DATA SHEET
McAfee ePolicy Orchestrator Centrally get, visualize, share, and act on security insights
Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage by offering more time to exploit the gap not seen between the tools and do damage. In addition, the cybersecurity workforce is limited and needs to be empowered to manage cybersecurity complexity. The McAfee® ePolicy Orchestrator® (McAfee ePO™) management platform removes the time-consuming and potential human error effort and inspires those responsible to manage security quicker and with higher efficacy.
Fundamental Security Proven Advanced Security Management Start with the fundamentals. Core to any security More than 30,000 businesses and organizations trust architecture is the ability to monitor and control the the McAfee ePO console to manage security, streamline health of endpoints and systems. Industry standards and automate compliance processes, and increase such as Center for Internet Security (CIS) Controls and overall visibility across endpoint, network, and security National Institute of Standards Technology (NIST) SP operations. Big companies rely on the McAfee ePO 800 153 security and privacy controls call this out as console’s highly scalable architecture, allowing large a must. The McAfee ePO console allows you to gain enterprises to manage hundreds and thousands of critical visibility and set and automatically enforce nodes from a single console. The McAfee ePO console policies to ensure a healthy security posture across provides an enterprise security administrator with the your enterprise. Policy management and enforcement opportunity to simplify policy maintenance, pull in third- across security products for your entire enterprise party threat intelligence leveraging Data Exchange Layer is accomplished from a single console, removing the (DXL), and integrate policies bi-directionally with an array complexity of managing multiple products. This essential of products. These operational efficiencies cut down Connect With Us security is fundamental to your IT security compliance. process and data-sharing overhead, allowing a faster, more precise response.
1 McAfee ePolicy Orchestrator DATA SHEET
Efficiency Conquers Sprawl A Sample List of Products Managed by McAfee ePO ESG research shows that 40% of organizations use 10 to McAfee Products Third-Party Products 25 tools, while 30% use 26 to 50 tools to manage billions McAfee Endpoint Protection Guidance Software: enCase (Threat Prevention, Firewall, Web Enterprise of new threats and devices. This diversity of product Control) use creates complexity and multiplies the operational McAfee Drive Encryption Avecto: Privilege Guard payoff of a unified management experience—from McAfee File and Removable AccessData: AccesData installation through reporting. McAfee embraces these Media Protection Enterprise requirements with a “Together is power” approach to McAfee Active Response Autonomic Software: Power Manager, Patch Manager security management that allows you to consolidate McAfee Management for Xerox MFP the sprawl while protecting the breadth of your Optimized Virtual Environments assets, supporting threat intelligence, managing open (McAfee MOVE) McAfee Data Loss Prevention DXL source data, and integrating third-party products. (McAfee DLP) McAfee provides centralized command and control for McAfee Policy Auditor compliance and management across a range of security McAfee Enterprise Security products. You can quickly pivot across products to find Manager the critical data and take the necessary policy action. McAfee Threat Intelligence Exchange The McAfee ePO console also allows you to invest in McAfee Application Control next-generation technologies and integrate them with McAfee Cloud Workload Security existing assets within a single framework. McAfee Advanced Threat Defense McAfee Content Security Reporter McAfee Database Activity Monitoring
2 McAfee ePolicy Orchestrator DATA SHEET
Use Case Examples: How the McAfee ePO Console Creates Centralized Management of Security Products
Product and Technology Sample Centralized Management Use Case Benefit McAfee ePO McAfee Endpoint Security discovers a known malicious file on Quick containment of a bad endpoint an endpoint. The McAfee ePO console sets a stricter policy McAfee Endpoint Security on the endpoint to quarantine it. This is done in one common management interface. McAfee ePO McAfee Enterprise Security Manager detects significant data Automatic data loss policy exfiltration on an endpoint and tags it in the McAfee ePO enforcement McAfee DLP console. The McAfee ePO console applies data loss protection McAfee Enterprise Security Manager policies to block the data and advise the user that this is not in compliance.
Integration Examples
Product and Technology Integrated Use Case Benefit McAfee ePO McAfee Endpoint Security flags a suspicious host. The McAfee Increased proactive protection ePO console can trigger additional scans. This is communicated McAfee Endpoint Security to Cisco ISE via PxGrid and the DXL exchange (the McAfee DXL ePO console). Cisco ISE can isolate the host until it is deemed acceptable. Cisco Identity Service Engine (ISE) Cisco PxGrid Avecto Defendpoint Deploy and manage the industry-leading, privilege management Reduction in complexity solution, Avecto Defendpoint, from McAfee ePO. Avecto McAfee ePO No additional infrastructure, lowering Defendpoint configuration changes are informed by McAfee TCO DXL Threat Intelligence Exchange application reputation data. Privilege access changes based on McAfee Threat Intelligence Exchange threat intelligence Rapid7 Nexpose McAfee ePO shares assets list to Nexpose. This enables you to Reduce complexity gain an understanding of risk posture from your McAfee ePO McAfee ePO Gain a comprehensive and reliable console and allows you to set policy accordingly. Vulnerability posture and prioritize actions to DXL data is shared with the DXL community of vendors. minimize risk from one dashboard Check Point NGTX This integration facilitates bi-directional and real-time Decrease time to detect intelligence sharing between the network and endpoints. Check Point NGTP Block and remediate attacks Events are shared with the DXL community. McAfee ePO DXL McAfee Active Response McAfee Enterprise Security Manager
3 McAfee ePolicy Orchestrator DATA SHEET
Organizations with integrated platforms are better protected and achieve faster response times than their counterparts without integrated platforms. “The most powerful endpoint management Integrated Organizations Not Integrated Organizations Suffered less than five breaches last year 78% 55% platform on the Discovered threats in eight hours 80% 54% market today, McAfee
2016 Penn Schoen Berland ePolicy Orchestrator, this product is the underlying management Extensible Workflows Streamline Processes Common Use Cases tool for all of the The McAfee ePO database provides flexible, automated ■■ Save time and eliminate redundant and labor-intensive company’s security management capabilities so you can rapidly identify, efforts by scheduling security compliance reports to products, and it offers manage, and respond to vulnerabilities, changes in meet the needs of each stakeholder. the power and flexibility security postures. and known threats from single ■■ Easily integrate the McAfee ePO console into your that enterprise buyers console. You define how the McAfee ePO console should existing business processes and functions by desire. The security direct alerts and security responses based on the type leveraging its robust set of APIs to gain more insight and criticality of security events for your environment and accelerate workflows (for example, integrate with capabilities are broad and your policies and tools. To support development ticketing systems, web applications, or self-service and tightly integrated operations and security operations, the McAfee ePO portals). through a common platform allows you to create automated workflows ■■ Maintain your security posture by deploying agent and policy engine and between your security and IT operations systems to security solutions as new machines are added to your quickly remediate issues. Use the McAfee ePO console intelligence stream.” corporate network by syncing the McAfee ePO console to trigger remediation actions by your IT operations with Active Directory. —Forrester Wave: Endpoint systems, like assigning stricter policies. Leveraging its Security Suites 2016 web application programming interfaces (APIs) reduces manual effort.
4 McAfee ePolicy Orchestrator DATA SHEET
Rapid Mitigation and Remediation Centralized Security The McAfee ePO platform has built-in, advanced Management capabilities to increase the efficiency of the security operations staff when they mitigate a threat or make a change to restore compliance. McAfee ePO Automatic Scala�le� Workflow Enter�rise Response can trigger an action based on an event that Automation occurs. Actions can be simple notifications or approved Grade remediation. Common Use Cases for Automatic Response
■ McA�ee ePolicy ■ Notifying administrators of new threats, failed Security �ash�oards �rchestrator updates, or high-priority errors via email or SMS based Partner and Com�liance on predetermined thresholds Ecosystem �e�orting
■■ Applying policies based on client or threat events, such as a policy to prevent external communications when a host may be compromised (this would deny APIs �or Centralized command and control activities) or blocking data Integration �e�loyment exfiltration/outbound transfer until the administrator resets the policy Figure 1. Centralized security management using the McAfee ePO console. ■■ Tagging systems and running additional tasks for remediation, such as on-demand memory scans when threats are detected
■■ Triggering registered executables to run external scripts and server commands, like generating a ticket in the service desk or integrating into other business processes
■■ Automatically quarantining the endpoint with more restricted policies
5 McAfee ePolicy Orchestrator DATA SHEET
Secure Across Your Organization with the Reduce complexity and streamline processes McAfee ePO Console ■■ Ability to get up and running quickly with guided “McAfee ePO software Centrally manage security configuration, automated policy management work stands out compared
■ streams, and predefined dashboards ■ Distinctive single console for centralized management to other solutions. It is and visibility into up to hundreds of thousands of ■■ Tag-based policy assignment to precisely target a one-stop shop for our nodes across the enterprise application of predefined security profiles to individual endpoint protection. ■ or groups of systems based on their business roles or ■ Open framework for broad security management of I can see everything I systems secure by McAfee and third-party solutions risk status
■■ need to see for all of our ■■ Extensible platform integrates with and leverages your Task catalog and automated management capabilities existing IT infrastructure to reduce operational friction to streamline administrative processes and reduce McAfee products from overhead one pane of glass. Its Accelerate response times with confidence ■■ Single agent to manage multiple endpoint products easy-to-use dashboards ■■ Comprehensive views and insight to proactively reduces your risk of endpoint conflicts and built-in functionality address internal and external security issues Scale for enterprise deployments make everything— ■■ Swift centralized deployment of security updates and ■ definitions to ensure that endpoints are protected ■ Enterprise-class architecture to support managing visibility, reporting, from the latest threats hundreds of thousands of devices with a single server deployment, updating,
■■ ■■ Accelerated response times through actionable Supported and proven within complex, heterogeneous maintenance, decision dashboards and advanced query and reporting IT environments making—so much capabilities ■■ Enterprise reporting, which aggregates a easier.” comprehensive view of your security posture and compliance —Christopher Sacharok, Information Security Engineer, Computer Sciences Corporation
2821 Mission College Blvd. McAfee and the McAfee logo, ePolicy Orchestrator, and McAfee ePO are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in Santa Clara, CA 95054 the US and other countries. Other marks and brands may be claimed as the property of others. Copyright © 2017 McAfee, LLC. 3718_0118 888.847.8766 JANUARY 2018 www.mcafee.com
6 McAfee ePolicy Orchestrator