Title Line Subtitle Line Top of Content Box Line · & Mental Health Center ... STIX to represent indicators with a Snort test mechanism. This demonstrates the ability of ... Top of

Top of Content Box Line

Subtitle Line

Title Line

McAfee Security Management Adaptive Security Model & Threat Intelligence Exchange David O’Berry CSSLP, CISSP-ISSAP, ISSMP, CRISC, MCNE

Worldwide Technical Strategist

Title Line

Subtitle Line


Top of Footer Line

Left Margin Line Right Margin Line

Top of Footer Line


Subtitle Line

Title Line

Right Margin Line Left Margin Line

Security Obstacles Facing Organizations

2

TARGETED ATTACKS

SILOED SECURITY ORGANIZATIONS

LACK OF VISIBILITY

Separate organizations utilizing point products, from multiple vendors, operating in

functional silos with no intelligence sharing.

Attacks are becoming more sophisticated, autonomous and stealthy and are specifically designed to penetrate existing security controls, including security processes and people.

Too much data and not enough intelligence makes visibility into threats challenging. Reactive security infrastructure lacks the timely intelligence needed to identify threats.

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Challenge Presented by Targeted Attacks

3 Sources: Verizon 2013 Data Breach Investigations Report. Securosis Malware Analysis Quant Metrics Model

CONTAINMENT

ATTACK

COMPROMISE

DISCOVERY

ADVANCED TARGETED ATTACKS

Weeks

COMPROMISE TO DISCOVERY

64%

Days 11%

Years 4% Months

12%

Hours 9%

Minutes 2%

Weeks 14%

Months 23%

Days 42%

Hours 19%

DISCOVERY TO CONTAINMENT

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Where Security Professionals’ Spend Their Time

4 Source: McAfee Survey at Black Hat USA 2013

Chasing False Positives 20%

Detection 35%

Other 3% Damage Repair

9% Breach Notification 11%

Protection / Timely Block 22%

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Quantifying The Impact of Targeted Attacks

5

Downtime Brand Impact Data Loss Priceless

INTELLECTUAL PROPERTY LEAKAGE

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Quantifying The Impact

6

1. http://online.wsj.com/news/articles/SB10001424052702304255604579406694182132568 2. McAfee, “Net Losses: Estimating the Global Cost of Cybercrime,” June 2014 3. Ponemon Institute 2013 Cost of Cyber Crime study

SALES down 46%1

COSTS so far US $61M1

BRAND IMPACT PRICELESS

PROFITS down 34%1

Global annual cost of cybercrime: US $400 billion2

Average cost of 2013 attack: US $11.6 million3

Number of successful attacks: 122 per week per company3

POSSIBLE FINES US $400M to $1.1B1

Retail Example

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


2004 2005 2006 2007 2008 2009 2010 2011 2012 2013

World’s Biggest Data Breaches The Resulting Impact

7 Source: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

AOL 24,000,000 Cardsystems

Solutions Inc 40,000,000.

TK/TJ Maxx 94,000,000

Action.co.kr 18,000,000

Heartland 130,000,000 KT

Corp

Target 110,000,000

Scribd

Ubisoft “unknown”

Yahoo

Yahoo 22,000,000

Washington State court

system

Ubuntu

Twitter

Nintendo

Living Social

50,000,000

South Africa police

Central Hudson Gas &

Electric

Drupal

Apple

Adobe 152,000,000

SnapChat

NASDAQ

Ebay 145,000,000

Neiman Marcus

Mac Rumors.com

LexisNexis Korea Credit

Bureau 20,000,000

Sony Online Entertainment

Blizzard 14,000,000

RockYou! 32,000,000

Medicaid

Sony PSN 77,000,000

Evernote 50,000,000

US Military 76,000,000 US Dept

of Defense

University of Utah

Hospitals & Clinics

T-Mobile Deutsche Telecom 17,000,000

Citigroup

Blue Cross Blue Shield

of Tennessee

BNY Mellon Shareowner

Services

South Shore Hospital,

Massachusetts

Triple-S Salud,

Inc.

JP Morgan Chase

Emergency Healthcare Physicians,

Ltd.

New York City Health & Hospitals

Corp.

Lincoln Medical

& Mental Health Center

Educational Credit

Management Corp

Advocate Medical Group

Health Net

California Dept. of Child

Support Services

UK Revenue & Customs 25,000,000

NHS 8,300,00

Nemours Foundation

Memorial Healthcare

System

Health Net IBM

Morgan Stanley Smith Barney

AOL 92,000,000

Dai Nippon Printing

8,637,405

GS Caltex 11,100,000

US Dept of Vet Affairs

26,500,000 University of Miami

Starbucks

Gap Inc.

AT&T AvMed, Inc.

US National Guard

Colorado Government

Tricare

Florida Courts

Crescent Health Inc., Walgreens

Stanford University

Sutter Medical

Foundation

Spartanburg Regional Healthcare

System

Eisenhower Medical Center

US Law Enforcement

AOL 24,000,000

Chile Ministry of Education

Jefferson County

Norwegian Tax

Authorities

Yale University

State of Texas

Military singles.com

Apple 12,367,232

Linkedin eHarmony

Last.fm

Formspring

Facebook 6,000,000

TerraCom &YourTel

Stratfor

US Army

Accidentally Published Hacked Inside Job Lost/Stolen Media Poor Security Lost/Stolen Computer Unknown Virus

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


We Must Shift to Adaptive Security

8

CURRENT REALITY

Increasingly complex and sophisticated threat landscape Abundance of data with disparate security tools providing little “real” security intelligence Malware-centric protection Post-exploit indicators of compromise with little breach prevention

A NEW, ADAPTIVE APPROACH

Shift from singular threat to continuous protection Controls share data and orchestrate responses enabling automated security intelligence Relevant, rich, real-time contextual analytics Pre-exploit indicators of attack

For Clarity, Confidence, and Control

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Adaptive Security Model

9

Turning data into actionable security intelligence

ADAPTIVE THREAT PREVENTION

ADAPTIVE RISK MANAGEMENT

CLARITY CONFIDENCE

CONTROL

!

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Clarity to Drive Better, Faster Decisions

10

Current state vs. Adaptive approach

ADAPTIVE APPROACH Continuous monitoring and contextual analytics

CURRENT STATE Limited scope. Limited point in time context.

Result Limited, reactive visibility and threat protection

Result Faster, more proactive awareness of threats and anomalous events

Product 3

Product 2

Product 1

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


11

Confidence to Act Derive knowledge and perspective from multiple sources

Global scale

Organizationally relevant focus

HUMAN ORGANIZATIONAL INTELLIGENCE

GLOBAL INTELLIGENCE

COMPANY SPECIFIC INTELLIGENCE

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Confidence to Act Boost confidence with risk scoring, automation, watch lists and alerting

Gain confidence to act: •  Distillation and prioritization •  Risk scoring and customizable tuning •  Increased automation •  Focus on what matters most

STATES / EVENTS

CLARITY FROM CONTEXT

TRIAGE AND PRIORITIZE

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Result Slow, heavy and burdensome Complex and expensive to maintain Limited vendor participation Fragmented visibility

Result Fast, lightweight and streamlined Simplified and reduced TCO Open vendor participation Holistic visibility

Control to Instantly Take Integrated Action Standardize integration and communication to break down operational silos

DISJOINTED API-BASED INTEGRATIONS

COLLABORATIVE FABRIC-BASED ECOSYSTEM (DXL)

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


GTM Positioning Security Management Portfolio Stack

14

Business Partner Portal Self-Service Portal

Enterprise-wide Visibility and Correlation (ESM, TIE)

Operational Control (ePO, incl Mobile -- supporting Point Product Mgt extensions)

Secure communications (DXL, legacy comms)

On-Device Controls (Agent technologies supporting point products)

abstract

concrete

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Changing World of Operational Management Services not Servers

ePO1 ePO2

ESM

ePO1 ePO2

ESM

TIE Service

Threat Radar = Answering The Ques3on Why?

•  Industrial Threats Will Mature

•  Hack3vism: Reboot or be Marginalized

•  Windows 8: BIOS and Hardware AGacks

•  Mobile Botnets, Rootkits, and AGack Surface…Oh MY!

•  Rogue CERTs: Roo3ng Trust

This was THEN… Literally in Black and White!!!

Next genera3on data centers -‐ the u3lity compu3ng vision

switched fabric

processing elements

storage elements

infrastructure on demand

internet

intranet

access tier

web tier

application tier

database tier

edge routers

routing switches authentication, DNS,

intrusion detect, VPN web cache

1st level firewall

2nd level firewall

load balancing switches

web servers web page storage

(NAS)

database SQL servers

storage area network (SAN)

application servers files

(NAS)

switches

switches

large scale virtualized u3lity fabric

provides applica3on services to millions of users Mul3-‐3ered applica3ons

And They Wonder Why We Seldom Sleep Peacefully…?

Security Automa.on

Will Revolu.onize Informa.on Sharing 20

Common Language(s) •  MITRE has been working with Industry

to develop common structures –  STIX –  CYBOX –  TAXII –  CAPEC –  MAEC –  OVAL

•  Implementa3ons are s3ll immature but there is a gathering storm…

•  Analysts must have a firm grasp of this en3re space…

21

Cyber Threat Intelligence

What Activity are we seeing?

What Threats should I be looking

for and why?

Where has this threat been Seen?

What does it Do?

What weaknesses does this threat

Exploit?

Why does it do this?

Who is responsible for

this threat?

What can I do?

Consider These Questions…..

22

That Machines Can Use Too <?xml version="1.0" encoding="UTF-8"?> <cybox:Observables xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cybox="http://cybox.mitre.org/cybox_v1" xmlns:common="http://cybox.mitre.org/Common_v1" xmlns:FileObj="http://cybox.mitre.org/objects#FileObject" xsi:schemaLocation="http://cybox.mitre.org/cybox_v1 http://cybox.mitre.org/XMLSchema/cybox_core_v1.0(draft).xsd http://cybox.mitre.org/objects#FileObject http://cybox.mitre.org/XMLSchema/objects/File/File_Object_1.2.xsd" cybox_major_version="1" cybox_minor_version="0(draft)"> <cybox:Observable> <cybox:Stateful_Measure> <cybox:Object id="cybox:A1" type="File"> <cybox:Defined_Object xsi:type="FileObj:FileObjectType"> <FileObj:Hashes> <common:Hash> <common:Type datatype="String">MD5</common:Type> <common:Simple_Hash_Value condition="IsInSet" value_set="4EC0027BEF4D7E1786A04D021FA8A67F, 21F0027ACF4D9017861B1D021FA8CF76,2B4D027BEF4D7E1786A04D021FA8CC01" datatype="hexBinary"/> </common:Hash> </FileObj:Hashes> </cybox:Defined_Object> </cybox:Object> </cybox:Stateful_Measure> </cybox:Observable> </cybox:Observables>

 <stix:STIX_Package xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:stix="http://stix.mitre.org/stix-1" xmlns:indicator="http://stix.mitre.org/Indicator-2" xmlns:stixVocabs="http://stix.mitre.org/default_vocabularies-1" xmlns:testMechSnort="http://stix.mitre.org/extensions/TestMechanism#Snort-1" xmlns:example="http://example.com/" xsi:schemaLocation= "http://stix.mitre.org/stix-1 ../stix_core.xsd http://stix.mitre.org/Indicator-2 ../indicator.xsd http://stix.mitre.org/default_vocabularies-1 ../stix_default_vocabularies.xsd http://stix.mitre.org/extensions/TestMechanism#Snort-1 ../extensions/test_mechanism/snort.xsd" id="example:STIXPackage-0935d61b-69a4-4e64-8c4c-d9ce885f7fcc" version="1.0.1" > <stix:STIX_Header> <stix:Title>Example SNORT Indicator</stix:Title> <stix:Package_Intent xsi:type="stixVocabs:PackageIntentVocab-1.0">Indicators - Network Activity</stix:Package_Intent> </stix:STIX_Header> <stix:Indicators> <stix:Indicator xsi:type="indicator:IndicatorType" id="example:Indicator-ad560917-6ede-4abb-a4aa-994568a2abf4"> <indicator:Type xsi:type="stixVocabs:IndicatorTypeVocab-1.0">Exfiltration</indicator:Type> <indicator:Description> Indicator that contains a SNORT signature. This snort signature detects 'exfiltration attempts' to the 192.168.1.0/24 subnet. </indicator:Description> <indicator:Test_Mechanisms> <indicator:Test_Mechanism id="example:TestMechanism-5f5fde43-ee30-4582-afaa-238a672f70b1" xsi:type="testMechSnort:SnortTestMechanismType">  <testMechSnort:Rule><![CDATA[log udp any any -> 192.168.1.0/24 1:1024]]></testMechSnort:Rule> </indicator:Test_Mechanism> </indicator:Test_Mechanisms> </stix:Indicator> </stix:Indicators> </stix:STIX_Package>

23

Sharing Solu3on •  Instead of 2% or less of attacks blocked, detected, or prevented,

a much higher percentage of attacks are stopped

Intelligence Repository

Org A Many Trusted Orgs

1

2 4

3 5

24

Itera3ve Real Time Loops – OODA MaGers

The ability to make this world happen exists now…

It is not futures or fic3on.

Coordinated Security : Pub/Sub Rules the New World

SNMP, Syslog

Custom Integration

Routing Server or Cloud Security

IDS Switching Wireless Firewalls

IPAM SIM / SEM

Asset Management System

AAA

ICS/SCADA Security

Physical Security

Endpoint Security (via NAC)

Open Infterfaces IF-MAP Protocol

Nitro, ePO, MAP Servers

Current Standards Status •  Pilot group aka “Friends and Family”

–  25 Organiza3ons Par3cipa3ng •  Vision Gaining Momentum

–  Live at NH-‐ISAC –  Working with several others

•  Released Version 1.2 to the group –  Focus on “installability”

•  Enabled Collabora3on –  Forums, Bug Tracker, Download System

•  Conversion of Open Source Intel Feeds –  Approximately 14 sources 27

Automa3on Maturity •  Humans will always be in the loop •  Using STIX and TAXII repositories/gateways we can leverage already

scarce talent •  Fewer analysts will have to develop their own signatures •  Using automa3on it is possible to move signatures faster •  Off the shelf COTS may not interoperate across vendors •  Open Source may require in-‐house development to automate

informa3on flow •  Ensuring security in informa3on flow across systems??? Don’t let your

security solu3on become the problem! •  But, can you trust Analysts/Incident Handlers in other organiza3ons?

28

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Data Exchange Layer (DXL) Use Case Example Transforming Events Into Actionable Intelligence

McAfee managed endpoint (Nomadic)

Remote Site

ESM

Broker

TIE EPO

Broker

1

DMZ

MWG NSP FW Broker

2

Using Network Security Planorm, Enterprise Security Manager, and ePO to Find and Remediate Poten3ally Compromised Systems

NSP detects Botnet ac3vity (a device trying to reach a botnet server)

NSP publishes event data to the message bus (IP address of the suspicious device and the IP address of the Botnet server)

3 McAfee ESM searches for past connec3on aGempts with Botnet server’s IP address

4 ESM publishes list of suspected list of devices to the message bus

5 Infected devices are secured using a combina3on of solu3ons and methods

Network Security Platform

McAfee Web Gateway

Enterprise Security Manager

McAfee managed endpoints TIE

Server ePO

TIE Server

ATD

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Adaptive Security in Action

•  Countermeasures are really good at what they do

… and …

•  They are completely blind to anything outside their plane of existence.

Orchestrated & automated responses to adapt faster than threats can evolve

Threat Intelligence Exchange

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


31

Organizational Intelligence Security

Administrators SOC

IR

Global Threat Intelligence

McAfee Global Threat

Intelligence Third-Party Feeds

Threat Intelligence Assemble, override, augment, and tune the intelligence source information.

Other Data Sources Future ?

Local Threat Intelligence

McAfee Web Gateway

McAfee Email Gateway

McAfee Network Security Platform

McAfee Advanced

Threat Defense

McAfee Next

Generation Firewall

McAfee Endpoint Security

McAfee Enterprise Security Manager

McAfee Threat Intelligence Exchange Server

McAfee Threat Intelligence Exchange Applying the power of knowledge

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Execute

Prevent and Remediate

Prevent and Quarantine

Submit to Application Sandboxing

Cutting-Edge Endpoint Protection

32

Tunable Policy

Variable Degrees of Risk Tolerance

Local Context

Personalized Threat

Intelligence

Classification Decision

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Any Given Thing is Just Suspicious …

33

… But Context and Additional Points of View Reveal Much

File Is New

Packed Suspiciously

Low Prevalence

Loads as Service

Revoked Certificate

Runs From Recycle Bin

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Any Given Thing is Just Suspicious …

34

… But Context and Additional Points of View Reveal Much

File Is New

Packed Suspiciously

Low Prevalence

Loads as Service

Revoked Certificate

Runs From Recycle Bin

OTHER FILE CHARACTERISTICS GTI File Reputation

GTI Certificate Reputation 3rd Party File Reputation 3rd Party Cert. Reputation

Enterprise Prevalence (Occurrence) Enterprise Age (First Contact)

Enterprise File Reputation

Enterprise Cert. Reputation Endpoint Context

Endpoint Detection Info. ATD Detection Info.

Administrator Classifications Existing Files & Certificates

New Files & Certificates

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Endpoint Endpoint

McAfee ePO

35

McAfee Global Threat Intelligence

3rd Party Feeds

McAfee TIE Server

McAfee ATD

McAfee ESM

Adaptive Security In Action Adapt and Immunize—From Encounter to Containment in Milliseconds

Endpoint

Data Exchange Layer ü  File age hidden ü  Signed with a revoked

certificate ü  Created by an untrusted

process

ü  Report Action Taken

Adaptive security improves anti-malware protection

•  Better analysis of the gray

•  Crowd-source reputations from your own environment

•  Manage risk tolerance across departments/system types

Actionable intelligence

•  Early awareness of first occurrence flags attacks as they begin

•  Know who may be/was compromised when certificate or file reputation changes

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Endpoint Endpoint

McAfee ePO

McAfee ATD

36


3rd Party Feeds

McAfee TIE Server

McAfee ESM

Web Gateway

Email Gateway

NGFW

NSP

Threat Intelligence Exchange Adapt and Immunize—From Encounter to Containment in Milliseconds

Data Exchange Layer Security components operate as one to immediately share relevant data between endpoint, gateway, and other security products

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


McAfee ESM

Endpoint Endpoint

McAfee ePO

McAfee ATD

Web Gateway

Email Gateway

NGFW

NSP

37


3rd Party Feeds

Gateways block access based on endpoint convictions

McAfee TIE Server

Instant Protection Across the Enterprise

Data Exchange Layer

Proactively and efficiently protect your organization as soon as a threat is revealed

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Adaptive Intelligent Controls

•  Learned insights are shared instantly

•  Response (hunt, kill, remediate) is orchestrated to neutralize threats and reduce complexity:

•  Identify IOCs & IOAs

•  Isolate affected systems

•  Kill malicious processes

•  Remove payloads

•  Find “Patient Zero”

•  Repair systems (registry, file system, configurations)

•  Patch vulnerabilities

Orchestrated & automated responses to adapt faster than threats can evolve

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Event Collection

Compliance Reporting

Streamlined Investigations

Policy Management

Advanced Correlation

Log Management

ePolicy Orchestrator

Network Security Manager

Integrated Security Platform

Global Threat Intelligence

Vulnerability Manager

Industry Leading Security Information and Event Management

1001 100110 01011

McAfee Enterprise Security Manager (SIEM)

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Adaptive Threat Prevention and Detection

40

Web Gateway Email Gateway NGFW NSP

Network & Gateway ATD

Endpoints

Sandbox ESM

SIEM

IOC 1 IOC 2 IOC 3 IOC 4

network and endpoints adapt

payload is analyzed

new IOC intelligence pinpoints historic breaches

previously breached systems are isolated and remediated

TIE Endpoint Module

TIE Endpoint Module

TIE Endpoint Module

TIE Endpoint Module

DXL Ecosystem DXL Ecosystem

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Adaptive Security Model Prevent, detect, respond and adapt

41

Collaborative infrastructure Open ecosystem

Rich contextual analytics

Orchestrated actions Architecture ubiquity Vendor agnostic

Prioritization | Baseline/outlier detection | Risk driven

•  Detect breaches and changing risk exposure Adaptive Threat Prevention & Risk Management

•  Prevent advancing attacks and reduce risk with countermeasures and baseline policies

•  Adapt instantly to threats and emerging risk across the entire connected IT ecosystem

•  Respond quickly to threats and risk with prioritized workflows and automation

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Endpoint Security Network Security

Deep Security

McAfee Security Connected

•  . 42 McAfee Confidential

43

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


Adaptive Security Model

44

Clarity, confidence, control

CLARITY: Turn security data into security intelligence CONFIDENCE: Use rules, workflows, alerts, and risk scoring to make intelligent, timely decisions CONTROL: Employ adaptive intelligence to gain sustainable advantage over attackers

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


The McAfee Security Connected Platform

CONTENT SECURITY

•  Email Gateway •  Web Gateway •  Data Loss Prevention

SECURITY MANAGEMENT

•  Enterprise Security Manager (SIEM)

•  ePolicy Orchestrator •  Threat Intelligence Exchange •  Vulnerability Manager

NETWORK SECURITY

•  Advanced Threat Defense •  Network Security Platform (IPS) •  Firewall Enterprise •  Next Generation Firewall

ENDPOINT SECURITY

•  Endpoint Security Suites •  Data Center Security Suites •  Embedded Security •  Device Control •  Endpoint Encryption •  Hardware Enhanced Security

Title Line

Subtitle Line


Top of Footer Line


Top of Footer Line


Subtitle Line

Title Line


McAfee ESM McAfee

VSE Threat Intelligence Module

McAfee VSE Threat

Intelligence Module

McAfee ePO

McAfee ATD

McAfee Web Gateway

McAfee Email Gateway

McAfee NGFW

McAfee NSP

46

Data Exchange Layer

NO YES


3rd Party Feeds

Endpoints are protected based on gateway convictions

McAfee TIE Server

Adaptive Security Model “In Action” Adapt and Immunize—From Encounter to Containment in Milliseconds

Documents

Title Line Subtitle Line Top of Content Box Line · & Mental Health Center ... STIX to represent indicators with a Snort test mechanism. This demonstrates the ability of ... Top of