Filter page

Products

Vulnerability Management

Tenable

Tenable

Features

  • Nessus – The worlds most widely developed vulnerability scanner, with more than a million global users.
  • tenable.io – Gain actionable insight into your security risks and where to focus with Tenable.io – the cloud-based vulnerability managment platform built for todays dynamic IT assets, like cloud, containers and web apps.
  • SecurityCenter – Pre-built, customizable dashboards and reports and the industry’s only Assurance Report Cards enable you to measure and analyze security program effectiveness.

Description

Nessus®

Nessus® is the world’s most widely deployed vulnerability assessment and management solution, chosen by millions of users across the globe. Available as a single scanning solution as Nessus Professional or for vulnerability management teams as Nessus Manager, Nessus quickly and accurately identifies vulnerabilities, configuration issues and malware in physical, virtual and cloud environments and helps you prioritize what you need to fix first.

Tenable.io

Bring clarity to your security and compliance posture with Tenable.io. Built on the leading Nessus technology from Tenable, this cloud-based vulnerability-management platform delivers a fresh, asset-based approach that accurately tracks your resources, while offering specialized applications for container security and web application scanning. Maximizing visibility and insight, Tenable.io effectively prioritizes your vulnerabilities while seamlessly integrating into your environment.

SecurityCenter SecurityCenter® leverages and consolidates Nessus scan data into an easy to understand management console. Use SecurityCenter to manage and analyze vulnerability data across your organization, prioritize security risks and obtain a clear view of your security posture. Visualize, measure and assess the effectiveness of your security program with SecurityCenter’s pre-built, highly customizable dashboards and reports and the industry’s only Assurance Report Cards (ARCs). SecurityCenter Continuous View SecurityCenter CV™, the market-leading continuous monitoring platform, provides comprehensive visibility of your security and compliance posture, along with actionable insight into prioritized weaknesses to help you find and fix vulnerabilities faster.

SecurityCenter CV delivers true continuous monitoring by leveraging and consolidating scan data from Nessus and the Passive Vulnerability Scanner® (PVS™), and log aggregation from the Log Correlation Engine® (LCE®), to eliminate blind spots, increase efficiency, prove compliance and ensure security effectiveness.

Links

Vulnerability management data sheet

Tenable IO data sheet 

 

Download as PDF

DDoS protection

Enterprise-class DDoS protection and Web Application Firewall.

Zenedge

Zenedge

Features

24X7 SOC

Advanced BOT identification capabilities

More than 30 POPs worldwide

Description

Enterprise-class DDoS protection and Web Application Firewall.

Specification

Cloud based, Network Layers 3,4,7.

Can do website vulnerability assessments, have template for presenting results.

Download as PDF

Illicit scanner

NetClean provides intelligence solutions to detect, block and analyse digital media to create a safer society.

NetClean

NetClean

Features

ProActive can detect child sexual abuse material on everything from USB flash drives and hard disks to email and Internet traffic.

Description

Specifically to find child pornography on computers (work).

NetClean provides intelligence solutions to detect, block and analyse digital media to create a safer society. It is the leading developer of technical solutions to fight child sexual abuse material. Its solutions are being used worldwide by multinational companies, government agencies, internet service providers, and law enforcement professionals.

Specification

  • Uses only police identified child pornography images, no false positives.
  • Can be Network and/or Endpoint solution.
  • Agent is compatible with Microsoft Windows, Linux and Mac OS X
  • Can block and/or issue an alert in the event of an incident
  • Handles both real-time scans and scheduled scans
  • Configuration control via the NetClean Management Server
  • Automatic updates
  • No end-user interaction
  • Network Agent is easily integrated with your proxy server via ICAP and conducts real-time scans in HTTP traffic in search of illicit images and video files.
  • Can block and/or issue an alert in the event of an incident
  • Appliance is a hardware agent that conducts real-time searches in network traffic in order to identify illicit images and video files but without compromising performance or causing delays.
  • Can block and/or issue an alert in the event of an incident
  • Handles unencrypted TCP- and UDP-based network protocols
  • Supports network speeds of up to 1 Gb/s
  • Supports installation inline or as a network tap
  • Built-in hardware redundancy
  • Configuration and control via the NetClean Management Server
Download as PDF

Web Gateway

McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture.

McAfee

McAfee

Features

  • Common criteria EAL2+ and FIPS 140-2 Level 2 certified
  • Available in multiple hardware models and as a virtual machine supporting VMware and Microsoft Hyper-V
  • Integrated with complementary Intel® Security solutions including McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange
  • Rated number one anti-malware in a secure web gateway (AV-TEST)

Description

McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture. For user-initiated web requests, McAfee Web Gateway  first enforces an organization’s Internet use policy. For all allowed traffic, it then uses local and global techniques to analyze the nature and intent of all content and active code entering the network via the requested web pages, providing immediate protection against malware and other hidden threats. And, unlike basic packet inspection techniques, McAfee Web Gateway can examine SSL traffic to provide in-depth protection against malicious code or control applications that have been hidden through encryption.

Links

Data Sheet 

Solution Brief 

Product Guide 

Best practices 

Case Study

ExpertCenter 

Review

Download as PDF

VirusScan Enterprise (VSE)

McAfee VirusScan Enterprise combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware.

McAfee

McAfee

Features

  • Protect your files from viruses, worms, rootkits, Trojans, and other threats.
  • Proactive protection against new and unknown buffer-overflow exploits that target vulnerabilities in Microsoft applications.
  • The worldwide presence of McAfee Labs enables McAfee VirusScan Enterprise to leverage protection across file, network, web, message, and vulnerability data.
  • The McAfee ePolicy Orchestrator® (McAfee ePO™) management platform provides centralized deployment, policy configuration and enforcement, and detailed, customizable reporting.
  • Easily configure policies to manage and remove quarantined items.
  • Supports users who are using Microsoft Outlook or Lotus Notes.

Description

McAfee VirusScan Enterprise combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware. It reduces the cost of managing outbreak responses, stops zero-day threats, and mitigates the window of vulnerability—the time between the discovery of a vulnerability and when fixes are deployed. Plus, with McAfee VirusScan Enterprise, you have the flexibility to detect and block malware based on your business needs: on access, on demand, or on a schedule.

Specification

Workstation

  • Windows 10
  • Windows 10 for Embedded Systems
  • Windows 8.1
  • Windows 8
  • Windows 7
  • Windows 7 Professional for Embedded Systems
  • Windows 7 Ultimate for Embedded Systems
  • Windows Vista
  • Windows Vista Business for Embedded Systems
  • Windows Vista Ultimate for Embedded Systems
  • Windows XP SP3
  • Windows XP Professional for Embedded Systems 32-bit
  • Windows XP Tablet PC Edition SP2
  • Windows Embedded for Point of Service (WEPOS)

Server

  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Small Business Server 2011
  • Windows Embedded Standard 2009
  • Windows Embedded Point of Service 1.1 SP3
  • Windows Embedded Point of Service Ready 2009
  • Windows Server 2008 R2
  • Windows Server 2008 SP2: Standard, Enterprise, Datacenter, Foundation, Web, HPC
  • Windows Small Business Server 2008 SP2
  • Windows Server 2003 R2 SP2
  • Windows Server 2003 SP2
  • Windows Small Business Server 2003 R2 SP2
  • Windows Small Business Server 2003 SP2
  • Citrix Xen Guest
  • Citrix XenApp 5.0, 5.6, 6.0, 6.5, 7.5, 7.6

Links

Data Sheet 

Product Guide 

Best practices 

Case Study

ExpertCenter 

Download as PDF

Threat Intelligence Exchange (TIE)  

McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time.

McAfee

McAfee

Features

Adaptive threat protection closes the gap from encounter to containment for advanced targeted attacks from days, weeks, and months down to milliseconds.

Collaborative threat intelligence is built out of global intelligence data sources combined with local threat intelligence gathering.

You get immediate visibility into the presence of advanced targeted attacks in your organization.

Relevant security intelligence is shared in real time among endpoint, gateway, network, and data center security solutions.

You are empowered to make decisions on never-before-seen files, based on endpoint context (file, process, and environmental attributes) blended with collective threat intelligence.

Integration is simplified through the McAfee Data Exchange Layer. Implementation and operational costs are reduced by connecting together Intel Security and non-Intel Security security solutions to operationalize your threat intelligence in real time.

Description

McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time. Combining imported global threat information with locally collected intelligence and sharing it instantly, allows your security solutions to operate as one, exchanging and acting on shared intelligence. McAfee Threat Intelligence Exchange narrows the gap from encounter to containment from days, weeks, and months down to milliseconds.

Specifications

McAfee Threat Intelligence Exchange consists of the following components:

  • McAfee Threat Intelligence Exchange Server 1.2.0
  • McAfee Data Exchange Layer Client 1.1.0
  • McAfee Threat Intelligence Exchange Module 1.0.1 for VirusScan Enterprise

Additional requirements for McAfee Threat Intelligence Exchange include:

McAfee Endpoint Protection

  • McAfee VirusScan Enterprise 8.8, Patch 4 with Hotfix 929019, Patch 5
  • McAfee Endpoint Security 10.1 or later

McAfee Security Management

  • McAfee ePolicy Orchestrator 5.1.1

Virtualization Infrastructure

  • VMWare vSphere 5.1.0 with ESXi 5.1 or later

Links

Data Sheet

Solution Brief 

Product Guide 1.3.0

Bank Case Study  

ExpertCenter  

Product Home Page

POC Guide

Download as PDF

SiteAdvisor Enterprise (SAE)

Using an intuitive color-coded rating system, McAfee SiteAdvisor Enterprise identifies websites that contain malware or other threats such as spyware or phishing scams, alerting you before you click.

McAfee

McAfee

Features

  • Inform end users about the dangers of searching or surfing the Internet.
  • When you search with Google, Yahoo!, MSN, AOL, or Ask.com, a safety rating appears next to each search result.
  • Our color-coded rating system lets users know which websites are safe and which are risky.
  • McAfee SiteAdvisor Enterprise software allows for advanced customization to authorize or block websites based on overall site ratings or threat factors.
  • Use the McAfee Web Filtering for Endpoint module to monitor, control, and report on users’ web surfing to ensure compliance and increase employee productivity.
  • With McAfee ePolicy Orchestrator®  (McAfee ePO™) management console, McAfee SiteAdvisor Enterprise solutions are easy to deploy, manage, and report on across your entire organization.

Description

Keep your business safe without limiting Internet access.

Using an intuitive color-coded rating system, McAfee SiteAdvisor Enterprise identifies websites that contain malware or other threats such as spyware or phishing scams, alerting you before you click.

Get always up-to-date alerts. McAfee Global Threat Intelligence continually scans the Internet with intelligent bots and virtual computers to uncover websites that contain malware.

Gain insight from our email and download tests that inform you if a site contains suspicious links or affiliations to harmful sites.

Ensure policy compliance by authorising or blocking websites, and implementing additional protection for remote users.

Links

Data Sheet 

 Solution Brief

Product Guide 

Best practices 

 ExpertCenter 

 

Download as PDF

Network Security Platform (NSP)

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network.

McAfee

McAfee

Features

Unparalleled Advanced Threat prevention

  • Signature-less, advanced malware analysis
  • Inline Browser and JavaScript emulation
  • Advanced botnet and malware callback detection
  • Behavior-based analysis and DDoS protection
  • Integration with McAfee Advanced Threat Defense

Security Connected

  • Real-time threat sharing with McAfee Threat Intelligence Exchange (TIE)
  • Endpoint context via ePolicy Orchestrator® (McAfee ePO™)
  • Endpoint process correlation via Endpoint Intelligence Agent
  • Data Sharing and Quarantine with McAfee Enterprise Security Manager (SIEM)
  • Host Risk Analysis via McAfee Vulnerability Manager
  • Predictive malware detection via McAfee GTI

Description

McAfee® Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network. Using advanced detection and emulation techniques, it moves beyond mere pattern matching to defend against stealthy attacks with extreme accuracy. This next-generation hardware platform scales to speeds of more than 40 GBPS with a single device to meet the needs of demanding networks. The Security Connected approach to security management streamlines security operations by combining real-time McAfee Global Threat Intelligence (McAfee GTI) feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks.

Links

Data Sheet

Solution Brief

Product Guide 

Administration Guide 

Case Study

Download as PDF

MOVE Antivirus

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

McAfee

McAfee

Features

McAfee MOVE AntiVirus for Virtual Servers

  • McAfee MOVE AntiVirus:
      • Multiplatform deployment
      • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee ePO software

McAfee MOVE AntiVirus for Virtual Desktops

      • McAfee MOVE AntiVirus:
        • Multiplatform deployment
        • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee Host Intrusion Prevention System
      • McAfee SiteAdvisor® Enterprise
      • Memory Protection, and Web Application Protection
      • McAfee ePO software

Description

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

It removes the need to install an anti-virus application on every virtual machine (VM) by offloading all scanning to a dedicated security virtual machine (SVM) so that customers get the protection they need without sacrificing performance.

McAfee MOVE AntiVirus supports agentless deployment for VMware NSX and VMware vCNS and multi-platform deployment for all major hypervisors.

Links

Data Sheet
Solution Brief
Product Guide
Case Study
ExpertCenter

Download as PDF

Security Information & Event Management (SIEM)

McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.

McAfee

McAfee

Features

Add-ons:

McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.

McAfee Application Data Monitor – monitor all the way to the application layer to detect fraud, data loss, and advanced threats. This SIEM tool supports accurate analysis of real application use, while enforcing policies and detecting malicious, covert traffic.

McAfee Database Event Monitor for SIEM – complete audit trail of all database activities, including queries, results, authentication activity, and privilege escalations, widening your visibility into who’s accessing your data and why.

McAfee Event Receiver – Collect up to tens of thousands of events per second with a single receiver.

McAfee Enterprise Log Manager – Reduce compliance costs with automated log collection, storage, and management. Collect, compress, sign, and store all original events with a clear audit trail of activity that can’t be repudiated.

McAfee Global Threat Intelligence for Enterprise Security Manager – Constantly updated threat intelligence feed that broadens situational awareness by enabling rapid discovery of events involving communications with suspicious or malicious IPs.

Description

A high-performance security information and event management (SIEM) solution brings event, threat, and risk data together to provide security intelligence, rapid incident response, seamless log management, and compliance reporting—delivering the context required for adaptive security risk management.

Specifications

Supported devices

System requirements

Processor

  • P4 class (not Celeron) or higher (Mobile/Xeon/Core2,Corei3/5/7)
  • AMD AM2 class or higher (Turion64/Athlon64/Opteron64,A4/6/8)
  • RAM — 1.5 GB

Windows operating system

  • Windows 2000
  • Windows XP
  • Windows 2003 Server
  • Windows Vista
  • Windows 2008 Server
  • Windows Server 2012
  • Windows 7
  • Windows 8
  • Windows 8.1

Browsers

  • Internet Explorer 9 or later
  • Mozilla Firefox 9 or later
  • Google Chrome 33 or later

Flash Player

  • Version 11.2.x.x or later

Virtual Machine requirements

  • Processor — 8-core 64-bit, Dual Core2/Nehalem, or higher or AMD Dual Athlon64/Dual Opteron64 or higher
  • RAM — Depends on the model (4 GB or more)
  • Disk space — Depends on the model (250 GB or more)
  • ESM features use pop-up windows when uploading or downloading files. Disable the pop-up blocker for your ESM.
  • ESXi 5.0 or later
  • The minimum requirement is 250 GB unless the VM purchased has more. See the specifications for your VM product.

Links

Data Sheet
Solution Brief
Product Guide 9.6
Insurance Case Study  

Download as PDF

ePolicy Orchestrator  

A single console for all your security management.  The most advanced, extensible, and scalable centralized security management software in the industry.

McAfee

McAfee

Features

Guided configuration, automated work stream, and predefined dashboards make getting started a snap.

Tag-based policy assignment precisely targets assignment of predefined security profiles to systems based on their business role or at-risk status.

Task catalog and automated management capabilities streamline administrative processes and reduce overhead.

A single web interface aligns security processes for maximum visibility, while a single agent reduces the risk of endpoint conflicts. Scale for enterprise deployments

Enterprise-class architecture supports hundreds of thousands of devices on a single server.

Supports complex and heterogeneous IT environments.

Enterprise reporting across on-premises and Securityas-a-Service (SaaS) security information.

Description

A single console for all your security management.  The most advanced, extensible, and scalable centralized security management software in the industry.  Get a unified view of your security posture with drag-and-drop dashboards that provide security intelligence across endpoints, data, mobile and networks.  Simplify security operations with streamlined workflows for proven efficiencies. Flexible security management options allow you to select either a traditional premises-based or a cloud-based management version of McAfee ePO.

Leverage your existing third-party IT infrastructure from a single security management console with our extensible architecture.

Links

Data Sheet 

Data Sheet (Cloud) 

Solution Brief

Product Guide 5.3
Product Guide (Cloud)
Best practices
Case Study
ExpertCenter 

Download as PDF

Intel Data Loss Prevention (DLP)

McAfee Data Loss Prevention (DLP) Endpoint 10.0 safeguards intellectual property and ensures compliance by protecting sensitive data such as PCI, PII, and PHI wherever it lives—on premises, in the cloud, or at the endpoints.

McAfee

McAfee

Features

Real-time exfiltration prevention: Integrated with McAfee Threat Intelligence Exchange and McAfee Data Exchange Layer for visibility and real-time monitoring. Advanced protection capabilities: Leverage fingerprinting, classification, and file tagging to secure sensitive, unstructured data, such as intellectual property and trade secrets. Centralized management: Natively integrated with McAfee® ePolicy Orchestrator® (McAfee ePO™) software to streamline policy and incident management. Compliance enforcement: Ensure compliance by addressing day-to-day end-user actions, such as emailing, cloud posting, downloading to removable media devices, and more. End-user education: Real-time feedback via educational popup helps shape corporate security awareness and culture.”

Description

McAfee Data Loss Prevention (DLP) Endpoint 10.0 safeguards intellectual property and ensures compliance by protecting sensitive data such as PCI, PII, and PHI wherever it lives—on premises, in the cloud, or at the endpoints. It helps you monitor and address day-to-day end-user risky actions such as emailing, web posting, printing, clipboards, screen captures, device control, uploading to the cloud, and more.

Specifications

Supported Platforms

  • Windows 7 SP1 or later, Enterprise and Business editions, 32-bit and 64-bit
  • Windows 8 and 8.1 or later Enterprise and Professional, 32-bit and 64-bit
  • Windows Server 2008 R2 and 2008 SP2 or later, 32-bit and 64-bit
  • Windows Server 2012 and 2012 R2 or later, 64-bit
  • OS X Mountain Lion 10.8.5
  • OS X Mavericks 10.9.5
  • OS X Yosemite 10.10

Supported Browsers

  • Internet Explorer version 8 to 11
  • Mozilla Firefox 34 or higher
  • Google Chrome 31 or higher
  • McAfee ePO Software and Agents
  • McAfee ePO software 4.6.9 and 5.1.1
  • McAfee Agent for Windows 4.8 Patch 2 and 5.0
  • McAfee Agent for Mac 4.6 Patch 3, 4.8 Patch 2, and 5.0

Links

Data Sheet Solution Brief – Office 365
Product Guide
Case Study
ExpertCenter

Download as PDF

Active Response

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response.

McAfee

McAfee

Description

Designed to monitor, control and alert when endpoints are compromised.

An endpoint detection and response tool for advanced threats.

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defense lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:

Collectors: Find and visualize data from systems.

Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.

Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.

Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.

Specification

Supported client operating systems

  • CentOS 6.5, 32-bit
  • RedHat 6.5, 32-bit
  • Microsoft Windows
    • Windows 8.0, Base, 32-bit, and 64-bit
    • Windows 8.1, Base, U1; 32-bit and 64-bit
    • Windows 2012, Server Base, R2; U1; 64-bit
    • Windows 2008 R2 Enterprise, SP1, 64-bit
    • Windows 2008 R2 Standard, SP1, 64-bit
    • Windows 7 Enterprise, up to SP1; 32-bit and 64-bit
    • Windows 7 Professional, up to SP1; 32-bit and 64-bit

 

Links

Data Sheet
Solution Brief
Product Guide
ExpertCenter

Download as PDF

Endpoint Protection

Identify and stop targeted attacks just as they are beginning.

Download the Datasheet

Cylance

Cylance

Features

MALWARE EXECUTION CONTROL

  • Machine learning with predictive analysis
  • Automated static code analysis
  • Memory Control Script Control
  • Application Control
  • Pre-execution prevention in <100ms
  • No signatures |
  • No prior knowledge needed No Internet required
  • No daily scans Rejects potentially unwanted programs (PUPs)

Description

Cylance applies artificial intelligence, algorithmic science and machine learning to cybersecurity and improve the way companies, governments and end users proactively solve the world’s most difficult security problems. Using  predictive analysis, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats.

Specification

  • Windows Agent Requirements Supported Operating Systems (32-bit and 64-bit)
  • Windows XP SP3 (with KB 968730) through Windows 10 (excluding Windows RT)
  • Windows XP Embedded OS and newer
  • Windows Server 2003 SP2 (with KB 968730) through Windows Server 2012R2 
 System Memory and Local Storage
  • 2 GB+ RAM
  • Approximately 500 MB of local disk storage not including quarantined items Additional Requirements
  • .NET Framework 3.5 (SP1) or higher is required on all Windows versions , Internet browser, Internet connection to register product, local administrative rights to install software.
  • Server 2003 SP2 also requires .NET 3.5 SP1 and the patch referenced in KB2868626 to update crypt32.dll. Up-to-date root certificates. 
 Mac Agent Requirements Supported Operating Systems
  • OS X 10.9 Mavericks / OS X 10.10 Yosemite / OS X 10.11 El Capitan System Memory & Local Storage
  • 2+ GB RAM
  • 500 MB of local disk storage not including any items that may have been quarantined

Links

Data Sheet

Math vs. Malware

Fidelis

Fidelis

Features

  • Detect attacks other solutions miss.
  • Identify and stop targeted attacks just as they are beginning.
  • Correlate seemingly unrelated network activity and behavior.
  • Reduce time to detect and resolve incidents.
  • Discover unmanaged devices on your network.

Description

Accelerate Triage and Validate Suspected Incidents

Automatically harvest rich system information from endpoints and correlate it against threat reputation services, advanced threat detectors and threat intelligence to confirm when endpoints are compromised.

Automate Incident Response Workflows

Easily create and customize response workflows specific to the organization. Automatically kick off remediation or perform forensic analysis by defining trigger rules and actions with the alert response workflow engine.

Eliminate Blind Spots

Identify and validate threats on your endpoints anywhere in your environment – on or off your network.

Respond Immediately

Integrate with SIEMs, next-generation firewalls and alerting tools to accelerate your response and trace alerts to compromised endpoints.

Identify Compromised Endpoints

Automatically sweep all endpoints for signs of the compromise once an Indicator of Compromise (IOC) has been validated.

Proactively Hunt for Threats

Apply network- or host-based intelligence in any format, to rapidly identify compromised endpoints and automatically take action.

Know What Happened Using Playback

Protect your systems by recording key events (e.g. files accessed, running processes, registry changes, and network and DNS activity) and receiving a detailed timeline related to a suspected incident along with prioritized alerts.

Stop Data Theft and Remediate Endpoints

Halt data exfiltration and lateral movement by isolating endpoints, halting processes, wiping files, and kicking off a script to initiate an anti-virus scan.

Links

Datasheet
Gartner Review

McAfee

McAfee

Features

Endpoint Protection – delivers advanced antivirus, anti-malware, host intrusion prevention, device control, host-based firewall, and application control to protect PCs, Macs, Linux systems, servers, virtual systems, smartphones, and tablets from online threats.

Description

A combination of AV, Firewall, web security (SiteAdvisor). Traditional Windows, Mac, and Linux systems need essential security to block advanced malware, control data loss and compliance risks caused by removable media, and provide safe access to critical email and web applications. McAfee Endpoint Protection Suite integrates these core functions into a single, manageable, multiplatform environment ideal for safeguarding traditional desktops that have limited exposure to Internet threats.

This proven enterprise and small business endpoint security solution delivers operational efficiencies and cost savings with the convenience of a single suite. It includes real-time anti-malware and antivirus protection, proactive email and web security, desktop firewall, comprehensive device control, and unrivalled centralized management.

Links

Data Sheet
Solution Brief
Product Guide
Installation Guide
Independent Review
ExpertCenter

Download as PDF

Patch & Remediation

The Everbridge Platform is Globally Local by using optimized routing, message localization, regulatory compliance and application localization.

Everbridge

Everbridge

Features

Fast and Reliable – The Everbridge Platform is resilient using multiple data centers at all times.

Globally Local – The Everbridge platfom sends notifications to over 200 countries and territories.

Secure – Everbridge protects your data with: SAFETY Act Designation and Certification, FedRAMP Compliance, FISMA Authorization & Accreditation, SSAE-16 SOC 2 & 3 Compliance, EU/US Safe Harbor Compliance

Location Aware – Getting notifications to people affected by an incident is one of the most important facets of successful critical communication.

Easy Integration – Everbridge Open offers an extensive suite of RESTful APIs that can be used to trigger notifications or create and update contact information from an internal system.

Description

Everbridge is a Critical Communications Platform.

We provide enterprise software applications to automate the delivery of critical information to help keep people safe and business running.

The Everbridge Platform is resilient using multiple data centers at all times This provides the resiliency and redundancy to lower the risk of degradation and cascading failures.

The Everbridge Platform is Globally Local by using optimized routing, message localization, regulatory compliance and application localization.

Your security is our top priority. The Security, Everbridge Privacy and Website Cookie Policies are designed to assist you in understanding how we collect, use and safeguard the information you provide.

Getting notifications to the people affected by an incident is one of the most important facets of successful critical communication. Everbridge continues to innovate in making our platform location aware so you can reach the right people.

Everbridge Open offers an extensive suite of RESTful APIs that can be used to trigger notifications or create and update contact information from an internal system. Our Everbridge Open API’s two-way capabilities allow third-party systems to create powerful closed-loop integrations with our platform.

 

Specifications

Safety Connection
Mass Notification
Incident Management
IT Alerting
Secure Mobile Communication
Community Engagement
Free Online Learning

Links

Read more

Download as PDF

Next Gen Intrusion Detection & Protection System (IDS / IPS)

Detect and Prevent Advanced Targeted Attacks

eSentire

eSentire

Features

  • Always-On Full-Packet Capture
  • Whitelisted Executables
  • Endpoint Lock-Down/Quarantine
  • Automatic Signature-based Intrusion Detection and Prevention
  • IP Range Blocking (Geo-location blacklisting)
  • Whitelisting, Blacklisting and Custom Rules
  • Zero Network Latency
  • Decrypted SSL Traffic Analysis

Description

Detect and Prevent Advanced Targeted Attacks

Mid-sized organizations now represent 54%(1) of all cybersecurity breaches and what’s troubling is that you might not even be aware that you’re a prime target. These attacks are becoming more sophisticated and much harder to detect. Yet traditional cybersecurity technologies haven’t evolved at the same pace and as a result, fail to effectively protect you from today’s sophisticated attacks.

Now more than ever, your organization needs protection against more than just signature-based attacks. It needs holistic protection that’s also capable of defending against zero-day targeted attacks and advanced persistent threats (APTs). Network Interceptor protects against both known and unknown threats.

At the core of the Managed Detection and Response™ service is Network Interceptor, a next-gen IDS/IPS designed for mid-sized enterprise. It fuses robust threat intel to deliver real-time signature-based threat detection and prevention, while introducing the unique ability to identify unknown cyber threats through behaviour-based anomaly detection and attack pattern analysis.

With always-on full traffic capture, our team of highly skilled threat analysts get the full picture they need to hunt, investigate, identify and escalate unique threats in real-time, always. Completely customizable to your specific business context and policies, Network Interceptor is redefining cyber protection for mid-sized organizations in the face of today’s constantly evolving cyber threat landscape.

Links

Datasheet

Download as PDF

Data Loss Protection (DLP)

Primary focus is Data Loss Prevention, but also includes Application whitelisting and Data discovery.

Digital Guardian

Digital Guardian

Features

  • Advanced Threat Protection
    • Advanced threat detection, incident response and prevention that ensures security travels with the data
  • Data Loss Prevention
    • Everything you need to stop sensitive data from getting out of your organization
  • Data Visibility & Control
    • Out-of-the-box data visibility and device control
  • Can deploy on prem or in cloud

Description

Primary focus is DLP, but also includes Application whitelisting and Data discovery.  Considered easier to implement than competition, and very useful forensics tool. Digital Guardian for Data Loss Prevention (DLP) gives you everything you need – the deepest visibility, the fine-grained control and the industry’s broadest data loss protection coverage – to stop sensitive data from getting out of your organization.  Digital Guardian for Data Loss Prevention is consistently a leader in the Gartner Magic Quadrant for Context-Aware Data Loss Prevention (DLP).

Specification

Agents for Windows, Mac, Linux, virtual.

Links

Datasheet
Manufacturing Case Study
Case Study

Download as PDF

Firewall / Next Generation Firewall

Check Point provides customers of all sizes with the latest data and network security protection in an integrated next generation firewall platform, reducing complexity and lowering the total cost of ownership.

Checkpoint

Checkpoint

Features

  • Comprehensive Threat Prevention
  • Prevent Known and Zero Day Threats
  • GAIA – A Unified Secure Operation System
  • Virtualisation
  • Measurement of Security Appliances

Description

Check Point provides customers of all sizes with the latest data and network security protection in an integrated next generation firewall platform, reducing complexity and lowering the total cost of ownership. Whether you need next-generation security for your data centre, enterprise, small business or home office, Check Point has a solution for you.

Links

Check Point Appliances Brochure  
Emerging Security Challenges in Carrier-Class Firewalls
Appliance Comparison Chart
Real-World Performance Testing

Download as PDF

Unified Security Service

Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard.

CensorNet

CensorNet

Features

  • Cloud Application Visibility
  • Cloud Application Control
  • Safe anywhere on any device
  • Safe Web Access
  • Email Security
  • Safe from Malware
  • Analytics across email, web and applications
  • Fast and Unobtrusive

Description

Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard. You can protect your employees, whether in the office or mobile, against cyber-attacks, and accidental or malicious leaks of sensitive data. Keeping your organisation safe from from the risks associated with the rapid growth in cloud applications, and the emergence of Shadow IT. USS is a comprehensive cyber security service that combines modules for the security, monitoring and control of web, email and cloud application across your network in one dashboard and logging service, meaning that common policies can be easily applied and incidents tracked across different media. USS provides the security and control of an on-premise or end point component with the flexibility and mobility of a cloud service. It is the next generation in Email and Web security with Cloud Application Control giving you the power to extend web access policies to Bring Your Own Device initiatives and to monitor and control Shadow IT.

Specification

  • Software for Networks
  • Available as a downloadable software, CensorNet’s Cloud Gateway software can be deployed on a virtual server or physical server in less than 30 minutes to extend security policies to the entire network
  • Agent Software for Roaming Users or Standalone Devices
  • Microsoft Windows agent that enforces policies on the device. Tamper proof and simple to deploy either with an install wizard or scripted via Active Directory Group Policy. Mac OS X version will be available soon.
  • Secure Browser for iOS
  • A secure browser app for iOS6 and above provides an alternative to Safari which extends the web access controls to the mobile device
  • Scalable
  • Highly optimised for large networks, the solution takes advantage of multiple processors, all available RAM and has a 64-bit architecture
  • Deployment Modes
  • Agent software, Direct proxy (set by group policy, WPAD or manually), or gateway mode for guest, BYOD or non-domain devices
  • WPAD Support
  • Automatic creation of Web Proxy Automatic Discovery (WPAD) file based on network configuration
  • BYOD Captive Portal
  • The Captive Portal allows existing users or guests to adopt BYOD and log in from those devices with valid user credentials e.g. Active Directory
Download as PDF

Forensics Tool Kit (FTK)

Reduce case investigative times by reviewing data and identifying relevant evidence, all in one centralized location.

Access Data

Access Data

Features

Forensics Tool Kits (FTK) database-driven, enterprise-class architecture allows you to handle massive data sets, as it provides stability and processing speeds not possible with other tools. It provides built-in data visualization and explicit image detection technology to quickly discern and report the most relevant material in your investigation. FTK’s interoperability with all AccessData’s solutions, allows you to correlate massive data sets from different sources, such as, computer hard-drives, mobile devices, network data, internet storage and more. This capability makes FTK the only digital investigation solution capable to reduce case investigative times by allowing you to review data and identify relevant evidence, all in one centralized location.

Description

Forensic Tool Kit (FTK) is a court-cited digital investigations platform built for speed, stability and ease of use. It provides comprehensive processing and indexing up front, so filtering and searching is faster than with any other product. This means you can “zero-in” on the relevant evidence quickly, dramatically increasing your analysis speed. Furthermore, because of its architecture, FTK can be setup for distributed processing and incorporate web-based case management and collaborative analysis.FTK is an award-winning, court-cited digital investigations solution built for speed, stability and ease of use. It quickly locates evidence and forensically collects and analyzes any digital device or system producing, transmitting or storing data by using a single application from multiple devices. Known for its intuitive interface, email analysis, customizable data views, processing speeds and stability, FTK also lays the framework so your solution can grow with your organization’s needs for a smooth expansion.

Download as PDF

Host Intrusion Prevention System (HIPS)

McAfee® Host Intrusion Prevention for Server delivers specialized web and database server protection to maintain system uptime and business continuity.

McAfee

McAfee

Features

  • Enforce the broadest IPS and zero-day threat protection coverage across all levels: network, application, and execution.
  • Reduce time and costs with one powerful, unified console for deployment, management, reporting, and auditing of events, policies, and agents.
  • Patch endpoints less frequently and with less urgency.
  • Manage compliance with easy-to-understand actionable views, workflow, event monitoring, and reporting for prompt and proper investigation and forensics.

Description

McAfee® Host Intrusion Prevention for Server delivers specialized web and database server protection to maintain system uptime and business continuity along with the industry’s only dynamic and stateful firewall to shield against advanced threats and malicious traffic. In addition, it also provides signature and behavioral intrusion prevention system (IPS) protection. McAfee Host Intrusion Prevention for Server reduces patching frequency and urgency, preserves business continuity and employee productivity, protects data confidentiality, and simplifies regulatory compliance.

Download as PDF

Application Control

McAfee Application Control prevents zero-day and APT attacks by blocking execution of unauthorized applications.

McAfee

McAfee

Features

  • Protect against zero-day and APTs without signature updates.
  • Uses McAfee Global Threat Intelligence and McAfee Threat Intelligence Exchange to provide global and local reputation of files and applications.
  • Strengthen security and lower ownership costs with dynamic whitelisting that automatically accepts new software added through your trusted channels.
  • Efficiently control application access with McAfee® ePolicy Orchestrator® (McAfee ePO™) software, a centralized platform for management of McAfee security solutions.
  • Reduce patch cycles through secure whitelisting and advanced memory protection.
  • Keep systems current with the latest patches using trusted updaters.
  • Enforce controls on connected or disconnected servers, virtual machines, endpoints, fixed devices such as point-of-sale terminals, and legacy systems such as Microsoft Windows XP.
  • Allow new applications based on application rating or self-approval for improved business continuity.
  • Maintain user productivity and server performance with a low-overhead solution.
  • Easily protect legacy systems and modern technology investments.

Description

McAfee Application Control prevents zero-day and APT attacks by blocking execution of unauthorized applications. Using our inventory feature, you can easily find and manage application-related files. It groups binaries (EXEs, DLLs, drivers, and scripts) across your enterprise by application and vendor, displays them in an intuitive, hierarchical format, and intelligently classifies them as well-known, unknown, and known-bad applications. Using whitelisting, you can prevent attacks from unknown malware by allowing only known good whitelisted applications to run. Works with GTI, TIE and ATD.

 Supported platforms

  • Microsoft Windows (32-bit and 64-bit)
  • Embedded: XPE, 7E, WEPOS, POSReady 2009, WES 2009, 8, 8.1 Industry, 10
  • Server: 2008, 2008 R2, 2012, 2012 R2
  • Desktop: NT, 2000, XP, Vista, 7, 8, 8.1, 10 Linux
  • Red Hat/CentOS 5, 6, 7
  • SUSE/openSUSE 10, 11
  • Oracle Enterprise Linux 5, 6, 7
  • Ubuntu 12.04

Links

Data Sheet
Solution Brief
Product Guide
Potentially Unwanted Programs
Case Study – Cemex
ExpertCenter

Download as PDF

Advanced Threat Protection

Designed to work with other products, a central system to verify files.

McAfee

McAfee

Features

  • User interactive mode: Enables analysts to interact directly with malware samples.
  • Extensive unpacking capabilities: Reduces investigation time from days to minutes.
  • Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
  • Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
  • Detailed reports from disassembly output to graphical function call diagrams and embedded or dropped file information: Provides critical information for analyst investigation.

Description

Designed to work with other products, a central system to verify files. Works with: McAfee Active Response, McAfee Application Control, McAfee Enterprise Security Manager, McAfee ePolicy Orchestrator software, McAfee Network Security Platform, McAfee Threat Intelligence Exchange, McAfee Web Gateway McAfee Advanced Threat Defense protects against advanced malware, including zero-day and advanced persistent threats, providing the strongest advanced threat protection available. Advanced targeted attacks are designed to defeat security systems through approaches that either confuse or evade defenses. McAfee Advanced Threat Defense detects targeted attacks and connects with existing defenses, converting threat intelligence into immediate action and protection. Unlike traditional sandboxes, it provides multiple analysis engines to broaden detection and expose evasive threats. As part of the Security Connected platform, McAfee Advanced Threat Defense is tightly integrated with other Intel Security solutions—from network to endpoint—enabling instant sharing of threat intelligence across the entire infrastructure to enhance zero-day threat protection, reduce time from detection to containment, and aid investigation to remediate post-attack.

Specification

ATD-3000 – 30 VMs, Form factor 1U Rack-Mount ATD-6000 – 60 VMs, Form factor 2U Rack-Mount File/media types supported: PE files, Adobe files, MS Office Suite files, Image files, Archives, Java, Android Application Package Analysis methods: McAfee Anti-Malware, GTI reputation: file/URL/IP, Gateway Anti-Malware (emulation and behavioral analysis), dynamic analysis (sandboxing), static code analysis, custom YARA rules Supported OS: Win 8 (32-bit/64-bit), Win 7 (32-bit/64-bit), Win XP (32-bit/64-bit), Win Server 2003, Win Server 2008 (64-bit); Android All Windows operating system support available in: English, German, Italian, Japanese, and Simplified Chinese.

Links

Data Sheet Solution Brief Product Guide 3.6.2
Best practices to avoid being compromised by file infectors
Best practices to avoid being compromised by Worms
Bank Case Study
ExpertCenter

Download as PDF

Services

Security Monitoring

The transfer, storage, analysis, and elimination of these security logs can, however, become extremely complex and sometimes even unmanageable for organizations. Cognosec’s solutions allow you to easily log data from sources such as operating systems, network devices, applications, and databases.

Cognosec Services

Cognosec Services

Features

Security monitoring is the gathering, analyzing and presenting information from:

  • network and security devices
  • identity and access-management applications
  • vulnerability management and policy-compliance tools
  • operating-system, database and application logs
  • external threat data

Description

The extent of event logging has evolved incredibly over they years and is now used for almost everything from troubleshooting problems to optimizing system and network performance, tracking user actions, and providing vital information for the investigations of malicious activity. Due to the ongoing implementation of new legislation and the vast deployment of networked servers, workstations, and other devices over the last decade, the sheer amount of logging information available has become incredible. The transfer, storage, analysis, and elimination of these security logs can, however, become extremely complex and sometimes even unmanageable for organizations. Cognosec’s solutions allow you to easily log data from sources such as operating systems, network devices, applications, and databases. We ensure that the data is collected, filtered, normalized, and stored centrally in order to facilitate analysis, correlating, reporting, and alerting. Cognosec fully supports the design, implementation, and customization of log management systems to ensure that the desired objectives are still achieved with absolute minimal impact to performance, resulting in the safest and most easily managed systems possible.

Download as PDF

Network Security

Network Security components keep your network safe.

Cognosec Services

Cognosec Services

Features

Network Security refers to the security components which reside at the network layer of the business. The network layer connects the individual computers servers, applications and data storage areas together. Many attacks and interception attempts take place at this level, so it is a critical area to protect. The rapid adoption rate of cloud services and smart apps is becoming increasingly complex to manage, for both businesses and individuals in their own capacity. We provide a full service offering for any size of business from 25 users to 80,000 users, ranging from consulting, gap analysis, architecture & design, implementation and management of:

  • Host-based Intrusion Prevention Services HIPS) – For Servers
  • Perimeter facing and Internal facing Firewalls
  • Web Application Firewall Services
  • Network Access Control (NAC)
  • Network Intrusion Prevention (NIPS) Services

Description

Network Security components keep your network safe and include some or all of the following, depending on your requirements:

Firewalls (FW) – These are network devices that operate like border controls – only allowing the traffic you want to pass in and out of your company.

Web Application Firewalls (WAF) – These are similar to firewalls but designed to protect public websites. They only allow specific web traffic through in either direction to protect sensitive or confidential information often held in databases linked behind the website. WAFs are Essential for eCommerce businesses, who need public facing websites that facilitate payments.

Network Intrusion Prevention Services (NIPS) – protects against malicious hidden processes and hacking using devices on the network. These devices process large volumes of traffic and generate many lines of  log data, which have to be managed properly to deliver proper value.

Network Access Control (NAC) – This technology prevents unauthorized (or “Rogue”) devices from joining your network. When a device does not meet your security policies or standards it should not be able to access your network.

Network Data Loss/Leakage Prevention (NDLP) – is a technology which utilizes policies on a computer that helps prevent sensitive data from being transmitted to the wrong people, both inside and outside the company.

Distributed Denial of Service (DDoS) Services –DDoS attacks have evolved into complex and overwhelming security challenges. The attacks target the transport and network layers of a communication system and flood network interfaces with traffic, causing inability to respond to legitimate traffic. This impacts your ability to conduct business using the network or internet, causing financial loss.

By choosing the correct managed cybersecurity services provider, all technologies can be deployed, configured and managed from a central console, but have to be properly tuned and managed to deliver ROI to the End User.

All reporting, remediation and escalation activities coordinated centrally.

Download as PDF

PCI DSS SAQ

Cognosec offers professional guidance to small-to-medium sized businesses in achieving PCI compliance and completing the Self-Assessment Questionnaire.

Cognosec Services

Cognosec Services

Features

The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard. Cognosec is a Qualified Security Assessor (QSA) and as a QSA we are authorised to help your company obtain and maintain PCI DSS compliance. Cognosec GmbH can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer –creating a rounded and comprehensive compliance package. Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors. As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

All business that store, process or transmit payment cardholder data must be PCI Compliant. As a Qualified Security Assessor (QSA), Cognosec offers professional guidance to small-to-medium sized businesses in achieving compliance and completing the Self-Assessment Questionnaire. The PCI DSS self-assessment questionnaires (SAQs) are validation for merchants and service providers self-evaluating their compliance with PCI DSS.  Organizations can either undergo their own PCI DSS assessments, or  a QSA company can conduct PCI DSS assessment and underwrite their SAQs.

Specification

There are different versions of the SAQ to meet different merchant environments. As a Qualified Security Assessor (QSA) we are able to provide PCI DSS SAQ assessment to organizations seek professional guidance in achieving compliance and completing the following Self-Assessment Questionnaires. SAQ A is intended for merchants that accept only card-not-present transactions (that is, e-commerce, mail order or telephone order), and that outsource all their cardholder data functions to PCI DSS compliant service providers. SAQ A would never apply to face-to-face merchants. SAQ B is for those merchants who process cardholder data using only imprint machines or using only dial-out terminals. SAQ C-VT is for merchants using only web-based virtual payment terminals, where cardholder data is manually entered into a secure website from a single system. SAQ C is for merchants with dedicated payment application systems segmented from all other systems, and connected to the Internet for the purposes of transaction processing. SAQ P2PE-HW is for merchants using a validated P2PE solution that is listed on the PCI SSC website. SAQ D is for all other SAQ-eligible merchants that do not fall into any of the other SAQ categories, and for any service providers defined by a payment brand as eligible to complete the SAQ.

Download as PDF