or all of the following, depending on your requirements:

Firewalls (FW) – These are network devices that operate like border controls – only allowing the traffic you want to pass in and out of your company.

Web Application Firewalls (WAF) – These are similar to firewalls but designed to protect public websites. They only allow specific web traffic through in either direction to protect sensitive or confidential information often held in databases linked behind the website. WAFs are Essential for eCommerce businesses, who need public facing websites that facilitate payments.

Network Intrusion Prevention Services (NIPS) – protects against malicious hidden processes and hacking using devices on the network. These devices process large volumes of traffic and generate many lines of  log data, which have to be managed properly to deliver proper value.

Network Access Control (NAC) – This technology prevents unauthorized (or “Rogue”) devices from joining your network. When a device does not meet your security policies or standards it should not be able to access your network.

Network Data Loss/Leakage Prevention (NDLP) – is a technology which utilizes policies on a computer that helps prevent sensitive data from being transmitted to the wrong people, both inside and outside the company.

Distributed Denial of Service (DDoS) Services –DDoS attacks have evolved into complex and overwhelming security challenges. The attacks target the transport and network layers of a communication system and flood network interfaces with traffic, causing inability to respond to legitimate traffic. This impacts your ability to conduct business using the network or internet, causing financial loss.

By choosing the correct managed cybersecurity services provider, all technologies can be deployed, configured and managed from a central console, but have to be properly tuned and managed to deliver ROI to the End User.

All reporting, remediation and escalation activities coordinated centrally.

Download as PDF

Network Protection

Cognosec’s Network Security service offers tailored defense systems such as Unified Threat Management (UTM) solutions.

Cognosec Services

Cognosec Services

Description

Developing a network with full-fledged security involves the implementation of many elements and need to be performed by experienced teams of specialists. Cognosec’s Network Security service offers tailored defense systems such as Unified Threat Management (UTM) solutions. UTM is the evolution of the traditional firewall and is an all-inclusive security product able to perform multiple security functions within one single appliance such as network firewalling, network intrusion prevention and gateway antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, and data leakage prevention. The combination of automated scanning and manual search filtering provides you with an extremely efficient and effective way of protecting yourself against even the most pesky attackers.

Specifications

Network protection consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.

Download as PDF