Filter page

Products

MOVE Antivirus

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

McAfee

McAfee

Features

McAfee MOVE AntiVirus for Virtual Servers

  • McAfee MOVE AntiVirus:
      • Multiplatform deployment
      • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee ePO software

McAfee MOVE AntiVirus for Virtual Desktops

      • McAfee MOVE AntiVirus:
        • Multiplatform deployment
        • Agentless deployment
      • McAfee Data Center Connector for vSphere
      • McAfee Host Intrusion Prevention System
      • McAfee SiteAdvisor® Enterprise
      • Memory Protection, and Web Application Protection
      • McAfee ePO software

Description

Management for Optimized Virtual Environments (MOVE) AntiVirus is optimized for protecting virtual environments such as Virtual Machines running virtualization (hypervisor) software like VMware ESX, Citrix Xen Server or Microsoft HyperV.

It removes the need to install an anti-virus application on every virtual machine (VM) by offloading all scanning to a dedicated security virtual machine (SVM) so that customers get the protection they need without sacrificing performance.

McAfee MOVE AntiVirus supports agentless deployment for VMware NSX and VMware vCNS and multi-platform deployment for all major hypervisors.

Links

Data Sheet
Solution Brief
Product Guide
Case Study
ExpertCenter

Download as PDF

Security Information & Event Management (SIEM)

McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.

McAfee

McAfee

Features

Add-ons:

McAfee Advanced Correlation Engine – identify and score threat events in real time using both rule- and risk-based logic.

McAfee Application Data Monitor – monitor all the way to the application layer to detect fraud, data loss, and advanced threats. This SIEM tool supports accurate analysis of real application use, while enforcing policies and detecting malicious, covert traffic.

McAfee Database Event Monitor for SIEM – complete audit trail of all database activities, including queries, results, authentication activity, and privilege escalations, widening your visibility into who’s accessing your data and why.

McAfee Event Receiver – Collect up to tens of thousands of events per second with a single receiver.

McAfee Enterprise Log Manager – Reduce compliance costs with automated log collection, storage, and management. Collect, compress, sign, and store all original events with a clear audit trail of activity that can’t be repudiated.

McAfee Global Threat Intelligence for Enterprise Security Manager – Constantly updated threat intelligence feed that broadens situational awareness by enabling rapid discovery of events involving communications with suspicious or malicious IPs.

Description

A high-performance security information and event management (SIEM) solution brings event, threat, and risk data together to provide security intelligence, rapid incident response, seamless log management, and compliance reporting—delivering the context required for adaptive security risk management.

Specifications

Supported devices

System requirements

Processor

  • P4 class (not Celeron) or higher (Mobile/Xeon/Core2,Corei3/5/7)
  • AMD AM2 class or higher (Turion64/Athlon64/Opteron64,A4/6/8)
  • RAM — 1.5 GB

Windows operating system

  • Windows 2000
  • Windows XP
  • Windows 2003 Server
  • Windows Vista
  • Windows 2008 Server
  • Windows Server 2012
  • Windows 7
  • Windows 8
  • Windows 8.1

Browsers

  • Internet Explorer 9 or later
  • Mozilla Firefox 9 or later
  • Google Chrome 33 or later

Flash Player

  • Version 11.2.x.x or later

Virtual Machine requirements

  • Processor — 8-core 64-bit, Dual Core2/Nehalem, or higher or AMD Dual Athlon64/Dual Opteron64 or higher
  • RAM — Depends on the model (4 GB or more)
  • Disk space — Depends on the model (250 GB or more)
  • ESM features use pop-up windows when uploading or downloading files. Disable the pop-up blocker for your ESM.
  • ESXi 5.0 or later
  • The minimum requirement is 250 GB unless the VM purchased has more. See the specifications for your VM product.

Links

Data Sheet
Solution Brief
Product Guide 9.6
Insurance Case Study  

Download as PDF

Intel Data Loss Prevention (DLP)

McAfee Data Loss Prevention (DLP) Endpoint 10.0 safeguards intellectual property and ensures compliance by protecting sensitive data such as PCI, PII, and PHI wherever it lives—on premises, in the cloud, or at the endpoints.

McAfee

McAfee

Features

Real-time exfiltration prevention: Integrated with McAfee Threat Intelligence Exchange and McAfee Data Exchange Layer for visibility and real-time monitoring. Advanced protection capabilities: Leverage fingerprinting, classification, and file tagging to secure sensitive, unstructured data, such as intellectual property and trade secrets. Centralized management: Natively integrated with McAfee® ePolicy Orchestrator® (McAfee ePO™) software to streamline policy and incident management. Compliance enforcement: Ensure compliance by addressing day-to-day end-user actions, such as emailing, cloud posting, downloading to removable media devices, and more. End-user education: Real-time feedback via educational popup helps shape corporate security awareness and culture.”

Description

McAfee Data Loss Prevention (DLP) Endpoint 10.0 safeguards intellectual property and ensures compliance by protecting sensitive data such as PCI, PII, and PHI wherever it lives—on premises, in the cloud, or at the endpoints. It helps you monitor and address day-to-day end-user risky actions such as emailing, web posting, printing, clipboards, screen captures, device control, uploading to the cloud, and more.

Specifications

Supported Platforms

  • Windows 7 SP1 or later, Enterprise and Business editions, 32-bit and 64-bit
  • Windows 8 and 8.1 or later Enterprise and Professional, 32-bit and 64-bit
  • Windows Server 2008 R2 and 2008 SP2 or later, 32-bit and 64-bit
  • Windows Server 2012 and 2012 R2 or later, 64-bit
  • OS X Mountain Lion 10.8.5
  • OS X Mavericks 10.9.5
  • OS X Yosemite 10.10

Supported Browsers

  • Internet Explorer version 8 to 11
  • Mozilla Firefox 34 or higher
  • Google Chrome 31 or higher
  • McAfee ePO Software and Agents
  • McAfee ePO software 4.6.9 and 5.1.1
  • McAfee Agent for Windows 4.8 Patch 2 and 5.0
  • McAfee Agent for Mac 4.6 Patch 3, 4.8 Patch 2, and 5.0

Links

Data Sheet Solution Brief – Office 365
Product Guide
Case Study
ExpertCenter

Download as PDF

Active Response

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response.

McAfee

McAfee

Description

Designed to monitor, control and alert when endpoints are compromised.

An endpoint detection and response tool for advanced threats.

Bolster your defenses beyond foundational endpoint protection with endpoint threat detection and response. McAfee Active Response is a leading innovation in finding and responding to advanced threats. As a key part of an integrated security architecture, it offers continuous visibility and powerful insights into your endpoints, so you can identify breaches faster and gain more control over the threat defense lifecycle. McAfee Active Response gives you the tools you need to correct security issues faster in the way that makes the most sense for your business. Key features include:

Collectors: Find and visualize data from systems.

Triggers and persistent collectors: Continuously monitor critical events or state change with one set of instructions.

Reactions: Get pre-configured and customizable actions when triggered, so you can target and eliminate threats.

Centralized management with McAfee ePolicy Orchestrator: Use a single console for comprehensive security management and automation.

Specification

Supported client operating systems

  • CentOS 6.5, 32-bit
  • RedHat 6.5, 32-bit
  • Microsoft Windows
    • Windows 8.0, Base, 32-bit, and 64-bit
    • Windows 8.1, Base, U1; 32-bit and 64-bit
    • Windows 2012, Server Base, R2; U1; 64-bit
    • Windows 2008 R2 Enterprise, SP1, 64-bit
    • Windows 2008 R2 Standard, SP1, 64-bit
    • Windows 7 Enterprise, up to SP1; 32-bit and 64-bit
    • Windows 7 Professional, up to SP1; 32-bit and 64-bit

 

Links

Data Sheet
Solution Brief
Product Guide
ExpertCenter

Download as PDF

Endpoint Protection

Identify and stop targeted attacks just as they are beginning.

Download the Datasheet

Cylance

Cylance

Features

MALWARE EXECUTION CONTROL

  • Machine learning with predictive analysis
  • Automated static code analysis
  • Memory Control Script Control
  • Application Control
  • Pre-execution prevention in <100ms
  • No signatures |
  • No prior knowledge needed No Internet required
  • No daily scans Rejects potentially unwanted programs (PUPs)

Description

Cylance applies artificial intelligence, algorithmic science and machine learning to cybersecurity and improve the way companies, governments and end users proactively solve the world’s most difficult security problems. Using  predictive analysis, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats.

Specification

  • Windows Agent Requirements Supported Operating Systems (32-bit and 64-bit)
  • Windows XP SP3 (with KB 968730) through Windows 10 (excluding Windows RT)
  • Windows XP Embedded OS and newer
  • Windows Server 2003 SP2 (with KB 968730) through Windows Server 2012R2 
 System Memory and Local Storage
  • 2 GB+ RAM
  • Approximately 500 MB of local disk storage not including quarantined items Additional Requirements
  • .NET Framework 3.5 (SP1) or higher is required on all Windows versions , Internet browser, Internet connection to register product, local administrative rights to install software.
  • Server 2003 SP2 also requires .NET 3.5 SP1 and the patch referenced in KB2868626 to update crypt32.dll. Up-to-date root certificates. 
 Mac Agent Requirements Supported Operating Systems
  • OS X 10.9 Mavericks / OS X 10.10 Yosemite / OS X 10.11 El Capitan System Memory & Local Storage
  • 2+ GB RAM
  • 500 MB of local disk storage not including any items that may have been quarantined

Links

Data Sheet

Math vs. Malware

Fidelis

Fidelis

Features

  • Detect attacks other solutions miss.
  • Identify and stop targeted attacks just as they are beginning.
  • Correlate seemingly unrelated network activity and behavior.
  • Reduce time to detect and resolve incidents.
  • Discover unmanaged devices on your network.

Description

Accelerate Triage and Validate Suspected Incidents

Automatically harvest rich system information from endpoints and correlate it against threat reputation services, advanced threat detectors and threat intelligence to confirm when endpoints are compromised.

Automate Incident Response Workflows

Easily create and customize response workflows specific to the organization. Automatically kick off remediation or perform forensic analysis by defining trigger rules and actions with the alert response workflow engine.

Eliminate Blind Spots

Identify and validate threats on your endpoints anywhere in your environment – on or off your network.

Respond Immediately

Integrate with SIEMs, next-generation firewalls and alerting tools to accelerate your response and trace alerts to compromised endpoints.

Identify Compromised Endpoints

Automatically sweep all endpoints for signs of the compromise once an Indicator of Compromise (IOC) has been validated.

Proactively Hunt for Threats

Apply network- or host-based intelligence in any format, to rapidly identify compromised endpoints and automatically take action.

Know What Happened Using Playback

Protect your systems by recording key events (e.g. files accessed, running processes, registry changes, and network and DNS activity) and receiving a detailed timeline related to a suspected incident along with prioritized alerts.

Stop Data Theft and Remediate Endpoints

Halt data exfiltration and lateral movement by isolating endpoints, halting processes, wiping files, and kicking off a script to initiate an anti-virus scan.

Links

Datasheet
Gartner Review

McAfee

McAfee

Features

Endpoint Protection – delivers advanced antivirus, anti-malware, host intrusion prevention, device control, host-based firewall, and application control to protect PCs, Macs, Linux systems, servers, virtual systems, smartphones, and tablets from online threats.

Description

A combination of AV, Firewall, web security (SiteAdvisor). Traditional Windows, Mac, and Linux systems need essential security to block advanced malware, control data loss and compliance risks caused by removable media, and provide safe access to critical email and web applications. McAfee Endpoint Protection Suite integrates these core functions into a single, manageable, multiplatform environment ideal for safeguarding traditional desktops that have limited exposure to Internet threats.

This proven enterprise and small business endpoint security solution delivers operational efficiencies and cost savings with the convenience of a single suite. It includes real-time anti-malware and antivirus protection, proactive email and web security, desktop firewall, comprehensive device control, and unrivalled centralized management.

Links

Data Sheet
Solution Brief
Product Guide
Installation Guide
Independent Review
ExpertCenter

Download as PDF

Patch & Remediation

The Everbridge Platform is Globally Local by using optimized routing, message localization, regulatory compliance and application localization.

Everbridge

Everbridge

Features

Fast and Reliable – The Everbridge Platform is resilient using multiple data centers at all times.

Globally Local – The Everbridge platfom sends notifications to over 200 countries and territories.

Secure – Everbridge protects your data with: SAFETY Act Designation and Certification, FedRAMP Compliance, FISMA Authorization & Accreditation, SSAE-16 SOC 2 & 3 Compliance, EU/US Safe Harbor Compliance

Location Aware – Getting notifications to people affected by an incident is one of the most important facets of successful critical communication.

Easy Integration – Everbridge Open offers an extensive suite of RESTful APIs that can be used to trigger notifications or create and update contact information from an internal system.

Description

Everbridge is a Critical Communications Platform.

We provide enterprise software applications to automate the delivery of critical information to help keep people safe and business running.

The Everbridge Platform is resilient using multiple data centers at all times This provides the resiliency and redundancy to lower the risk of degradation and cascading failures.

The Everbridge Platform is Globally Local by using optimized routing, message localization, regulatory compliance and application localization.

Your security is our top priority. The Security, Everbridge Privacy and Website Cookie Policies are designed to assist you in understanding how we collect, use and safeguard the information you provide.

Getting notifications to the people affected by an incident is one of the most important facets of successful critical communication. Everbridge continues to innovate in making our platform location aware so you can reach the right people.

Everbridge Open offers an extensive suite of RESTful APIs that can be used to trigger notifications or create and update contact information from an internal system. Our Everbridge Open API’s two-way capabilities allow third-party systems to create powerful closed-loop integrations with our platform.

 

Specifications

Safety Connection
Mass Notification
Incident Management
IT Alerting
Secure Mobile Communication
Community Engagement
Free Online Learning

Links

Read more

Download as PDF

Firewall / Next Generation Firewall

Check Point provides customers of all sizes with the latest data and network security protection in an integrated next generation firewall platform, reducing complexity and lowering the total cost of ownership.

Checkpoint

Checkpoint

Features

  • Comprehensive Threat Prevention
  • Prevent Known and Zero Day Threats
  • GAIA – A Unified Secure Operation System
  • Virtualisation
  • Measurement of Security Appliances

Description

Check Point provides customers of all sizes with the latest data and network security protection in an integrated next generation firewall platform, reducing complexity and lowering the total cost of ownership. Whether you need next-generation security for your data centre, enterprise, small business or home office, Check Point has a solution for you.

Links

Check Point Appliances Brochure  
Emerging Security Challenges in Carrier-Class Firewalls
Appliance Comparison Chart
Real-World Performance Testing

Download as PDF

Advanced Threat Protection

Designed to work with other products, a central system to verify files.

McAfee

McAfee

Features

  • User interactive mode: Enables analysts to interact directly with malware samples.
  • Extensive unpacking capabilities: Reduces investigation time from days to minutes.
  • Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
  • Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
  • Detailed reports from disassembly output to graphical function call diagrams and embedded or dropped file information: Provides critical information for analyst investigation.

Description

Designed to work with other products, a central system to verify files. Works with: McAfee Active Response, McAfee Application Control, McAfee Enterprise Security Manager, McAfee ePolicy Orchestrator software, McAfee Network Security Platform, McAfee Threat Intelligence Exchange, McAfee Web Gateway McAfee Advanced Threat Defense protects against advanced malware, including zero-day and advanced persistent threats, providing the strongest advanced threat protection available. Advanced targeted attacks are designed to defeat security systems through approaches that either confuse or evade defenses. McAfee Advanced Threat Defense detects targeted attacks and connects with existing defenses, converting threat intelligence into immediate action and protection. Unlike traditional sandboxes, it provides multiple analysis engines to broaden detection and expose evasive threats. As part of the Security Connected platform, McAfee Advanced Threat Defense is tightly integrated with other Intel Security solutions—from network to endpoint—enabling instant sharing of threat intelligence across the entire infrastructure to enhance zero-day threat protection, reduce time from detection to containment, and aid investigation to remediate post-attack.

Specification

ATD-3000 – 30 VMs, Form factor 1U Rack-Mount ATD-6000 – 60 VMs, Form factor 2U Rack-Mount File/media types supported: PE files, Adobe files, MS Office Suite files, Image files, Archives, Java, Android Application Package Analysis methods: McAfee Anti-Malware, GTI reputation: file/URL/IP, Gateway Anti-Malware (emulation and behavioral analysis), dynamic analysis (sandboxing), static code analysis, custom YARA rules Supported OS: Win 8 (32-bit/64-bit), Win 7 (32-bit/64-bit), Win XP (32-bit/64-bit), Win Server 2003, Win Server 2008 (64-bit); Android All Windows operating system support available in: English, German, Italian, Japanese, and Simplified Chinese.

Links

Data Sheet Solution Brief Product Guide 3.6.2
Best practices to avoid being compromised by file infectors
Best practices to avoid being compromised by Worms
Bank Case Study
ExpertCenter

Download as PDF

Services

Forensics

Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Cognosec Services

Cognosec Services

Features

The process for performing digital forensics comprises the following basic phases: Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.

Description

Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court. Forensic tools and techniques are most often thought of in the context of criminal investigations and computer security incident handlingóused to respond to an event by investigating suspect systems, gathering and preserving evidence, reconstructing events, and assessing the current state of an event. Cognosec can assist you with your digital forensics investigations. This is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Specification

During a forensic investigation Cognosec will identifyi potential data source and acquire the data from the sources. Data acquisition will be performed using a three-step process:

  1. developing a plan to acquire the data
  2. acquiring the data
  3. verifying the integrity of the acquired data

After data has been collected, the next phase is to examine the data, which involves assessing and extracting the relevant pieces of information from the collected data. This phase may also involve bypassing or mitigating OS or application features that obscure data and code, such as data compression, encryption, and access control mechanisms. Once the relevant information has been extracted, Cognosec will study and analyze the data to draw conclusions from it and then prepare and present the information resulting from the analysis phase.

Download as PDF

Incident Response  

Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach.

Cognosec Services

Cognosec Services

Features

Cognosec can assist you with the following steps:

  1. Creating an incident response policy and plan
  2. Developing procedures for performing incident handling and reporting
  3. Setting guidelines for communicating with outside parties regarding incidents
  4. Establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies)
  5. Determining what services the incident response team should provide
  6. Training the incident response team

Description

Combating malicious software and events in your environment isn’t just a matter of implementing the right technological solutions. Effectively combating malicious activities is a solution that combines people, processes, and technology.

Cognosec’s Incident Response solution is an organized approach for responding to the an incident appropriately and managing the aftermath of the security breach. Cognosec’s Incident Response solution will also help establish new defenses, protecting your systems and data from future attacks

Specification

According to the SANS Institute, there are six steps to handling an incident most effectively:

Preparation: The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.

Identification: The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms.

Containment: The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.

Eradication: The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.

Recovery: Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence.

Lessons learned: The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.

Download as PDF