The document outlines McAfee's application control and managed whitelisting strategies, highlighting the company's longstanding presence in the security software industry and its offerings across various sectors. It details the features of McAfee's application control, including endpoint security, dynamic whitelisting, and integration with threat intelligence for enhanced protection against malware and other threats. The document also discusses licensing and packaging options for their solutions, ultimately presenting an integrated approach to security management.

1. McAfee Application Control
ManagedWhitelisting
Iftikhar Ali Iqbal, CISSP, CCSP, CISM
https://www.linkedin.com/in/iftikhariqbal/
Valid till Aug 2019

2. Application Control
AGENDA
Target
Partners
& RTM
1
2
3
Company Overview
Whitelisting Concept
McAfee Application Control
4 Licensing and Packaging

3. COMPANY OVERVIEW
Offerings & Strategy

4. Application Control
MCAFEE: OVERVIEW
• Founded in 1987
• Headquartered in California, United States
• Provides Software and Services
• Focus is on Consumer and Enterprise
Security
• 125,000+ Corporate Customers
• 120 Countries
• 217+ Innovation Alliance Partners
• 800+ Security Patents
• Solution Offering:
• Cloud Security
• Device Security
• Network Security
• Data Protection and Encryption
• Intelligent Security Operations
• Service Offering:
• Technical Support
• Professional Services
• Education

5. Application Control
Portfolio Strategy
An Integrated And Open Security System
Threat Defense Lifecycle
Together, Is Far More Powerful Than Sum Of The Parts
SECURITY
OPERATIONS
DEVICE CLOUD
MANAGEMENT
THREAT INTELLIGENCE
ANALYTICS
AUTOMATION / ORCHESTRATION
INFRASTRUCTUR
E
MCAFEE: STRATEGY

6. WHITELISITING
Concept

7. Application Control
UNKOWNKNOWN GOOD KNOWN BAD
WHITELISTING: STRATEGY
0
Viruses
Worms
Trojans
Polymorphic
APTs 0-Day Threats
File Inventories
Certificate
Owner
Directory
Reputation
B L A C K L I S TW H I T E L I S T
Most Challenging
Suspicious
Custom/Local
Mario de Boer. “Protecting Endpoints From Malware Using Application Whitelisting, Isolation and Privilege Management”. 6 JULY 2016. GARTNER. Technical Professional Advice
G R E Y L I S T

8. APPLICATION CONTROL
Overview & Features

9. Application Control
ENDPOINT
SECURITY
ADAPTIVE THREAT
PROTECTION
ACTIVE
RESPONSE
THREAT
INTELLIGENCE
EXCHANGE
APP + DEV
CONTROL
McAfee ePolicy
Orchestrator
Endpoint Detection &
Response
Signature-based
Protection + Firewall +
Web Control
Machine Learning +
Application Containment
Reputation-based
Protection
Whitelistin
g
McAfee
Agent
Data Exchange
Layer (DXL)
ADVANCED THREAT
DEFENSE
Malware Analysis
(including
Sandboxing)
PUBLISH THREAT EVENTS + PRODUCT INTEGRATIONS
MCAFEE: ENDPOINT SECURITY

10. Application Control
MAC: OVERVIEW
APPLICATION VISIBILITY
REPUTATION-BASED
DYNAMIC WHITELISTING
MEMORY PROTECTION
DYNAMIC ANALYSIS
Discovery scans to identify Known Good, Known Bad and Unknown applications
Allow only trusted processes, certificates, users and directories to run (lockdown
Prevent vulnerable trusted applications from being exploited
Integrate with McAfee Global Threat Intelligence (GTI) + Local Intelligence for fe
Integrate with McAfee Advanced Threat Defense (ATD) for dynamic analysis

11. Application Control
MAC: MODES
OBSERVE ENABLED UPDATEDISABLED
APPLICATION CONTROL - RUNNING RUNNING RUNNING
APPLICATION VISIBILITY - RUNNING RUNNING RUNNING
DYNAMIC WHITELISTING - MONITOR RUNNING RUNNING
MEMORY PROTECTION - - RUNNING RUNNING
REPUTATION-BASED* - RUNNING RUNNING RUNNING
DYNAMIC ANALYSIS# RUNNING RUNNING RUNNING
*Requires integration with McAfee Threat Intelligence Exchange (TIE) for Local reputation feeds. McAfee Global Threat Intelligence
(GTI) is included.
#Requires McAfee Threat Intelligence Exchange (TIE) to be integrated with McAfee Advanced Threat Defense (ATD).
-

12. Application Control
MAC: FEATURES
APPLICATION VISIBILITY Discovery scans to identify Known Good, Known Bad and Unknown applications
Applications
- Trusted
- Malicious
- Unknown
Other Files
- Trusted
- Malicious
- Unknown
STAGING INVENTORY ANALYTICS
APPLICATION
FILE NAME
FILE SHA-1
FILE SHA-256
FILE MD5
VENDOR
REPUTATION
SYSTEM

13. Application Control
DYNAMIC WHITELISTING Allow only trusted processes, certificates, users and directories to run (lockdown
Applications
- Trusted
- Malicious
- Unknown
Other Files
- Trusted
- Malicious
- Unknown
Trusted
Processes
Trusted
Directories
Trusted Certificates
Trusted Users
Default Deny
Allow software execution based on
approved whitelist or trusted
updaters
WHITELIST EXECUTION CONTROL TRUST MODEL
MAC: FEATURES

14. Application Control
MEMORY PROTECTION Prevent vulnerable trusted applications from being exploited
Trusted
Processes
Trusted
Directories
Trusted Certificates
Trusted Users
Default Deny
Allow software execution based on
approved whitelist or trusted
updaters
WHITELIST EXECUTION CONTROL TRUST MODEL2nd LAYER DEFENCE
MAC: FEATURES

15. Application Control
REPUTATION-BASED Integrate with McAfee Global Threat Intelligence (GTI) + Local Intelligence for fe
Default Deny
Allow software execution based on
approved whitelist or trusted
updaters
TRUST MODEL
Detect and Deny
Allow software execution based on
reputation
REPUTATION SOURCES
THREAT INTELLIGENCE
EXCHANGE
Local File Reputation
(OPTIONAL)
McAfee ePolicy Orchestrator
MAC
KNOWN
BAD
KNOWN
GOOD
GLOBAL THREAT
INTELLIGENCE
Cloud File Reputation
MAC: FEATURES

16. Application Control
DYNAMIC ANALYSIS Integrate with McAfee Advanced Threat Defense (ATD) for dynamic analysis
Default Deny
Allow software execution based on
approved whitelist or trusted
updaters
TRUST MODEL
Detect and Deny
Allow software execution based on
reputation
REPUTATION SOURCES
THREAT INTELLIGENCE
EXCHANGE
Local File Reputation
(OPTIONAL)
McAfee ePolicy Orchestrator
MAC
KNOWN
BAD
KNOWN
GOOD
GLOBAL THREAT
INTELLIGENCE
Cloud File Reputation
Verify and
Deny
Allow execution of applications
verified by sandbox testing
ADVANCED THREAT
DEFENSE
Malware Analysis
(OPTIONAL)
MAC: FEATURES

17. Application Control
Default Deny
Allow software execution based on
approved whitelist or trusted
updaters
Detect and Deny
Allow software execution based on
reputation
Verify and
Deny
Allow execution of applications
verified by sandbox testing
MAC: SUMMARY
Execution Control and Management
Signature-less Memory Protection
DYANMIC TRUST MODEL

18. APPLICATION CONTROL
ARCHITECTURE

19. Application Control
ePolicy Orchestrator
Advanced Threat Defense
(Malware Analysis)
McAfee Agent
Endpoints
ATM POSKiosk
McAfee Agent
Physical Servers Virtual Servers
McAfee Agent
Threat Intelligence Exchange
Application Control
Application Control
Application Control
McAfee Labs
Global Threat Intelligence (GTI)
OPTIONAL OPTIONAL
MAC: HIGH-LEVEL ARCHITECTURE

20. LICENSING & PACKAGING

21. Application Control
PACKAGING: SUITES
COMPLETE ENDPOINT THREAT
PROTECTION (CTP)
• Endpoint Security
• Adaptive Threat Protection
• Device Control
• Application Control
COMPLETE ENDPOINT PROTECTION (CEB)
• Endpoint Security
• Adaptive Threat Protection
• Device Control
• Application Control
• Drive Encryption
• File & Removable Media Protection
CLOUD WORKLOAD SECURITY – A (CWSA)
• Cloud Workload Security
• Endpoint Security for Servers
• Adaptive Threat Prevention
• Management for Optimized Virtual Environments
(MOVE)
• Threat Intelligence Exchange
• Application Control
• Change Control
INTEGITY CONTROL FOR FIXED FUCTION
DEVICES
• Change Control
• Application Control
APPLICATION CONTROL FOR PCs
APPLICATION CONTROL FOR SERVERS
MVISION PLUS
• Endpoint Security
• Adaptive Threat Protection
• Device Control
• Application Control
• Threat Intelligence Exchange
• MVISION Endpoint
• MVISION Mobile
• MVISION ePO

22. THANK YOU