SlideShare a Scribd company logo

McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)

Download as PPTX, PDF
Iftikhar Ali Iqbal
Iftikhar Ali Iqbal

The presentation provides the following: - McAfee Company Overview - McAfee Strategy - McAfee Portfolio Overview - Endpoint Security Challenges - McAfee Endpoint Protection Platform - McAfee Active Response Overview - McAfee Active Response Features - McAfee Active Response Architecture - McAfee Active Response Workflow - McAfee Active Response Licenses & Packaging Please note all the information is based prior to Aug 2019.

Technology
1 of 19
McAfee Active Response Endpoint Detection & Response Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/ Valid till Aug 2019
2 AGENDA Target Partners & RTM 1 2 3 Company Overview Portfolio Strategy Endpoint Security Platform 4 McAfee Active Response
OVERVIEW Company and Portfolio
4 MCAFEE: OVERVIEW • Founded in 1987 • Headquartered in California, United States • Provides Software and Services • Focus is on Consumer and Enterprise Security • 125,000+ Corporate Customers • 120 Countries • 217+ Innovation Alliance Partners • 800+ Security Patents • On April 4, 2017 – McAfee begun operating as a new standalone company (spun back out of Intel). • Solution Offering: • Cloud Security • Device Security • Network Security • Pervasive Data Protection • Intelligent Security Operations
5 Portfolio Strategy An Integrated And Open Security System Threat Defense Lifecycle Together, Is Far More Powerful Than Sum Of The Parts SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE MCAFEE: STRATEGY
6 SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE • Endpoint Protection • Endpoint Detection and Response • Enforcement Controls • File Integrity Monitoring • Advanced Threat Protection • Encryption • Data Loss Prevention • Cloud Workload Protection • Cloud Access Security Broker • Web Gateway Service • Intrusion Prevention System • Advanced Threat Protection • Server Protection • Advanced Threat Protection • Database Security • Mail Server Security • Storage Security • Secure Web Gateway • Intrusion Prevention System Local Threat Intelligence Global Threat Intelligence Skyhigh Threat Intelligence Security Information and Event Management User and Entity Behavior Analytics Incident Response and Remediation MCAFEE: TACTICAL OVERVIEW
ENDPOINT SECURITY PLATFORM Single-IntegratedEndpoint Protection
8 Detecting and preventing advanced threats Adding new defenses in the future increases management problems Preventing deep investigations to aid in recovery Causing manual processes and delaying responses ComplexityAccuracy Visibility Sustainability ENDPOINT SECURITY: CHALLANGES
9 True centralized management Extensible endpoint security framework Actionable threat forensics in understandable language Advanced capabilities like machine learning analysis of sophisticated threats Integrated platform that unites defenses to work together ENDPOINT SECURITY: THE MCAFEE RESOLUTION
10 KNOWN THREATS UNKNOWN THREATS Threat Prevention Firewall Web Control Adaptive Threat Protection Threat Intelligence Exchange Active Response McAfee Endpoint Platform - Anti-malware - Host-based IPS - Exploit Prevention - Host-based Firewall - Web/Browser Control - Machine Learning - Application Containment - Reputation-based - Threat Sharing - EDR Single Agent (McAfee Agent) Single Management (McAfee ePolicy Orchestrator) Deployment Reporting & QueriesPolicy Configurations Dashboards Automated Responses ENDPOINT SECURITY: PLATFORM
ACTIVE RESPONSE Endpoint Detection and Response
12 ACTIVE RESPONSE: EDR ‘The EDR market is defined as solutions that record and store endpoint-system-level behaviors and events, such as user, file, process, registry, memory and network events. Multiple detection techniques are then used to continually search the stored data to detect security events that require human intervention to respond rapidly.’ ‘By 2021, endpoint protection platforms (EPPs) will provide automated, orchestrated incident investigation and breach response. Separate, stand-alone endpoint detection and response (EDR) solutions will focus on managed security service provider (MSSP) and large enterprise security operations center (SOC) environments..’ Market Guide for Endpoint Detection and Response Solutions, 9 November 2017, Peter Firstbrook Magic Quadrant for Endpoint Protection Platforms, 24 January 2018, Ian McShane, Avivah Litan, Eric Ouellet, Prateek Bhajanka
13 Immediate Action Automated Responses Continuous Monitoring ACTIVE RESPONSE: OVERIEW
14  Find and visualize data from your endpoints  Search for files, network flows, registry and process mapping  Hunt and kill threats  Hunt for file hashes, endpoints connected to specific IP and kill processes, remove files, etc  Continuously monitor a critical event  Initiate an action before hand for future threats  Leverage Data Exchange Layer (DXL) to communicate with other products  Reduce risk and response time COLLECTORS REACTONS TRIGGERS INTEGRATION ACTIVE RESPONSE: FEATURES
15 ePolicy Orchestrator Data Exchange Layer Advanced Threat Defense (Malware Analysis) McAfee Agent Endpoints Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Active Response Endpoint Security Adaptive Threat Protection Active Response Endpoint Security Adaptive Threat Protection Active Response McAfee Linux OS McAfee Cloud Services ACTIVE RESPONSE: ARCHITECTURE
16 ePolicy Orchestrator McAfee Agent Endpoints Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Active Response Endpoint Security Adaptive Threat Protection Active Response Endpoint Security Adaptive Threat Protection Active Response McAfee Cloud Services ACTIVE RESPONSE: HOW IT WORKS 12 3 4 4 1 McAfee Active Response sends data to the cloud 2 McAfee ePO receives data from the cloud 3 Perform in-depth investigation in McAfee ePO 4 TIE updates the reputation of the threat
17 ACTIVE RESPONSE: LICENSING AND PACKAGING Complete Endpoint Protection (CEB) (CEB) Complete Endpoint Threat Protection Protection (CTP) Endpoint Threat Defense & Response Response (EDR) Endpoint Security Adaptive Threat Protection Device Control Application Control Encryption Threat Intelligence Exchange Active Response ePolicy Orchestrator
18 ACTIVE RESPONSE: SUMMARY A single-pane for investigation, prioritization, genealogy, reputation, historical behavior, and response over potential threats. Workflows Single view to see, investigate, and take action on threats Visibility A view into suspicious behaviors across all Endpoints Investigate Analyze timelines and live searches to find threats Action One click stops threats & updates protection on all Endpoints Simplify View operational status of all Endpoint threat defense services
19 Thank You

Recommended

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye SolutionsPrime Infoserv
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio OverviewIftikhar Ali Iqbal
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 

Recommended

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye SolutionsPrime Infoserv
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio OverviewIftikhar Ali Iqbal
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Cyber Defense Matrix: Revolutions
Cyber Defense Matrix: RevolutionsCyber Defense Matrix: Revolutions
Cyber Defense Matrix: RevolutionsSounil Yu
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...Amazon Web Services
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft DefenderRahul Khengare
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to TenableBharat Jindal
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachNetworkCollaborators
 

More Related Content

What's hot

Cyber Defense Matrix: Revolutions
Cyber Defense Matrix: RevolutionsCyber Defense Matrix: Revolutions
Cyber Defense Matrix: RevolutionsSounil Yu
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...Amazon Web Services
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft DefenderRahul Khengare
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysisCarlo Dapino
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfslametarrokhim1
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCPriyanka Aash
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to TenableBharat Jindal
 

What's hot (20)

Cyber Defense Matrix: Revolutions
Cyber Defense Matrix: RevolutionsCyber Defense Matrix: Revolutions
Cyber Defense Matrix: Revolutions
 
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
 
Container Security Using Microsoft Defender
Container Security Using Microsoft DefenderContainer Security Using Microsoft Defender
Container Security Using Microsoft Defender
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Security architecture - Perform a gap analysis
Security architecture - Perform a gap analysisSecurity architecture - Perform a gap analysis
Security architecture - Perform a gap analysis
 
Understanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdfUnderstanding Cyber Attack - Cyber Kill Chain.pdf
Understanding Cyber Attack - Cyber Kill Chain.pdf
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMUpgrade Your SOC with Cortex XSOAR & Elastic SIEM
Upgrade Your SOC with Cortex XSOAR & Elastic SIEM
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOAR
 
Introduction to Tenable
Introduction to TenableIntroduction to Tenable
Introduction to Tenable
 

Similar to McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)

Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachNetworkCollaborators
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Russia
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban PrósperoClusterCba
 
Kaspersky Endpoint Overview
Kaspersky Endpoint OverviewKaspersky Endpoint Overview
Kaspersky Endpoint Overviewsferinga
 
Kaspersky Endpoint overview
Kaspersky Endpoint overviewKaspersky Endpoint overview
Kaspersky Endpoint overviewsferinga
 
KASPERSKY Description, Ease of Performance and conformity Guide.pptx
KASPERSKY Description, Ease of Performance and conformity Guide.pptxKASPERSKY Description, Ease of Performance and conformity Guide.pptx
KASPERSKY Description, Ease of Performance and conformity Guide.pptxfrancis578223
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeeGaurav "GP" Pal
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsEnergySec
 
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...NetworkCollaborators
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & ResponseHarry McLaren
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Kaspersky Kesb ep10 no_cm_v01a
Kaspersky Kesb ep10 no_cm_v01aKaspersky Kesb ep10 no_cm_v01a
Kaspersky Kesb ep10 no_cm_v01aIgor Pandzic
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015SLBdiensten
 
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco #ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco ITSitio.com
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)PT Datacomm Diangraha
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk
 

Similar to McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR) (20)

Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approachCisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
Cisco Connect 2018 Malaysia - Cybersecurity strategy-an integrated approach
 
Cisco SecureX.pdf
Cisco SecureX.pdfCisco SecureX.pdf
Cisco SecureX.pdf
 
Cisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPsCisco Endpoint Security for MSSPs
Cisco Endpoint Security for MSSPs
 
Esteban Próspero
Esteban PrósperoEsteban Próspero
Esteban Próspero
 
Kaspersky Endpoint Overview
Kaspersky Endpoint OverviewKaspersky Endpoint Overview
Kaspersky Endpoint Overview
 
Kaspersky Endpoint overview
Kaspersky Endpoint overviewKaspersky Endpoint overview
Kaspersky Endpoint overview
 
KASPERSKY Description, Ease of Performance and conformity Guide.pptx
KASPERSKY Description, Ease of Performance and conformity Guide.pptxKASPERSKY Description, Ease of Performance and conformity Guide.pptx
KASPERSKY Description, Ease of Performance and conformity Guide.pptx
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
stackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfeestackArmor - Security MicroSummit - McAfee
stackArmor - Security MicroSummit - McAfee
 
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach k...
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Kaspersky Kesb ep10 no_cm_v01a
Kaspersky Kesb ep10 no_cm_v01aKaspersky Kesb ep10 no_cm_v01a
Kaspersky Kesb ep10 no_cm_v01a
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco #ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 
Splunk for Security Breakout Session
Splunk for Security Breakout SessionSplunk for Security Breakout Session
Splunk for Security Breakout Session
 

More from Iftikhar Ali Iqbal

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportIftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...Iftikhar Ali Iqbal
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookMcAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookIftikhar Ali Iqbal
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalMcAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalIftikhar Ali Iqbal
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingIftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Iftikhar Ali Iqbal
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Iftikhar Ali Iqbal
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Iftikhar Ali Iqbal
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales PlayIftikhar Ali Iqbal
 

More from Iftikhar Ali Iqbal (15)

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookMcAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalMcAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
 
McAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - WhitelistingMcAfee - McAfee Application Control (MAC) - Whitelisting
McAfee - McAfee Application Control (MAC) - Whitelisting
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
 
Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales Play
 

Recently uploaded

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandIES VE
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireExakis Nelite
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?Mark Billinghurst
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 

Recently uploaded (20)

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Microsoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - QuestionnaireMicrosoft CSP Briefing Pre-Engagement - Questionnaire
Microsoft CSP Briefing Pre-Engagement - Questionnaire
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 

McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)

  • 1. McAfee Active Response Endpoint Detection & Response Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/ Valid till Aug 2019
  • 2. 2 AGENDA Target Partners & RTM 1 2 3 Company Overview Portfolio Strategy Endpoint Security Platform 4 McAfee Active Response
  • 4. 4 MCAFEE: OVERVIEW • Founded in 1987 • Headquartered in California, United States • Provides Software and Services • Focus is on Consumer and Enterprise Security • 125,000+ Corporate Customers • 120 Countries • 217+ Innovation Alliance Partners • 800+ Security Patents • On April 4, 2017 – McAfee begun operating as a new standalone company (spun back out of Intel). • Solution Offering: • Cloud Security • Device Security • Network Security • Pervasive Data Protection • Intelligent Security Operations
  • 5. 5 Portfolio Strategy An Integrated And Open Security System Threat Defense Lifecycle Together, Is Far More Powerful Than Sum Of The Parts SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE MCAFEE: STRATEGY
  • 6. 6 SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTURE • Endpoint Protection • Endpoint Detection and Response • Enforcement Controls • File Integrity Monitoring • Advanced Threat Protection • Encryption • Data Loss Prevention • Cloud Workload Protection • Cloud Access Security Broker • Web Gateway Service • Intrusion Prevention System • Advanced Threat Protection • Server Protection • Advanced Threat Protection • Database Security • Mail Server Security • Storage Security • Secure Web Gateway • Intrusion Prevention System Local Threat Intelligence Global Threat Intelligence Skyhigh Threat Intelligence Security Information and Event Management User and Entity Behavior Analytics Incident Response and Remediation MCAFEE: TACTICAL OVERVIEW
  • 8. 8 Detecting and preventing advanced threats Adding new defenses in the future increases management problems Preventing deep investigations to aid in recovery Causing manual processes and delaying responses ComplexityAccuracy Visibility Sustainability ENDPOINT SECURITY: CHALLANGES
  • 9. 9 True centralized management Extensible endpoint security framework Actionable threat forensics in understandable language Advanced capabilities like machine learning analysis of sophisticated threats Integrated platform that unites defenses to work together ENDPOINT SECURITY: THE MCAFEE RESOLUTION
  • 10. 10 KNOWN THREATS UNKNOWN THREATS Threat Prevention Firewall Web Control Adaptive Threat Protection Threat Intelligence Exchange Active Response McAfee Endpoint Platform - Anti-malware - Host-based IPS - Exploit Prevention - Host-based Firewall - Web/Browser Control - Machine Learning - Application Containment - Reputation-based - Threat Sharing - EDR Single Agent (McAfee Agent) Single Management (McAfee ePolicy Orchestrator) Deployment Reporting & QueriesPolicy Configurations Dashboards Automated Responses ENDPOINT SECURITY: PLATFORM
  • 12. 12 ACTIVE RESPONSE: EDR ‘The EDR market is defined as solutions that record and store endpoint-system-level behaviors and events, such as user, file, process, registry, memory and network events. Multiple detection techniques are then used to continually search the stored data to detect security events that require human intervention to respond rapidly.’ ‘By 2021, endpoint protection platforms (EPPs) will provide automated, orchestrated incident investigation and breach response. Separate, stand-alone endpoint detection and response (EDR) solutions will focus on managed security service provider (MSSP) and large enterprise security operations center (SOC) environments..’ Market Guide for Endpoint Detection and Response Solutions, 9 November 2017, Peter Firstbrook Magic Quadrant for Endpoint Protection Platforms, 24 January 2018, Ian McShane, Avivah Litan, Eric Ouellet, Prateek Bhajanka
  • 14. 14  Find and visualize data from your endpoints  Search for files, network flows, registry and process mapping  Hunt and kill threats  Hunt for file hashes, endpoints connected to specific IP and kill processes, remove files, etc  Continuously monitor a critical event  Initiate an action before hand for future threats  Leverage Data Exchange Layer (DXL) to communicate with other products  Reduce risk and response time COLLECTORS REACTONS TRIGGERS INTEGRATION ACTIVE RESPONSE: FEATURES
  • 15. 15 ePolicy Orchestrator Data Exchange Layer Advanced Threat Defense (Malware Analysis) McAfee Agent Endpoints Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Active Response Endpoint Security Adaptive Threat Protection Active Response Endpoint Security Adaptive Threat Protection Active Response McAfee Linux OS McAfee Cloud Services ACTIVE RESPONSE: ARCHITECTURE
  • 16. 16 ePolicy Orchestrator McAfee Agent Endpoints Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Active Response Endpoint Security Adaptive Threat Protection Active Response Endpoint Security Adaptive Threat Protection Active Response McAfee Cloud Services ACTIVE RESPONSE: HOW IT WORKS 12 3 4 4 1 McAfee Active Response sends data to the cloud 2 McAfee ePO receives data from the cloud 3 Perform in-depth investigation in McAfee ePO 4 TIE updates the reputation of the threat
  • 17. 17 ACTIVE RESPONSE: LICENSING AND PACKAGING Complete Endpoint Protection (CEB) (CEB) Complete Endpoint Threat Protection Protection (CTP) Endpoint Threat Defense & Response Response (EDR) Endpoint Security Adaptive Threat Protection Device Control Application Control Encryption Threat Intelligence Exchange Active Response ePolicy Orchestrator
  • 18. 18 ACTIVE RESPONSE: SUMMARY A single-pane for investigation, prioritization, genealogy, reputation, historical behavior, and response over potential threats. Workflows Single view to see, investigate, and take action on threats Visibility A view into suspicious behaviors across all Endpoints Investigate Analyze timelines and live searches to find threats Action One click stops threats & updates protection on all Endpoints Simplify View operational status of all Endpoint threat defense services