Your SlideShare is downloading. ×
McAfee MOVE & Endpoint Security
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

McAfee MOVE & Endpoint Security


Published on

McAfee MOVE (Management for Optimized Virtual Environments) bietet Sicherheitsmanagement für virtuelle Umgebungen. Außerdem werden Lösungen für Endpoint Security vorgestellt.

McAfee MOVE (Management for Optimized Virtual Environments) bietet Sicherheitsmanagement für virtuelle Umgebungen. Außerdem werden Lösungen für Endpoint Security vorgestellt.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. McAfee MOVE / Endpoint Security Marco Schultes02.06.2011Marco Schultes - netlogix Hausmesse LIVE/11 1
  • 2. Was IST eigentlich McAfee MOVE? Management for Optimized Virtual Environments 22
  • 3. Aber warum optimiert?Heutige (AntiVirus)-Applikationen sindnicht für virtuelleUmgebungenprogrammiert, nicht„hypervisor aware“und deshalb sehrverschwenderischim Umgang mitRessourcen. 3
  • 4. MOVE - die neue Plattform zurAbsicherung virtueller Umgebungen„MOVE is a new strategic Platform and NOT a single Product“ HIPS Plug-in AV for Server Plug-in File Encryption AV for Plug-in McAfee MOVE VDI‘s Platform Plug-in Site SIA Adivsor Partner Plug-in Device Plug-in Control Plug-in 4
  • 5. AntiVirus OptimierungDie Probleme des Administrators 5
  • 6. Problem #1 - Virtuelle Server“Klassisches AV frisst CPU-Leistung” Individuelle Konsolidierte Server ServerCPU & I/O Utilization On-Access Scans 3-5% CPU-Last auf 30% mit 10 virtuellen Maschinen individuellen Maschinen On-Demand Scans 50-70% Last auf individuellen Drei gleichzeitige Scans Maschinen können den Host in die Knie zwingen 6
  • 7. Problem #2 - Virtuelle Server“READ-ONLY Images” Virtual Virtual Offline Machine Machine Virtual Image• READ-ONLY & Offline Apps Apps Apps Images können nicht gepatched werden OS OS OS und keine DAT- Hypervisor Updates erhalten 7
  • 8. Problem #3 - Virtuelle Desktops “AV-Storming”Organisatorische Probleme• Kapazitätsplanung• Zeitplanung• VM-Dichte auf dem Hypervisor• Verschiedene Management-Oberflächen 8
  • 9. McAfee MOVE-AV für Server und VDI VM VM MOVE Virtual Appliance Applications Applications MOVE Off-load MOVE Processing OS OS Hypervisor ePO McAfee ePO MOVE AV for VDI’s Client • On-Access Scanning (OAS) • On-Demand Scanning (ODS) (angekündigt)Virtual Desktop • Updates nur auf MOVE Virtual Appliance nötig Client MOVE AV for Virtual Servers • Scan basierend auf Hypervisor-Auslastung Virtual Desktop • On-Demand Scanning (ODS) • Offline Scanning (OVI) • On-Access Scanning (OAS) (angekündigt) 9
  • 10. FeaturesEffizientes Security-Management – Volle ePO-Integration – Hypervisor-unabhängig (Vmware ESX / Citrix XenServer / MS HyperV (angekündigt) – Offline Virenscan – Hypervisor-lastabhängig – Security Dashboards/Reports per Hypervisor 10
  • 11. McAfee MOVEEin technischer Überblick 11
  • 12. Optimiertes File Scanning1. Lokaler Scan Cache2. Globaler Scan Cache3. File scannen4. Artemis Anbindung 3 2 1 4 abc abc Scan abc ac def gi def gi def def g ii g Engine Hypervisor Artemis 12
  • 13. Advanced File Caching• Reduziert den Scan Overhead – Durch effizienten Einsatz von Caches – Lokaler Scan Cache auf der VM – Globaler Scan Cache auf der Scan Engine ePO Server Scan abc abc abc def gi def gi abc def def g ii g Engine Hypervisor MOVE Cache Synchronization Protocol Server 13
  • 14. Traditionelles AV vs. MOVE AV 14
  • 15. McAfee Plattform-Test auf Citrix XenServer A/V within the guest Offloading A/V with MOVEMemory Consumption 60-120MB+ ~20MB(per VM)Peak CPU Usage (per 80-100% <10%hypervisor)VM Density X 3XScanning Resource YES NOUtilization (Offloaded to Virtual Appliance)DAT Update Resource YES NOUtilization (Offloaded to Virtual Appliance) The product plans, specifications and descriptions herein are provided for information only, subject to change without notice, results may vary and without warranty of any kind, express or implied 15
  • 16. MOVE Agent in Action 16
  • 17. MOVE Konfiguration Bis zu 2 Scan-Server können angegeben werden (virtuelle oder physikalische Server) 17
  • 18. Security Dashboards / Reports 18
  • 19. Hypervisor-aware Scheduler 19
  • 20. Verhindert „AV Storming“ Scan wird verhindert, da die Hypervisor-Auslastung zu hoch ist 20
  • 21. Zusammenfassung • Erhöhen der virtuellen Server Security mit minimalen Performance-Auswirkungen • Aktivieren von VDI Security bei gleichzeitig hoher VM Dichte pro Hypervisor • (Zeit-)Einsparungen durch vereinfachtes zentrales Management über ePO • Unabhängig vom Hypervisor – ESX / XenServer / Hyper-V 21
  • 22. McAfee Data Protection 22
  • 23. McAfee Data ProtectionMcAfee Data Loss Prevention McAfee Device ControlFull control and absolute Prevent unauthorized usevisibility over user behavior of removable media Data Loss Device devices Prevention ControlMcAfee Total IntegratedProtection™ technologies forfor Data total data protection Endpoint Encrypted Encryption USBMcAfee Endpoint Encryption McAfee Encrypted USBFull disk, mobile device, and Secure, portable externalfile and folder encryption storage devicescoupled with strongauthentication 23
  • 24. Data Breaches Don’t Discriminate “DuPont scientist downloaded “Royal London Mutual Insurance 22,000 sensitive documents as he Society loses eight laptops and the got ready to take a job with a personal details of 2,135 people” competitor…” SC Magazine“The FSA has fined “Personal data of “ChoicePoint to payNationwide £980,000 600,000 on lost $15 million over datafor a stolen laptop” laptop” breach—Data broker sold info on 163,000 people” 24
  • 25. ChallengeHow best to protect confidential corporate data on mobile devices from loss, theft, or exposure to unauthorized parties? – Laptops lost or stolen in airports, taxis and hotels cost companies an average of $49,2461 – 36% of data breaches were due to lost or stolen laptop computers • Average cost is $6.75 million per breach2 – Best practices: “Ensure that portable data-bearing devices…are encrypted”2 – “Protected health information (PHI) is rendered unusable, unreadable, or indecipherable to unauthorized individuals if encrypted or destroyed”3 – Staying out of the news 1 Ponemon 2 Ponemon, 2009 Cost of a Data Breach 3 HIPAA DHHS Guidance 2009 25
  • 26. McAfee Endpoint Encryption You need • Encryption for laptops, desktops, and mobile devices with the flexibility to choose full disk or file and folder encryption Data Loss Device • Confidence in integrity of sensitive data when a Prevention Control device is lost or stolen • Safe Harbor protection McAfee offers • Broad support for laptops, desktops, and mobile devices Endpoint Encrypted Encryption USB • Full audit trails for compliance & auditing needs • Support for multiple strong authentication methods • Certifications: FIPS 140-2, Common Criteria Level 4 (highest level for software products), BITS, CSIA, etc. 26
  • 27. Solution: Full Disk EncryptionWhy encrypt? – Every disk drive in an organization eventually leaves said organization • Natural retirement/replacement • Loss • Theft – Knowing what sensitive information is on a given drive is difficult • Avoids having to classify data to decide what to protect – Applications use a myriad of “hidden” temp files that contain your dataData protection made easy – Simple to deploy – Nearly transparent user experience 27
  • 28. Solution: Full Disk EncryptionFull Disk Encryption• No data access without proper authentication• Complete, proven protection against loss and theft• Extensible complement to other data protection technologies like file encryption, encrypted USB drives, and DLPHow does it work?• Disk drive is fully encrypted, sector A through sector Z• As new information is created, it is encrypted on-the-fly• A unique, per-device recovery token is used to handle normal “lost password” situations 28
  • 29. Security Details MatterCC EAL 4 and FIPS 140-2 Level 2 validation – Proves the security level by an independent bodyAES 256-bit encryption – Encryption on-the-fly using strong algorithmsUp to three-factor authentication – McAfee Endpoint Encryption offers a strong pre- boot authentication – Support for various smart cards, USB tokens and biometric devicesePO compliance reporting and deployment – Identify non-encrypted machines – Deploy using McAfee ePOBusiness continuity – McAfee Endpoint Encryption offers offline challenge-response recovery – Reduce costs using our local user self-recovery (questions + answers) 29