SlideShare a Scribd company logo

McAfee - McAfee Application Control (MAC) - Whitelisting

Download as PPTX, PDF
Iftikhar Ali Iqbal
Iftikhar Ali Iqbal

The presentation provides the following: - McAfee Company Overview - McAfee Strategy - Whitelisting Strategy - Gartner - McAfee Endpoint Protection - McAfee Application Control (MAC) Overview - McAfee Application Control (MAC) Modes - McAfee Application Control (MAC) Features - McAfee Application Control (MAC) Trust Model - McAfee Application Control (MAC) Architecture - McAfee Application Control (MAC) Licenses & Packaging Please note all the information is based prior to Aug 2019.

Technology
1 of 22
McAfee Application Control ManagedWhitelisting Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/ Valid till Aug 2019
Application Control AGENDA Target Partners & RTM 1 2 3 Company Overview Whitelisting Concept McAfee Application Control 4 Licensing and Packaging
COMPANY OVERVIEW Offerings & Strategy
Application Control MCAFEE: OVERVIEW • Founded in 1987 • Headquartered in California, United States • Provides Software and Services • Focus is on Consumer and Enterprise Security • 125,000+ Corporate Customers • 120 Countries • 217+ Innovation Alliance Partners • 800+ Security Patents • Solution Offering: • Cloud Security • Device Security • Network Security • Data Protection and Encryption • Intelligent Security Operations • Service Offering: • Technical Support • Professional Services • Education
Application Control Portfolio Strategy An Integrated And Open Security System Threat Defense Lifecycle Together, Is Far More Powerful Than Sum Of The Parts SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTUR E MCAFEE: STRATEGY
WHITELISITING Concept
Application Control UNKOWNKNOWN GOOD KNOWN BAD WHITELISTING: STRATEGY 0 Viruses Worms Trojans Polymorphic APTs 0-Day Threats File Inventories Certificate Owner Directory Reputation B L A C K L I S TW H I T E L I S T Most Challenging Suspicious Custom/Local Mario de Boer. “Protecting Endpoints From Malware Using Application Whitelisting, Isolation and Privilege Management”. 6 JULY 2016. GARTNER. Technical Professional Advice G R E Y L I S T
APPLICATION CONTROL Overview & Features
Application Control ENDPOINT SECURITY ADAPTIVE THREAT PROTECTION ACTIVE RESPONSE THREAT INTELLIGENCE EXCHANGE APP + DEV CONTROL McAfee ePolicy Orchestrator Endpoint Detection & Response Signature-based Protection + Firewall + Web Control Machine Learning + Application Containment Reputation-based Protection Whitelistin g McAfee Agent Data Exchange Layer (DXL) ADVANCED THREAT DEFENSE Malware Analysis (including Sandboxing) PUBLISH THREAT EVENTS + PRODUCT INTEGRATIONS MCAFEE: ENDPOINT SECURITY
Application Control MAC: OVERVIEW APPLICATION VISIBILITY REPUTATION-BASED DYNAMIC WHITELISTING MEMORY PROTECTION DYNAMIC ANALYSIS Discovery scans to identify Known Good, Known Bad and Unknown applications Allow only trusted processes, certificates, users and directories to run (lockdown Prevent vulnerable trusted applications from being exploited Integrate with McAfee Global Threat Intelligence (GTI) + Local Intelligence for fe Integrate with McAfee Advanced Threat Defense (ATD) for dynamic analysis
Application Control MAC: MODES OBSERVE ENABLED UPDATEDISABLED APPLICATION CONTROL - RUNNING RUNNING RUNNING APPLICATION VISIBILITY - RUNNING RUNNING RUNNING DYNAMIC WHITELISTING - MONITOR RUNNING RUNNING MEMORY PROTECTION - - RUNNING RUNNING REPUTATION-BASED* - RUNNING RUNNING RUNNING DYNAMIC ANALYSIS# RUNNING RUNNING RUNNING *Requires integration with McAfee Threat Intelligence Exchange (TIE) for Local reputation feeds. McAfee Global Threat Intelligence (GTI) is included. #Requires McAfee Threat Intelligence Exchange (TIE) to be integrated with McAfee Advanced Threat Defense (ATD). -
Application Control MAC: FEATURES APPLICATION VISIBILITY Discovery scans to identify Known Good, Known Bad and Unknown applications Applications - Trusted - Malicious - Unknown Other Files - Trusted - Malicious - Unknown STAGING INVENTORY ANALYTICS APPLICATION FILE NAME FILE SHA-1 FILE SHA-256 FILE MD5 VENDOR REPUTATION SYSTEM
Application Control DYNAMIC WHITELISTING Allow only trusted processes, certificates, users and directories to run (lockdown Applications - Trusted - Malicious - Unknown Other Files - Trusted - Malicious - Unknown Trusted Processes Trusted Directories Trusted Certificates Trusted Users Default Deny Allow software execution based on approved whitelist or trusted updaters WHITELIST EXECUTION CONTROL TRUST MODEL MAC: FEATURES
Application Control MEMORY PROTECTION Prevent vulnerable trusted applications from being exploited Trusted Processes Trusted Directories Trusted Certificates Trusted Users Default Deny Allow software execution based on approved whitelist or trusted updaters WHITELIST EXECUTION CONTROL TRUST MODEL2nd LAYER DEFENCE MAC: FEATURES
Application Control REPUTATION-BASED Integrate with McAfee Global Threat Intelligence (GTI) + Local Intelligence for fe Default Deny Allow software execution based on approved whitelist or trusted updaters TRUST MODEL Detect and Deny Allow software execution based on reputation REPUTATION SOURCES THREAT INTELLIGENCE EXCHANGE Local File Reputation (OPTIONAL) McAfee ePolicy Orchestrator MAC KNOWN BAD KNOWN GOOD GLOBAL THREAT INTELLIGENCE Cloud File Reputation MAC: FEATURES
Application Control DYNAMIC ANALYSIS Integrate with McAfee Advanced Threat Defense (ATD) for dynamic analysis Default Deny Allow software execution based on approved whitelist or trusted updaters TRUST MODEL Detect and Deny Allow software execution based on reputation REPUTATION SOURCES THREAT INTELLIGENCE EXCHANGE Local File Reputation (OPTIONAL) McAfee ePolicy Orchestrator MAC KNOWN BAD KNOWN GOOD GLOBAL THREAT INTELLIGENCE Cloud File Reputation Verify and Deny Allow execution of applications verified by sandbox testing ADVANCED THREAT DEFENSE Malware Analysis (OPTIONAL) MAC: FEATURES
Application Control Default Deny Allow software execution based on approved whitelist or trusted updaters Detect and Deny Allow software execution based on reputation Verify and Deny Allow execution of applications verified by sandbox testing MAC: SUMMARY Execution Control and Management Signature-less Memory Protection DYANMIC TRUST MODEL
APPLICATION CONTROL ARCHITECTURE
Application Control ePolicy Orchestrator Advanced Threat Defense (Malware Analysis) McAfee Agent Endpoints ATM POSKiosk McAfee Agent Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Application Control Application Control Application Control McAfee Labs Global Threat Intelligence (GTI) OPTIONAL OPTIONAL MAC: HIGH-LEVEL ARCHITECTURE
LICENSING & PACKAGING
Application Control PACKAGING: SUITES COMPLETE ENDPOINT THREAT PROTECTION (CTP) • Endpoint Security • Adaptive Threat Protection • Device Control • Application Control COMPLETE ENDPOINT PROTECTION (CEB) • Endpoint Security • Adaptive Threat Protection • Device Control • Application Control • Drive Encryption • File & Removable Media Protection CLOUD WORKLOAD SECURITY – A (CWSA) • Cloud Workload Security • Endpoint Security for Servers • Adaptive Threat Prevention • Management for Optimized Virtual Environments (MOVE) • Threat Intelligence Exchange • Application Control • Change Control INTEGITY CONTROL FOR FIXED FUCTION DEVICES • Change Control • Application Control APPLICATION CONTROL FOR PCs APPLICATION CONTROL FOR SERVERS MVISION PLUS • Endpoint Security • Adaptive Threat Protection • Device Control • Application Control • Threat Intelligence Exchange • MVISION Endpoint • MVISION Mobile • MVISION ePO
THANK YOU

Recommended

McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookMcAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
Iftikhar Ali Iqbal
 
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle BotbolAPIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
apidays
 
Selenium Manager: Automated Driver & Browser Management for Selenium WebDriver
Selenium Manager: Automated Driver & Browser Management for Selenium WebDriverSelenium Manager: Automated Driver & Browser Management for Selenium WebDriver
Selenium Manager: Automated Driver & Browser Management for Selenium WebDriver
Boni García
 
Infrastructure as Code on Azure: Show your Bicep!
Infrastructure as Code on Azure: Show your Bicep!Infrastructure as Code on Azure: Show your Bicep!
Infrastructure as Code on Azure: Show your Bicep!
Marco Obinu
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
Kiran Kumar
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway
Chris Mague
 
Android Security
Android SecurityAndroid Security
Android Security
Lars Jacobs
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Ajin Abraham
 

Recommended

McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - TechbookMcAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
McAfee - McAfee Application Control (MAC) - Whitelisting - Techbook
Iftikhar Ali Iqbal
 
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle BotbolAPIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
APIsecure 2023 - Android Applications and API Hacking, Gabrielle Botbol
apidays
 
Selenium Manager: Automated Driver & Browser Management for Selenium WebDriver
Selenium Manager: Automated Driver & Browser Management for Selenium WebDriverSelenium Manager: Automated Driver & Browser Management for Selenium WebDriver
Selenium Manager: Automated Driver & Browser Management for Selenium WebDriver
Boni García
 
Infrastructure as Code on Azure: Show your Bicep!
Infrastructure as Code on Azure: Show your Bicep!Infrastructure as Code on Azure: Show your Bicep!
Infrastructure as Code on Azure: Show your Bicep!
Marco Obinu
 
IDM Resume _ Kiran
IDM Resume _ KiranIDM Resume _ Kiran
IDM Resume _ Kiran
Kiran Kumar
 
Kong API Gateway
Kong API Gateway Kong API Gateway
Kong API Gateway
Chris Mague
 
Android Security
Android SecurityAndroid Security
Android Security
Lars Jacobs
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Ajin Abraham
 
Semantic Versioning
Semantic VersioningSemantic Versioning
Semantic Versioning
Christian Baranowski
 
Vault 101
Vault 101Vault 101
Vault 101
Hazzim Anaya
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
Kyohei Mizumoto
 
Microservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudMicroservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring Cloud
Eberhard Wolff
 
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Edureka!
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
Spring Data JDBC: Beyond the Obvious
Spring Data JDBC: Beyond the ObviousSpring Data JDBC: Beyond the Obvious
Spring Data JDBC: Beyond the Obvious
VMware Tanzu
 
MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)
Agile Testing Alliance
 
MuleSoft Online Meetup - Salesforce Streaming APIs
MuleSoft Online Meetup - Salesforce Streaming APIsMuleSoft Online Meetup - Salesforce Streaming APIs
MuleSoft Online Meetup - Salesforce Streaming APIs
Royston Lobo
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
apidays
 
Angular overview
Angular overviewAngular overview
Angular overview
Thanvilahari
 
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference... Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Rahul Krishna Upadhyaya
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
Spring Security 3
Spring Security 3Spring Security 3
Spring Security 3
Jason Ferguson
 
Maven tutorial
Maven tutorialMaven tutorial
Maven tutorial
Dragos Balan
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
NowSecure
 
Vault
VaultVault
Vault
Jean-Philippe Bélanger
 
Api-First service design
Api-First service designApi-First service design
Api-First service design
Stefaan Ponnet
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Scalar Decisions
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
NGINX, Inc.
 

More Related Content

What's hot

What's hot (20)

Semantic Versioning
Semantic VersioningSemantic Versioning
Semantic Versioning
 
Vault 101
Vault 101Vault 101
Vault 101
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
 
Microservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring CloudMicroservices with Java, Spring Boot and Spring Cloud
Microservices with Java, Spring Boot and Spring Cloud
 
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
Spring Framework Tutorial | Spring Tutorial For Beginners With Examples | Jav...
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
 
Spring Data JDBC: Beyond the Obvious
Spring Data JDBC: Beyond the ObviousSpring Data JDBC: Beyond the Obvious
Spring Data JDBC: Beyond the Obvious
 
MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)MobSF: Mobile Security Testing (Android/IoS)
MobSF: Mobile Security Testing (Android/IoS)
 
MuleSoft Online Meetup - Salesforce Streaming APIs
MuleSoft Online Meetup - Salesforce Streaming APIsMuleSoft Online Meetup - Salesforce Streaming APIs
MuleSoft Online Meetup - Salesforce Streaming APIs
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
 
Angular overview
Angular overviewAngular overview
Angular overview
 
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference... Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
Openstack - An introduction/Installation - Presented at Dr Dobb's conference...
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
 
Kong
KongKong
Kong
 
Spring Security 3
Spring Security 3Spring Security 3
Spring Security 3
 
Maven tutorial
Maven tutorialMaven tutorial
Maven tutorial
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Vault
VaultVault
Vault
 
Api-First service design
Api-First service designApi-First service design
Api-First service design
 

Similar to McAfee - McAfee Application Control (MAC) - Whitelisting

Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Amazon Web Services
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Cristian Garcia G.
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
IBM Security
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
Amazon Web Services Korea
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
Invincea, Inc.
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
Cloudflare
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Amazon Web Services
 
Kaspersky Endpoint Overview
Kaspersky Endpoint OverviewKaspersky Endpoint Overview
Kaspersky Endpoint Overview
sferinga
 
Kaspersky Endpoint overview
Kaspersky Endpoint overviewKaspersky Endpoint overview
Kaspersky Endpoint overview
sferinga
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
Andrew Kanikuru
 

Similar to McAfee - McAfee Application Control (MAC) - Whitelisting (20)

Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
Architecting Application Services For Hybrid Cloud - AWS Summit SG 2017
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
 
Detect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange PartnersDetect and Respond to Threats Better with IBM Security App Exchange Partners
Detect and Respond to Threats Better with IBM Security App Exchange Partners
 
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...
 
Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015Presentatie McAfee: Optimale Endpoint Protection 26062015
Presentatie McAfee: Optimale Endpoint Protection 26062015
 
Securing Beyond the Cloud Generation
Securing Beyond the Cloud GenerationSecuring Beyond the Cloud Generation
Securing Beyond the Cloud Generation
 
Content Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat ProtectionContent Analysis System and Advanced Threat Protection
Content Analysis System and Advanced Threat Protection
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
Tech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs WhitelistingTech Throwdown: Secure Containerization vs Whitelisting
Tech Throwdown: Secure Containerization vs Whitelisting
 
FireEye Solutions
FireEye SolutionsFireEye Solutions
FireEye Solutions
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
 
Kaspersky Endpoint Overview
Kaspersky Endpoint OverviewKaspersky Endpoint Overview
Kaspersky Endpoint Overview
 
Kaspersky Endpoint overview
Kaspersky Endpoint overviewKaspersky Endpoint overview
Kaspersky Endpoint overview
 
Veracode Corporate Overview - Print
Veracode Corporate Overview - PrintVeracode Corporate Overview - Print
Veracode Corporate Overview - Print
 

More from Iftikhar Ali Iqbal

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
Iftikhar Ali Iqbal
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
Iftikhar Ali Iqbal
 

More from Iftikhar Ali Iqbal (15)

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC ReportMcAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Docu...
 
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - ProposalMcAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
McAfee - McAfee Application Control (MAC) - Whitelisting - Proposal
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio Overview
 
Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)Symantec Data Loss Prevention - Technical Proposal (General)
Symantec Data Loss Prevention - Technical Proposal (General)
 
Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)Technology Overview - Validation & ID Protection (VIP)
Technology Overview - Validation & ID Protection (VIP)
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept Document
 
Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)Symantec Messaging Gateway - Technical Proposal (General)
Symantec Messaging Gateway - Technical Proposal (General)
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
 
Symantec Portfolio - Sales Play
Symantec Portfolio - Sales PlaySymantec Portfolio - Sales Play
Symantec Portfolio - Sales Play
 

Recently uploaded

Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
panagenda
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
panagenda
 

Recently uploaded (20)

Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
Easier, Faster, and More Powerful – Alles Neu macht der Mai -Wir durchleuchte...
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxTales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Using IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & IrelandUsing IESVE for Room Loads Analysis - UK & Ireland
Using IESVE for Room Loads Analysis - UK & Ireland
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 

McAfee - McAfee Application Control (MAC) - Whitelisting

  • 1. McAfee Application Control ManagedWhitelisting Iftikhar Ali Iqbal, CISSP, CCSP, CISM https://www.linkedin.com/in/iftikhariqbal/ Valid till Aug 2019
  • 2. Application Control AGENDA Target Partners & RTM 1 2 3 Company Overview Whitelisting Concept McAfee Application Control 4 Licensing and Packaging
  • 4. Application Control MCAFEE: OVERVIEW • Founded in 1987 • Headquartered in California, United States • Provides Software and Services • Focus is on Consumer and Enterprise Security • 125,000+ Corporate Customers • 120 Countries • 217+ Innovation Alliance Partners • 800+ Security Patents • Solution Offering: • Cloud Security • Device Security • Network Security • Data Protection and Encryption • Intelligent Security Operations • Service Offering: • Technical Support • Professional Services • Education
  • 5. Application Control Portfolio Strategy An Integrated And Open Security System Threat Defense Lifecycle Together, Is Far More Powerful Than Sum Of The Parts SECURITY OPERATIONS DEVICE CLOUD MANAGEMENT THREAT INTELLIGENCE ANALYTICS AUTOMATION / ORCHESTRATION INFRASTRUCTUR E MCAFEE: STRATEGY
  • 7. Application Control UNKOWNKNOWN GOOD KNOWN BAD WHITELISTING: STRATEGY 0 Viruses Worms Trojans Polymorphic APTs 0-Day Threats File Inventories Certificate Owner Directory Reputation B L A C K L I S TW H I T E L I S T Most Challenging Suspicious Custom/Local Mario de Boer. “Protecting Endpoints From Malware Using Application Whitelisting, Isolation and Privilege Management”. 6 JULY 2016. GARTNER. Technical Professional Advice G R E Y L I S T
  • 9. Application Control ENDPOINT SECURITY ADAPTIVE THREAT PROTECTION ACTIVE RESPONSE THREAT INTELLIGENCE EXCHANGE APP + DEV CONTROL McAfee ePolicy Orchestrator Endpoint Detection & Response Signature-based Protection + Firewall + Web Control Machine Learning + Application Containment Reputation-based Protection Whitelistin g McAfee Agent Data Exchange Layer (DXL) ADVANCED THREAT DEFENSE Malware Analysis (including Sandboxing) PUBLISH THREAT EVENTS + PRODUCT INTEGRATIONS MCAFEE: ENDPOINT SECURITY
  • 10. Application Control MAC: OVERVIEW APPLICATION VISIBILITY REPUTATION-BASED DYNAMIC WHITELISTING MEMORY PROTECTION DYNAMIC ANALYSIS Discovery scans to identify Known Good, Known Bad and Unknown applications Allow only trusted processes, certificates, users and directories to run (lockdown Prevent vulnerable trusted applications from being exploited Integrate with McAfee Global Threat Intelligence (GTI) + Local Intelligence for fe Integrate with McAfee Advanced Threat Defense (ATD) for dynamic analysis
  • 11. Application Control MAC: MODES OBSERVE ENABLED UPDATEDISABLED APPLICATION CONTROL - RUNNING RUNNING RUNNING APPLICATION VISIBILITY - RUNNING RUNNING RUNNING DYNAMIC WHITELISTING - MONITOR RUNNING RUNNING MEMORY PROTECTION - - RUNNING RUNNING REPUTATION-BASED* - RUNNING RUNNING RUNNING DYNAMIC ANALYSIS# RUNNING RUNNING RUNNING *Requires integration with McAfee Threat Intelligence Exchange (TIE) for Local reputation feeds. McAfee Global Threat Intelligence (GTI) is included. #Requires McAfee Threat Intelligence Exchange (TIE) to be integrated with McAfee Advanced Threat Defense (ATD). -
  • 12. Application Control MAC: FEATURES APPLICATION VISIBILITY Discovery scans to identify Known Good, Known Bad and Unknown applications Applications - Trusted - Malicious - Unknown Other Files - Trusted - Malicious - Unknown STAGING INVENTORY ANALYTICS APPLICATION FILE NAME FILE SHA-1 FILE SHA-256 FILE MD5 VENDOR REPUTATION SYSTEM
  • 13. Application Control DYNAMIC WHITELISTING Allow only trusted processes, certificates, users and directories to run (lockdown Applications - Trusted - Malicious - Unknown Other Files - Trusted - Malicious - Unknown Trusted Processes Trusted Directories Trusted Certificates Trusted Users Default Deny Allow software execution based on approved whitelist or trusted updaters WHITELIST EXECUTION CONTROL TRUST MODEL MAC: FEATURES
  • 14. Application Control MEMORY PROTECTION Prevent vulnerable trusted applications from being exploited Trusted Processes Trusted Directories Trusted Certificates Trusted Users Default Deny Allow software execution based on approved whitelist or trusted updaters WHITELIST EXECUTION CONTROL TRUST MODEL2nd LAYER DEFENCE MAC: FEATURES
  • 15. Application Control REPUTATION-BASED Integrate with McAfee Global Threat Intelligence (GTI) + Local Intelligence for fe Default Deny Allow software execution based on approved whitelist or trusted updaters TRUST MODEL Detect and Deny Allow software execution based on reputation REPUTATION SOURCES THREAT INTELLIGENCE EXCHANGE Local File Reputation (OPTIONAL) McAfee ePolicy Orchestrator MAC KNOWN BAD KNOWN GOOD GLOBAL THREAT INTELLIGENCE Cloud File Reputation MAC: FEATURES
  • 16. Application Control DYNAMIC ANALYSIS Integrate with McAfee Advanced Threat Defense (ATD) for dynamic analysis Default Deny Allow software execution based on approved whitelist or trusted updaters TRUST MODEL Detect and Deny Allow software execution based on reputation REPUTATION SOURCES THREAT INTELLIGENCE EXCHANGE Local File Reputation (OPTIONAL) McAfee ePolicy Orchestrator MAC KNOWN BAD KNOWN GOOD GLOBAL THREAT INTELLIGENCE Cloud File Reputation Verify and Deny Allow execution of applications verified by sandbox testing ADVANCED THREAT DEFENSE Malware Analysis (OPTIONAL) MAC: FEATURES
  • 17. Application Control Default Deny Allow software execution based on approved whitelist or trusted updaters Detect and Deny Allow software execution based on reputation Verify and Deny Allow execution of applications verified by sandbox testing MAC: SUMMARY Execution Control and Management Signature-less Memory Protection DYANMIC TRUST MODEL
  • 19. Application Control ePolicy Orchestrator Advanced Threat Defense (Malware Analysis) McAfee Agent Endpoints ATM POSKiosk McAfee Agent Physical Servers Virtual Servers McAfee Agent Threat Intelligence Exchange Application Control Application Control Application Control McAfee Labs Global Threat Intelligence (GTI) OPTIONAL OPTIONAL MAC: HIGH-LEVEL ARCHITECTURE
  • 21. Application Control PACKAGING: SUITES COMPLETE ENDPOINT THREAT PROTECTION (CTP) • Endpoint Security • Adaptive Threat Protection • Device Control • Application Control COMPLETE ENDPOINT PROTECTION (CEB) • Endpoint Security • Adaptive Threat Protection • Device Control • Application Control • Drive Encryption • File & Removable Media Protection CLOUD WORKLOAD SECURITY – A (CWSA) • Cloud Workload Security • Endpoint Security for Servers • Adaptive Threat Prevention • Management for Optimized Virtual Environments (MOVE) • Threat Intelligence Exchange • Application Control • Change Control INTEGITY CONTROL FOR FIXED FUCTION DEVICES • Change Control • Application Control APPLICATION CONTROL FOR PCs APPLICATION CONTROL FOR SERVERS MVISION PLUS • Endpoint Security • Adaptive Threat Protection • Device Control • Application Control • Threat Intelligence Exchange • MVISION Endpoint • MVISION Mobile • MVISION ePO