McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture.
- Common criteria EAL2+ and FIPS 140-2 Level 2 certified
- Available in multiple hardware models and as a virtual machine supporting VMware and Microsoft Hyper-V
- Integrated with complementary Intel® Security solutions including McAfee Advanced Threat Defense and McAfee Threat Intelligence Exchange
- Rated number one anti-malware in a secure web gateway (AV-TEST)
McAfee Web Gateway delivers comprehensive security for all aspects of web traffic in one high-performance appliance software architecture. For user-initiated web requests, McAfee Web Gateway first enforces an organization’s Internet use policy. For all allowed traffic, it then uses local and global techniques to analyze the nature and intent of all content and active code entering the network via the requested web pages, providing immediate protection against malware and other hidden threats. And, unlike basic packet inspection techniques, McAfee Web Gateway can examine SSL traffic to provide in-depth protection against malicious code or control applications that have been hidden through encryption.
VirusScan Enterprise (VSE)
McAfee VirusScan Enterprise combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware.
- Protect your files from viruses, worms, rootkits, Trojans, and other threats.
- Proactive protection against new and unknown buffer-overflow exploits that target vulnerabilities in Microsoft applications.
- The worldwide presence of McAfee Labs enables McAfee VirusScan Enterprise to leverage protection across file, network, web, message, and vulnerability data.
- The McAfee ePolicy Orchestrator® (McAfee ePO™) management platform provides centralized deployment, policy configuration and enforcement, and detailed, customizable reporting.
- Easily configure policies to manage and remove quarantined items.
- Supports users who are using Microsoft Outlook or Lotus Notes.
McAfee VirusScan Enterprise combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware. It reduces the cost of managing outbreak responses, stops zero-day threats, and mitigates the window of vulnerability—the time between the discovery of a vulnerability and when fixes are deployed. Plus, with McAfee VirusScan Enterprise, you have the flexibility to detect and block malware based on your business needs: on access, on demand, or on a schedule.
- Windows 10
- Windows 10 for Embedded Systems
- Windows 8.1
- Windows 8
- Windows 7
- Windows 7 Professional for Embedded Systems
- Windows 7 Ultimate for Embedded Systems
- Windows Vista
- Windows Vista Business for Embedded Systems
- Windows Vista Ultimate for Embedded Systems
- Windows XP SP3
- Windows XP Professional for Embedded Systems 32-bit
- Windows XP Tablet PC Edition SP2
- Windows Embedded for Point of Service (WEPOS)
- Windows Server 2012 R2
- Windows Server 2012
- Windows Small Business Server 2011
- Windows Embedded Standard 2009
- Windows Embedded Point of Service 1.1 SP3
- Windows Embedded Point of Service Ready 2009
- Windows Server 2008 R2
- Windows Server 2008 SP2: Standard, Enterprise, Datacenter, Foundation, Web, HPC
- Windows Small Business Server 2008 SP2
- Windows Server 2003 R2 SP2
- Windows Server 2003 SP2
- Windows Small Business Server 2003 R2 SP2
- Windows Small Business Server 2003 SP2
- Citrix Xen Guest
- Citrix XenApp 5.0, 5.6, 6.0, 6.5, 7.5, 7.6
Threat Intelligence Exchange (TIE)
McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time.
Adaptive threat protection closes the gap from encounter to containment for advanced targeted attacks from days, weeks, and months down to milliseconds.
Collaborative threat intelligence is built out of global intelligence data sources combined with local threat intelligence gathering.
You get immediate visibility into the presence of advanced targeted attacks in your organization.
Relevant security intelligence is shared in real time among endpoint, gateway, network, and data center security solutions.
You are empowered to make decisions on never-before-seen files, based on endpoint context (file, process, and environmental attributes) blended with collective threat intelligence.
Integration is simplified through the McAfee Data Exchange Layer. Implementation and operational costs are reduced by connecting together Intel Security and non-Intel Security security solutions to operationalize your threat intelligence in real time.
McAfee® Threat Intelligence Exchange enables adaptive threat detection and response by operationalizing intelligence across your endpoint, gateway, network, and data center security solutions in real time. Combining imported global threat information with locally collected intelligence and sharing it instantly, allows your security solutions to operate as one, exchanging and acting on shared intelligence. McAfee Threat Intelligence Exchange narrows the gap from encounter to containment from days, weeks, and months down to milliseconds.
McAfee Threat Intelligence Exchange consists of the following components:
- McAfee Threat Intelligence Exchange Server 1.2.0
- McAfee Data Exchange Layer Client 1.1.0
- McAfee Threat Intelligence Exchange Module 1.0.1 for VirusScan Enterprise
Additional requirements for McAfee Threat Intelligence Exchange include:
McAfee Endpoint Protection
- McAfee VirusScan Enterprise 8.8, Patch 4 with Hotfix 929019, Patch 5
- McAfee Endpoint Security 10.1 or later
McAfee Security Management
- McAfee ePolicy Orchestrator 5.1.1
- VMWare vSphere 5.1.0 with ESXi 5.1 or later
Identify and stop targeted attacks just as they are beginning.
MALWARE EXECUTION CONTROL
- Machine learning with predictive analysis
- Automated static code analysis
- Memory Control Script Control
- Application Control
- Pre-execution prevention in <100ms
- No signatures |
- No prior knowledge needed No Internet required
- No daily scans Rejects potentially unwanted programs (PUPs)
Cylance applies artificial intelligence, algorithmic science and machine learning to cybersecurity and improve the way companies, governments and end users proactively solve the world’s most difficult security problems. Using predictive analysis, Cylance quickly and accurately identifies what is safe and what is a threat, not just what is in a blacklist or whitelist. By coupling sophisticated math and machine learning with a unique understanding of a hacker’s mentality, Cylance provides the technology and services to be truly predictive and preventive against advanced threats.
- Windows Agent Requirements Supported Operating Systems (32-bit and 64-bit)
- Windows XP SP3 (with KB 968730) through Windows 10 (excluding Windows RT)
- Windows XP Embedded OS and newer
- Windows Server 2003 SP2 (with KB 968730) through Windows Server 2012R2 System Memory and Local Storage
- 2 GB+ RAM
- Approximately 500 MB of local disk storage not including quarantined items Additional Requirements
- .NET Framework 3.5 (SP1) or higher is required on all Windows versions , Internet browser, Internet connection to register product, local administrative rights to install software.
- Server 2003 SP2 also requires .NET 3.5 SP1 and the patch referenced in KB2868626 to update crypt32.dll. Up-to-date root certificates. Mac Agent Requirements Supported Operating Systems
- OS X 10.9 Mavericks / OS X 10.10 Yosemite / OS X 10.11 El Capitan System Memory & Local Storage
- 2+ GB RAM
- 500 MB of local disk storage not including any items that may have been quarantined
- Detect attacks other solutions miss.
- Identify and stop targeted attacks just as they are beginning.
- Correlate seemingly unrelated network activity and behavior.
- Reduce time to detect and resolve incidents.
- Discover unmanaged devices on your network.
Accelerate Triage and Validate Suspected Incidents
Automatically harvest rich system information from endpoints and correlate it against threat reputation services, advanced threat detectors and threat intelligence to confirm when endpoints are compromised.
Automate Incident Response Workflows
Easily create and customize response workflows specific to the organization. Automatically kick off remediation or perform forensic analysis by defining trigger rules and actions with the alert response workflow engine.
Eliminate Blind Spots
Identify and validate threats on your endpoints anywhere in your environment – on or off your network.
Integrate with SIEMs, next-generation firewalls and alerting tools to accelerate your response and trace alerts to compromised endpoints.
Identify Compromised Endpoints
Automatically sweep all endpoints for signs of the compromise once an Indicator of Compromise (IOC) has been validated.
Proactively Hunt for Threats
Apply network- or host-based intelligence in any format, to rapidly identify compromised endpoints and automatically take action.
Know What Happened Using Playback
Protect your systems by recording key events (e.g. files accessed, running processes, registry changes, and network and DNS activity) and receiving a detailed timeline related to a suspected incident along with prioritized alerts.
Stop Data Theft and Remediate Endpoints
Halt data exfiltration and lateral movement by isolating endpoints, halting processes, wiping files, and kicking off a script to initiate an anti-virus scan.
Endpoint Protection – delivers advanced antivirus, anti-malware, host intrusion prevention, device control, host-based firewall, and application control to protect PCs, Macs, Linux systems, servers, virtual systems, smartphones, and tablets from online threats.
A combination of AV, Firewall, web security (SiteAdvisor). Traditional Windows, Mac, and Linux systems need essential security to block advanced malware, control data loss and compliance risks caused by removable media, and provide safe access to critical email and web applications. McAfee Endpoint Protection Suite integrates these core functions into a single, manageable, multiplatform environment ideal for safeguarding traditional desktops that have limited exposure to Internet threats.
This proven enterprise and small business endpoint security solution delivers operational efficiencies and cost savings with the convenience of a single suite. It includes real-time anti-malware and antivirus protection, proactive email and web security, desktop firewall, comprehensive device control, and unrivalled centralized management.
Next Gen Intrusion Detection & Protection System (IDS / IPS)
Detect and Prevent Advanced Targeted Attacks
- Always-On Full-Packet Capture
- Whitelisted Executables
- Endpoint Lock-Down/Quarantine
- Automatic Signature-based Intrusion Detection and Prevention
- IP Range Blocking (Geo-location blacklisting)
- Whitelisting, Blacklisting and Custom Rules
- Zero Network Latency
- Decrypted SSL Traffic Analysis
Detect and Prevent Advanced Targeted Attacks
Mid-sized organizations now represent 54%(1) of all cybersecurity breaches and what’s troubling is that you might not even be aware that you’re a prime target. These attacks are becoming more sophisticated and much harder to detect. Yet traditional cybersecurity technologies haven’t evolved at the same pace and as a result, fail to effectively protect you from today’s sophisticated attacks.
Now more than ever, your organization needs protection against more than just signature-based attacks. It needs holistic protection that’s also capable of defending against zero-day targeted attacks and advanced persistent threats (APTs). Network Interceptor protects against both known and unknown threats.
At the core of the Managed Detection and Response™ service is Network Interceptor, a next-gen IDS/IPS designed for mid-sized enterprise. It fuses robust threat intel to deliver real-time signature-based threat detection and prevention, while introducing the unique ability to identify unknown cyber threats through behaviour-based anomaly detection and attack pattern analysis.
With always-on full traffic capture, our team of highly skilled threat analysts get the full picture they need to hunt, investigate, identify and escalate unique threats in real-time, always. Completely customizable to your specific business context and policies, Network Interceptor is redefining cyber protection for mid-sized organizations in the face of today’s constantly evolving cyber threat landscape.
Multi Factor Authentication
SMS PASSCODE offers flexible policy-driven administration and protects multiple systems on a global scale. The solution seamlessly integrates to both remote access systems and cloud applications.
- More Factors Working to Your Advantage
- Real-Time and Session-Specific
- Advanced Attack Protection
- High Passcode Security
- Unmatched Reliability
- Status Feedback
- Flash SMS
- Location Aware Message Dispatching
SMS PASSCODE is easy to install, deploy and manage. The platform offers flexible policy-driven administration and protects multiple systems on a global scale. The solution seamlessly integrates to both remote access systems and cloud applications. The SMS PASSCODE platform allows you to get up and running in less than an hour. Run plug-and-play installation of the SMS PASSCODE software, setup the preferred dispatch mechanism(s), and the system is ready for use. Rollout involves no software deployment on user devices and practical training of the user group is not needed. SMS PASSCODE comes with one-click integration to Active Directory and LDAP Directories. No schema changes or extensions are required.
RADIUS VPN/SSL VPN Clients Check Point Cisco ASA Netscaler Gateway & Citrix Access Gateway (CAG) Juniper Microsoft Forefront (UAG)/Direct Access Barracuda SSL VPN and NG rewalls VMware Horizon View Microsoft SharePoint Portal Server 1 Any other RADIUS client supporting challenge/response Palo Alto F5 BIG-IP NCP VPN Microsoft TMG Server & Websites
Support for Microsoft TMG published websites:
- Outlook Web Access 2003 / 2007 / 2010 / 2013
- Remote Desktop Web Access (Windows Server 2008 R2 / 2012 R2)
- Microsoft SharePoint Portal Server
- IIS websites using Basic or Integrated Windows Authentication
- Any website not requiring Authentication Delegation Citrix Web Interface
- Microsoft AD FS Protection
- AD FS 2.0 plug-in for multi-factor authentication
- AD FS 3.0 multi-factor authentication adapter
Transparent support for multi-factor authentication when:
- Accessing Cloud Applications such as Saleforce.com, Microsoft Of ce 365, Google Apps etc. (AD FS 2.0/3.0)
- Accessing websites published through the Microsoft Web
- Application Proxy (AD FS 3.0), such as SharePoint and Outlook Web Access
- Approving devices during workplace joins (AD FS 3.0)
- Internet Information Services (IIS) Websites
Support for the following types of websites:
- Outlook Web Access 2007 / 2010 / 2013
- Remote Desktop Web Access
- Windows Server 2008 R2 / 2012 R2) Websites using Basic / Integrated Windows Authentication
- Windows Logon, Remote Desktop Services
Support for the following Servers and Services:
- Remote Desktop Services (RDP Connections)
- Windows Servers 2008 R2 / 2012 / 2012 R2
- Windows 7, Windows 8, Windows 8.1 and Windows 10
- VMware Virtual Desktop Portal & Client Access
Host Intrusion Prevention System (HIPS)
McAfee® Host Intrusion Prevention for Server delivers specialized web and database server protection to maintain system uptime and business continuity.
- Enforce the broadest IPS and zero-day threat protection coverage across all levels: network, application, and execution.
- Reduce time and costs with one powerful, unified console for deployment, management, reporting, and auditing of events, policies, and agents.
- Patch endpoints less frequently and with less urgency.
- Manage compliance with easy-to-understand actionable views, workflow, event monitoring, and reporting for prompt and proper investigation and forensics.
McAfee® Host Intrusion Prevention for Server delivers specialized web and database server protection to maintain system uptime and business continuity along with the industry’s only dynamic and stateful firewall to shield against advanced threats and malicious traffic. In addition, it also provides signature and behavioral intrusion prevention system (IPS) protection. McAfee Host Intrusion Prevention for Server reduces patching frequency and urgency, preserves business continuity and employee productivity, protects data confidentiality, and simplifies regulatory compliance.
McAfee Application Control prevents zero-day and APT attacks by blocking execution of unauthorized applications.
- Protect against zero-day and APTs without signature updates.
- Uses McAfee Global Threat Intelligence and McAfee Threat Intelligence Exchange to provide global and local reputation of files and applications.
- Strengthen security and lower ownership costs with dynamic whitelisting that automatically accepts new software added through your trusted channels.
- Efficiently control application access with McAfee® ePolicy Orchestrator® (McAfee ePO™) software, a centralized platform for management of McAfee security solutions.
- Reduce patch cycles through secure whitelisting and advanced memory protection.
- Keep systems current with the latest patches using trusted updaters.
- Enforce controls on connected or disconnected servers, virtual machines, endpoints, fixed devices such as point-of-sale terminals, and legacy systems such as Microsoft Windows XP.
- Allow new applications based on application rating or self-approval for improved business continuity.
- Maintain user productivity and server performance with a low-overhead solution.
- Easily protect legacy systems and modern technology investments.
McAfee Application Control prevents zero-day and APT attacks by blocking execution of unauthorized applications. Using our inventory feature, you can easily find and manage application-related files. It groups binaries (EXEs, DLLs, drivers, and scripts) across your enterprise by application and vendor, displays them in an intuitive, hierarchical format, and intelligently classifies them as well-known, unknown, and known-bad applications. Using whitelisting, you can prevent attacks from unknown malware by allowing only known good whitelisted applications to run. Works with GTI, TIE and ATD.
- Microsoft Windows (32-bit and 64-bit)
- Embedded: XPE, 7E, WEPOS, POSReady 2009, WES 2009, 8, 8.1 Industry, 10
- Server: 2008, 2008 R2, 2012, 2012 R2
- Desktop: NT, 2000, XP, Vista, 7, 8, 8.1, 10 Linux
- Red Hat/CentOS 5, 6, 7
- SUSE/openSUSE 10, 11
- Oracle Enterprise Linux 5, 6, 7
- Ubuntu 12.04
Advanced Threat Protection
Designed to work with other products, a central system to verify files.
- User interactive mode: Enables analysts to interact directly with malware samples.
- Extensive unpacking capabilities: Reduces investigation time from days to minutes.
- Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
- Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
- Detailed reports from disassembly output to graphical function call diagrams and embedded or dropped file information: Provides critical information for analyst investigation.
Designed to work with other products, a central system to verify files. Works with: McAfee Active Response, McAfee Application Control, McAfee Enterprise Security Manager, McAfee ePolicy Orchestrator software, McAfee Network Security Platform, McAfee Threat Intelligence Exchange, McAfee Web Gateway McAfee Advanced Threat Defense protects against advanced malware, including zero-day and advanced persistent threats, providing the strongest advanced threat protection available. Advanced targeted attacks are designed to defeat security systems through approaches that either confuse or evade defenses. McAfee Advanced Threat Defense detects targeted attacks and connects with existing defenses, converting threat intelligence into immediate action and protection. Unlike traditional sandboxes, it provides multiple analysis engines to broaden detection and expose evasive threats. As part of the Security Connected platform, McAfee Advanced Threat Defense is tightly integrated with other Intel Security solutions—from network to endpoint—enabling instant sharing of threat intelligence across the entire infrastructure to enhance zero-day threat protection, reduce time from detection to containment, and aid investigation to remediate post-attack.
ATD-3000 – 30 VMs, Form factor 1U Rack-Mount ATD-6000 – 60 VMs, Form factor 2U Rack-Mount File/media types supported: PE files, Adobe files, MS Office Suite files, Image files, Archives, Java, Android Application Package Analysis methods: McAfee Anti-Malware, GTI reputation: file/URL/IP, Gateway Anti-Malware (emulation and behavioral analysis), dynamic analysis (sandboxing), static code analysis, custom YARA rules Supported OS: Win 8 (32-bit/64-bit), Win 7 (32-bit/64-bit), Win XP (32-bit/64-bit), Win Server 2003, Win Server 2008 (64-bit); Android All Windows operating system support available in: English, German, Italian, Japanese, and Simplified Chinese.
Data Security describes how your business protects it’s Intellectual Property or “Crown Jewels”.
The service would typically involve full or part-time management of some or all of the following technologies:
- Browser Control
- Endpoint Encryption
- Host Based Intrusion Prevention
- Database Security
- Host-based Data Loss/Leakage Prevention (DLP)
- Cloud Application Controls & BYOD
Data Security describes how your business protects it’s Intellectual Property or “Crown Jewels”. Data Security is achieved by combining various technologies at specific points on a network and configuring these to work together according to security best practice. Every company’s network will differ slightly from others, so it is important to architect the solution before implementing it. We provide a full service from consulting, gap analysis, architecture & design, implementation and management.
Remote Managed Services imply the virtual presence of our people on your premises. Our staff work remotely either as technical consultants or subject matter experts, or may perform specific operational security tasks for your company, depending on your requirements and the type of service you require. Our Remote Managed Cyber Security Service options are:
- Retainers, where a fixed amount of hours are purchased, bundled with an SLA for a guaranteed response.
- Full Outsource Where you fully outsource one or more of your security functions to us. We take full responsibility for the function from end to end, (this can include design, implementation, which would take place on site. Once implementation has been completed, we will remotely perform the daily management of the platform and / or the chosen solutions. This would typically include reporting, escalation, troubleshooting and upgrading.
- Partial Outsource Where you partially outsource one or more of your security functions to us. We take partial responsibility for the function, and this work takes place remotely. This can include aspects of design, implementation, management of a platform or solution, reporting, escalation, troubleshooting and upgrading.
Our Managed Cyber Security Services can be tailored according to your exact needs and budget. We do not subscribe to a one size fits all approach. We have developed and refined an agile framework which focuses on the successful delivery and implementation of affordable security services to all sectors of the market. Customers who adopt our framework through our managed security services make noticeable progress towards a more mature security posture in very short timeframes. This is borne out in vastly improved coverage, policies, detection rates, correlation, deduplication, escalation processes, analysis, incident response and forensic capability, reporting and visibility.
We offer complete design, implementation, and customisation support for access-rights management systems and data leakage prevention solutions. This provides valuable information used for detecting unauthorised access events and any possible data leakages
Cognosec can assist you while implementing the correct architecture to protect your data.
Typically a software or hardware solution that is installed at network egress points near the perimeter. It analyzes network traffic to detect sensitive data that is being sent in violation of information security policies.
Such systems run on end-user workstations or servers in the organization. Like network-based systems, endpoint-based can address internal as well as external communications, and can therefore be used to control information flow between groups or types of users.
DLP solutions include a number of techniques for identifying confidential or sensitive information. Sometimes confused with discovery, data identification is a process by which organizations use a DLP technology to determine what to look for (in motion, at rest, or in use).
Data leakage detection
Sometimes a data distributor gives sensitive data to a set of third parties. Some time later, some of the data is found in an unauthorized place (e.g., on the web or on a user’s laptop). The distributor must then investigate if data leaked from one or more of the third parties, or if it was independently gathered by other means.
“Data at rest”” specifically refers to old archived information that is stored on either a client PC hard drive, on a network storage drive or remote file server, or even data stored on a backup system, such as a tape or CD media. This information is of great concern to businesses and government institutions simply because the longer data is left unused in storage, the more likely it might be retrieved by unauthorized individuals outside the Network. In order to protect this phase of data, systems use methods such as access control and data encryption.
“Data in use” refers to active data stored in databases that the user is currently interacting with. DLP systems that protect data in-use may monitor and flag certain unauthorized activities.
“Data in motion” is data that is currently traversing through a network to an endpoint destination. These networks can be internal or external. DLP systems that protect data in-motion monitor sensitive data that is being sent over a network through various communication channels such as email or IM
The protection of sensitive data such as passwords, payment information, financial data, or intellectual property needs to a priority for organisations. With the establishment of security regulations such as the PCI DSS, HIPAA, and the EU Data Protection Directive, systems can be brought to a high standard of security, but the sheer number of threats targeting vital systems is dramatically increasing, so efforts towards protecting data should as well. Security breaches resulting in leaked data can become very costly to an organisation and to it’s clients should attackers get ahold of sensitive data. Cognosec can perform an assessment on the IT-infrastructure handling the data and can ensure that your sensitive data is properly managed . We offer complete design, implementation, and customisation support for access-rights management systems and data leakage prevention solutions. This provides valuable information used for detecting unauthorised access events and any possible data leakages
The term data protection is used to describe both operational backup of data and disaster recovery/business continuity (BC/DR). A data protection strategy should include data lifecycle management (DLM), a process that automates the movement of critical data to online and offline storage and information lifecycle management (ILM), a comprehensive strategy for valuing, cataloging and protecting information assets from application/user errors, malware/virus attacks, machine failure or facility outages/disruptions.