Network security

McAfee: Endpoint Protection [product review]

Ravi Das
November 30, 2018 by
Ravi Das

Introduction

Many businesses and corporations have traditionally only secured their network communications just after the point of origination and just before the point of destination. This means that the actual line was made secure, not the end points of it.

As a result, this has often been a very neglected area that has not been secured. As a result, the cyber-attacker has been able to penetrate these two endpoints, and from there, gain access to the entire network infrastructure over a period of time.

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

Many organizations are now starting to realize these weak spots and are now taking a proactive approach with regards to endpoint security. Once such solution is McAfee Endpoint Security Suite.

What Is the McAfee Endpoint Security Suite?

This is a solution that provides end-to-end network security protection. It comes as one cohesive package and is centrally managed. It has been designed to replace legacy products which came as separate packages, such as:

  • VirusScan Enterprise
  • McAfee SiteAdvisor
  • McAfee Host Intrusion Prevention.

The McAfee Suite actually consists of numerous products, that have been geared specifically for two different types of deployments: Basic and Dynamic.

The products are as follows:

  • Endpoint Protection (EPS)
  • Endpoint Protection - Advanced (EPA)
  • Total Protection for Endpoint – Enterprise Edition (TPE)
  • Total Protection for Secure Business (TEB)

There are four different core segments to these abovementioned products, and are as follows:

  1. Cyber-Threat Prevention: This is a sophisticated component that offers new and advanced malware scanning features. This helps a business to thwart imminent threats and isolate any malware that has entered into the network infrastructure. This part can fight off all of the latest malware threats including file less memory attacks, ransomware, zero-day attacks, Business Email Compromise (BEC), phishing and so forth.
  2. Web Security: This prevents your employees (and even other kinds of users) from accidentally browsing and logging into malicious and/or unauthorized websites. It also allows for the network administrator to whitelist and blacklist acceptable and unacceptable URLs. This component can also flag suspicious links and immediately notify the end user.
  3. Firewall: This component examines each and every data packet that tries to enter the network infrastructure. The good ones are allowed in, but the malicious ones are discarded before even reaching your defense perimeters. Sophisticated Access Control Lists (ACLs) allow you to fine tune the firewall so that it meets your exact security needs.
  4. Advanced Threat Protection (ATP): This component allows for a business or a corporation to have the ability to quickly identify malware that is so highly sophisticated that it flies under the radar of many of the traditional network sniffing tools. Once a covert piece of malware has been detected by the ATP, tips on how to mitigate this cyber-risk is immediately conveyed to the IT security staff. The ATP has extra inspection functionalities added into it to allow for rapid sharing of information and data with the appropriate IT personnel, and also allows for deeper inspection of the cyber-risk to take place.

The McAfee Endpoint Security Suite can work is compatible with the following operating systems’ virtualized environments:

  • Microsoft Windows 7-Windows 10
  • Mac OS X
  • Linux
  • Microsoft Windows Server 2008-2019
  • Citrix XenApp
  • Citrix XenDesktop
  • VMware View

What Are the Features of the McAfee Endpoint Security Suite?

The following are the main features of the McAfee Suite:

  1. Threat/risk protection at the core level: All of the components (as described in the last section), including the antivirus and exploit functionalities, all communicate with each other on a real-time basis.
  2. Machine learning: The McAfee Suite consists of sophisticated learning algorithms in order to precisely identify and confirm the presence of any malware, primarily based on their signature profiles.
  3. The containment of applications: With this feature, your IT security staff can mitigate the damaging impacts of malicious files (such as those found in phishing emails) and other types of malware by blocking them from entering further into your network infrastructure, and from there, isolating them.
  4. Endpoint Detection and Response (EDR): EDR is now fully integrated into the McAfee Suite and is completely automated. Any risks and threats can be curtailed by just a few clicks of the mouse.
  5. Centralized management: The McAfee ePolicy Orchestrator is a specific tool that allows for your IT Security staff to a get a much greater visibility and insight into your network infrastructure with easy-to-use and understandable at-a-glance dashboards.
  6. Proactive learning analysis: With machine learning algorithms, the McAfee Suite can quickly create models of your organization’s cyber-threat landscape and what potential malware attack vectors could like in the future.
  7. Sophisticated levels of anti-malware protection: The engine that drives the McAfee Suite is updated on a 24-7 basis via the McAfee Global Threat Intelligence feeds.
  8. Advanced threat forensic capabilities: With this functionality, your IT security staff can quickly determine where the malware resides in your network infrastructure, how they evolved and penetrated your lines of defense, and how long they have stayed in your systems.
  9. Malware behavior monitoring: This tool of the McAfee Suite can actually record the “behavior” of the malware in question while also studying its Attack Techniques and Procedures (TPPs). It comes with a comprehensive alert system and can even provide a sophisticated review (or “playback”) for the network administrator.
  10. Migration assistant: This functionality allows for your IT security staff to quickly migrate network security policies from legacy platforms into the McAfee Suite.

Event-Activated Learning

In an effort to improve security at all levels, employee training is an absolute must. They must be taught what your security policies are, as well as the consequences are for not abiding by them.

The common myth is that once employees are taught once, they will retain it and practice in their daily job functions. This is far from the truth. Your employees need to have security training on a regular basis in order to keep reminding of the importance of keeping up good cyber-hygiene habits. After all, employees are still considered to the weakest link in the security chain, and you need to give them the tools that will make them proactive.

One effective technique is called “Event-Activated Learning.” With this, your employees are taught what a cyber-attack is like in real-time, and how they should be a part of dealing with it. For example, take the case of malware. With this learning concept, your employees can learn what malware looks like in the real world and the appropriate steps that they should take in reacting to it.

InfoSec Institute has such a training program with McAfee Suite is integrated into it. It is called SecurityIQ, and more details about it can be seen here.

Conclusion: Why Your Business Needs McAfee Endpoint Security Suite

There are many other endpoint security solutions that are available today, but McAfee Suite has several distinct advantages when you make a procurement decision. For example:

  • All of the information, data, malware signature profiles, intelligence gathering, alerts, warnings and so on can be accessed and viewed very easily from just one console
  • You do not have to overspend on security technology, because all of the features described earlier in this article comes as one unified, cohesive set. McAfee Suite also leverages all of the existing security features of the operating systems and virtualized environments also previously mentioned. So in the end, there is really nothing more that you need to add on
  • McAfee Suite can work as a single security solution for all kinds and types of device hardware and software such as workstations, servers, wireless/mobile devices, containers, virtual instances, and even those objects found in the Internet of Things (IoT)
  • McAfee Suite has been comprehensively tested by certified third parties and has proven itself in the real world

Want to read more? Check out some of our other articles, such as:

Top 10 Endpoint Protection Software Solutions

6 Ways to Improve Your Business Endpoint Protection

Learn Network Security Fundamentals

Learn Network Security Fundamentals

Build your skills with seven hands-on courses covering network models and protocols, wireless and mobile security, network security best practices and more.

5 Ways Hackers Can Breach Your Company Undetected

Sources

  1. McAfee Endpoint Security Suites Comparison Chart, Brisk Infonet
  2. McAfee Endpoint Security, McAfee
  3. An in-depth look into McAfee Endpoint Threat Protection, Techtarget
  4. McAfee Device Security, McAfee
  5. Endpoint Protection, McAfee
Ravi Das
Ravi Das

Ravi is a Business Development Specialist for BiometricNews.Net, Inc., a technical communications and content marketing firm based out of Chicago, IL. The business was started in 2009, and has clients all over the world. Ravi’s primary area of expertise is Biometrics. In this regard, he has written and published two books through CRC Press. He is also a regular columnist for the Journal of Documents and Identity, a leading security publication based out of Amsterdam.

You can visit the company’s website at www.biometricnews.net (or http://biometricnews.blog/); and contact Ravi at ravi.das@biometricnews.net.