2. .
McAfee Confidential
Content
Overview
• Data center transformation
• Customer challenges
Intel Security Solutions for servers
• Discover all workloads
• Protect from unknown threats
• Minimize performance impact but be secure
• Security Management to reduce complexity
• How to Buy
Summary
• Customer case studies
2
4. .
McAfee Confidential
Importance of Comprehensive Security
If you had a compromise and someone is stealing data, how would you know?
4
Attackers Motives Targets Goals
Malicious Insiders / Ex-
Employees
Unscrupulous
Competitors
Nation States
Terrorist / Activists
Organizations
Political – maintain
internal stability
Economic – stealing
intellectual property
Technical – access to
source code
Military – identify
weaknesses to defeat
superior military forces
Establish network
foothold
Stealth intrusion,
backdoors
Ex-filtrate sensitive
data
Leave no traces
Organizations w/
critical IP
Critical Infrastructure
Federal Government
DoD contractors
5. .
McAfee Confidential
The Data Center Is Transforming
5
80%
of servers will be
virtualized by 20161
40%
of data will be stored
or processed by the
cloud by 20203
$5.4B
Size of the
software-defined data
center market by 20182
61%
of businesses will use a
hybrid cloud environment
by end of 20144
1
0
0
1
0
1
0
0
1
0
1
1
0
0
0
1
0
1
1
0
0
1
1
0
0
0
1
0
1
0
1
1
0
1
1
0
1
0
0
1
1
0
1
0
1
6. .
McAfee Confidential
Data Center Transformation:
What does that mean for security?
6
236new threats
arise every minute4
(almost 4 per second)
Mean cost of data breaches per minute: $7900—up 41% since 20105
80%+ of businesses use
cloud apps without corporate
IT’s knowledge
40% of attacks
are targeting servers3
Only 50% of data that
needs protection, is protected1
Increased attack surface
7. .
McAfee Confidential
A Comprehensive, Connected Portfolio
7
Security
Management
Security
Intelligence
Software-Defined
Data Center
Network
Security
Data
Protection
Server & Storage
Security
Application
Security
Intel® Hardware
Security Foundation
on-premises | private cloud | public cloud | hybrid
World Leading Chip Maker
Founded in 1968
Mission: Utilize the power of
Moore’s Law to bring smart,
connected devices to every person
on earth.
World’s largest dedicated
security vendor
Founded in 1987
Acquired by Intel in 2010
Mission: Keep our customers
safe
Combining the security expertise of
McAfee with the innovation,
performance, and trust of Intel.
8. .
McAfee Confidential
Customer Challenges
Discover all server workloads
Discover all workloads across physical, virtual and cloud
deployments and then be able to apply proper security
policy across this hybrid environment.
Protect from unknown threats
Customers lack the visibility and sufficient insights to
understand how to prevent unwanted applications from
executing.
Minimize performance impact but be secure
Ensure comprehensive security for physical and virtualized
servers while placing minimal impact on system resources.
Management complexity
Siloes security, compliance tools, and processes lead to low
visibility of IT security posture which can slow remediation
and reporting times
8
10. .
McAfee Confidential
You cannot
secure
what you
cannot see
Discover
Complete security visibility of workloads
• Automatically discover your virtual & physical machines
o Insight into virtual machine environment for enhanced security
control
o Show VM-to-Host relationship
o Show location of VM (which data center or cloud)
o Data Center Connectors for vSphere, Amazon AWS, OpenStack, Microsoft Azure
• Simplified management with new scan reports
o Find unprotected endpoints
o Determine security compliance
• Visibility of OS memory protection
o Visibility into enabled operating system memory protection
10
11. .
McAfee Confidential
1 2 3
Data Center Connectors – AWS Example
Enter AWS account details EC2 instances discovered
and imported into ePO
Monitor/Manage security
for EC2 instances
12. .
McAfee Confidential
Extending Security Policy & Posture to Cloud
12
McAfee ePO
Extended
Security Policy
PUBLIC CLOUDPRIVATE CLOUD
Discover & secure cloud
instances automatically –
private and public clouds
Ensures identical security
posture between on premise
and cloud-based data center
McAfee Server Security Suite Essentials
McAfee Server Security Suite Advanced
McAfee Public Cloud Server Security Suite
14. .
McAfee Confidential
McAfee Application Control for Servers
Intelligent Whitelisting for Servers
Prevents whitelisted apps from being
exploited via buffer overflow attacks
RA
M
Prevents all unauthorized code from running
File Reputation
Integrates with GTI and TIE to classify binaries
as Good, Bad and Unknown
Dynamic Whitelisting
Memory Protection
Containment Coordinates with ADT to assess unknown
behavior and immunize endpoints
15. .
McAfee Confidential
Efficient Security with McAfee Application Control
15
• Added protection for valuable data on servers against zero-day and APTs without
signature updates resulting in quicker time-to-protection
• Dynamic whitelisting requires lower operational overhead compared to legacy whitelisting
techniques
• Complete and fast protection using innovative security features such as local and global
reputation intelligence, real-time behavioral analytics and auto-immunization of endpoints
• Extend legacy systems and ease migration knowing that McAfee Application Control can
help protect these environments
16. .
McAfee Confidential
Provides continuous detection of system-level changes
across distributed and remote locations
End-to-end compliance with McAfee Change Control
Visibility and Enforcement
16
• Selectively prevents
out-of-policy changes
• Logs any attempted
out-of-policy change
Change
Prevention
• Alerts to critical and
unauthorized changes
Integrity
Monitoring
17. .
McAfee Confidential
Maintain compliance and
control for your servers
17
• Prevents tampering by blocking unauthorized
changes to critical system files, directories, and
configurations
• Saving time for administrators in troubleshooting
security breaches
• Tracks and validates every attempted change in
real time on the server,
• Enforcing change policy by a time window, source,
or approved work ticket
• Continuous control minimizes the impact from ad
hoc or unauthorized changes
18. .
McAfee Confidential
Linux Firewall
HIPS for Servers
• Includes a host-based firewall for Linux and
Windows systems
• Prevents malware and botnets from entering
and propagating throughout servers by blocking
unauthorized network traffic
Host Intrusion Protection – now for Linux
19. .
McAfee Confidential
What Antimalware to Choose?
19
ATM
POS
Fixed Function
Systems
Servers COE Desktops Dynamic Desktops
S T A T I C D Y N A M I C
Primary
Antimalware
Secondary
Antimalware
AVODS
MAC MAC MAC AV
Kiosk
21. .
McAfee Confidential
MOVE AV
Security Optimized for Virtualization
21
V i r t u a l I n f r a s t r u c t u r e
D a t a c e n t e r
Optimized AntiVirus
McAfee ePO
Virtual
Infrastructure
Manager
Virtual
Servers
Virtual Desktops
Intelligent AV Scans
22. .
McAfee Confidential
Advantages of McAfee MOVE AV
22
• Supports ALL hypervisors, including vSphere,
Hyper-V, KVM and XenServer
• Reduces resources required for security
• Improves VM consolidation ratios
• Prevents antivirus scan storms
• Eliminates DAT updates from each VM
• Avoids unnecessary scanning
• Agentless deployment through VMware NSX
and VMware vCNS
• SVAs are secured from vulnerabilities: certified
using Dept. of Defense DISA tools
• MOVE License Usage report for agentless
deployment
Common Criteria EAL2+ certified
23. .
McAfee Confidential
23
• Proactive notification of long scans
• Notifies user of slow scans due to large file size
• Detailed diagnostics for AV performance tuning
• SVA diagnostics can be run from ePO
• Diagnostics in ePO provide visibility into SVA bottlenecks
• Statistics on most-frequently scanned files and processes per SVA
• Flexible tuning policies for AV performance tuning, available for
multiplatform deployment
• Ability to scan ‘default files types’ or ‘all file types’
Great Performance with McAfee MOVE AV
24. .
McAfee Confidential
MOVE AV – VMware agentless deployment
24
McAfee ePO
VMware vShield Endpoint
VMware ESX
Key Features • VMs with VMtools protected instantly
• Intelligent, scheduled file scanning
• vMotion-aware protection
• Automatic SVA deployment on each hypervisor via integration with NSX
• Simplified Agentless installation experience
VM VM MOVE
Security
Appliance
OS OS
VMtools VMtools
MOVEMOVE
MOVE
Scans guest VMs over
VMCI channel
No agents
to manage
in VMs
26. .
McAfee Confidential
Single pane management
ePolicy Orchestrator
• Be aware of protection status of all workloads,
on-premise and off-premise
• Manage security from a single ePO dashboard
• Monitor protection status of all Data Center
components
• Security and power status
• Applications categorized into Known Good, Known
Bad, Grey List
• Vmware vShield Endpoint status
• Historical security data
• Customizable dashboards such as executive
overviews
26
27. .
McAfee Confidential
ePO Deployment makes installation easy for large agentless configuration
1000+ or 5 installation steps – what do you prefer?
27
• With McAfee’s easy installation
tool for agentless deployment
• Updating 1000 virtual machines means
at least 1000 manual installation steps
• VMtool versions installed in each VM
must be compatible
Today: Many installation steps Now: 5 installation steps
Available
with server
suites
29. .
McAfee Confidential
Intel Security Portfolio for Servers
McAfee Server Security Suite Essentials
• Core anti-malware for physical & virtual servers even
those in the cloud
• Host Intrusion Prevention including a Linux host firewall
• McAfee Agentless Firewall
McAfee Server Security Suite Advanced
• Superset of the Essentials Suites which adds:
• Application Control (whitelisting) to prevent unwanted
applications from executing
• Change Control for continuous detection of system-
level changes
Add-on Server Security Products
• McAfee Public Cloud Server Security Suite
• Protection for Sharepoints, Email Servers, Storage,
Databases, and VDI environments
29
30. .
McAfee Confidential
Protect: McAfee Server Security Suites
Comprehensive Protection
30
W H I T E L I S T I N G
McAfee Application Control
B L A C K L I S T I N G
McAfee Host Intrusion
Prevention
McAfee VirusScan
Enterprise
McAfee VirusScan
Enterprise for Linux
V I R T U A L I Z A T I O N
C O M P L I A N C E
Change Control
D AT A C E N T E R C O N N E C T O R S
VMware vSphere Microsoft AzureAmazon AWS OpenStack
McAfee MOVE AntiVirus McAfee Agentless Firewall
31. .
McAfee Confidential
McAfee Server Security
Suite Essentials
McAfee Server Security
Suite Advanced
Additional Server Security Products
August 16, 201631
McAfee VirusScan Enterprise for Storage
McAfee Database Security Suite
(Database Activity Monitoring, Vulnerability Manager for Databases, and Virtual Patching for
Databases)
McAfee Security for
Microsoft SharePoint
McAfee Security for
Email Servers
McAfee Security Suite for VDI
McAfee Public Cloud Server Security Suite
33. .
McAfee Confidential
Why Customer Like the Intel Security Solution
33
Intel Security solves customer challenges with
security the hybrid datacenter
• Discover all physical and virtual servers including those
in the cloud and then apply proper security policies
• Performance-optimized server security across physical,
virtualized and cloud deployments.
• Comprehensive protection including dynamic whitelisting
which protects from unknown threats.
• Manage security from an executive dashboard, providing
security visibility with single-pane manageability.
34. .
McAfee Confidential
Use Case: Large Global Retailer
34
What was the company/industry
• Global membership-style warehouse retailer with hundreds of
locations worldwide.
What was the problem
• Protect virtualized enterprise without hampering business:
• Ensure that the company’s virtual computing environment can grow
without being compromised by malware attacks.
• Current environment: Over 25,000 virtual desktops, 5000 virtual servers, and 50
VMW hosts in 3 vCenters.
How did we uniquely help
• McAfee MOVE AV protects 98% of virtualized desktops and servers
against sophisticated threats.
• ePO delivers efficiencies through centralized management and
provides global visibility to support compliance and protect customers
Global
Warehouse
Retailer
35. .
McAfee Confidential
McAfee MOVE AV provides McKesson with
comprehensive and consistent malicious
code protection for our virtual environment.
As we continue to adopt emerging
technologies… implementing McAfee MOVE AV
provides us with additional security in our
virtual environment.
The solution makes sizing and deployment
simpler and ensures that every system is
deployed with the same level of protection.
-Patrick Enyart
Senior Director
McKesson Information Security, Security Operations
35
36. .
McAfee Confidential
Use Case: Boston Scientific
36
What was the company/industry
• Fortune 500 developer, manufacturer, and marketer of medical
devices. Healthcare industry.
What was the problem
• Detect threats without compromising performance
• Security of its cutting-edge manufacturing lines which were using
legacy security hardware which couldn’t support updated antivirus
software.
How did we uniquely help
• McAfee Application Control helps Boston Scientific block unauthorized
or unknown applications and code.
• Boston Scientific is also in the proof-of-concept stage with McAfee
MOVE AntiVirus. McAfee MOVE AntiVirus optimizes security,
flexibility, and management for virtual environments, increasing the
options for companies investing in virtualization
37. DCS – Direct and Channel Sales
McAfee Server Security Suites
Detect – Illuminate low-threshold maneuvering through
advanced intelligence and analytics.
Protect – Stop pervasive attack vectors while also
disrupting never-before-seen techniques and payloads.
Adapt – Apply insights immediately throughout an
integrated security system.
Correct – Improve triage and prioritize response as part of
a fluid investigation.
37 37
Addressing the Threat Defense Lifecycle
38. .
McAfee Confidential
For More Information
Web
Solution Briefs
Whitepapers
.
Datasheets
Aberdeen eBook
Infographic
http://www.mcafee.com/us/products/data-center-security/server-security.aspx
40. .
McAfee Confidential
ePolicy Orchestrator
McAfee ePolicy Orchestrator (McAfee ePO)
Security Management Platform for unified management of
endpoint, network, and data security.
• End-to-end visibility
• An open, extensible architecture
• Proven efficiencies
• Personalized Command
Center
• Drag-and-Drop Dashboards
and Actionable Reports
• Role-based Access Control
• Powerful Workflows
• Enterprise-ready
• Extensible Framework
Complete Management
40
41. .
McAfee Confidential
McAfee VirusScan Enterprise proactively stops and removes threats, extends
coverage for new security risks, and reduces the cost of managing responses.
• Unbeatable malware detection
and removal
• Proactive protection from
zero-day attacks
• Integrates with McAfee GTI
for real-time defense
• Managed by ePO for
deployment, configuration,
enforcement
and reporting
• Optimized for fast performance
and educed system impact
McAfee VirusScan Enterprise
NSS Labs Protection & Evasion Test 2013:
(VSE/HIPS/SAE)
• Protect your files from viruses, worms, rootkits,
Trojans, and other threats
• Proactive protection against new and
unknown buffer-overflow exploits that target
vulnerabilities in Microsoft applications
• Easily configure policies to manage and
remove quarantined items
• Supports users who are using both Microsoft
Outlook and Lotus Notes
• Supports Windows desktop OS (2000, XP,
Vista, 7, 8) and Windows Server OS (2000,
2003, 2008, 2012)
Complete
Endpoint Security
42. .
McAfee Confidential
McAfee VirusScan Enterprise for Linux
McAfee VirusScan Enterprise for Linux delivers always-on, real-
time anti-virus protection for Linux environments. Its unique, Linux-
based
on-access scanner constantly monitors the system for potential
attacks.
• Secure your enterprise with always-on protection
– Heuristic scanning
– Archive scanning
– Cross-platform protection
• Save time with automatic updates
• Make management easy with McAfee ePolicy
Orchestrator (ePO)
• Deploy new kernels quickly and easily
• Supports various Linux distributions
• SuSE Linux 9, 10, 11
• Novell Open Enterprise Server 1, 2
• Red Hat Enterprise 4.x; 5.x; 6.x
• CentOS 4.x, 5.x, 6.x
• Fedora Core 10, 11, and 12
• Ubuntu 8.04, 9.04, 9.10, 10.04, 10.10,
and 11.04
Complete
Endpoint Security
42
43. .
McAfee Confidential
McAfee Host IPS
McAfee Host Intrusion Prevention for Desktop delivers unprecedented
levels of protection from known and unknown zero-day threats by combining
signature and behavioral intrusion prevention system (IPS)
• Enforce the broadest IPS and zero-day threat protection
coverage across all levels: network, application, and
system execution
• Advanced threat protection through dynamic, stateful
desktop firewall
• Single, unified management by ePO
• Patch endpoints less frequently and with less urgency
• Location aware policies provide specific protection
based on location
• Behavioral Analysis - zero-day attack
protection
• Mitigates patch deployment
urgency
• Ensure applications only
perform legal operation
• Vulnerability shielding capabilities for up
to 100% MS vulnerability coverage
Complete
Endpoint Security
43
44. .
McAfee Confidential
McAfee Host Intrusion Prevention
August 16, 201644
Behavioral Analysis
Zero-day Attack Protection
Looks for malicious behavior patterns
Most effective way to stop zero day attacks
without updates
Mitigates patch install urgency
Ensure applications only perform legal
operations
Signature Analysis
Known Attack Protection
Vulnerability Shielding capabilities for up to
100% MS vulnerability coverage
Stop known attacks with
zero service interruption
Significantly reduces false positives
Protects laptops during startup
Better protection from
known malicious attacks
More time to test patches
before deploying
Improved business continuity &
security
+ =
Dynamic Firewall
Advanced Threat
Protection
Stateful firewall
Protects from advanced
threats such as botnets
before attacks can occur
45. .
McAfee Confidential
McAfee Application Control
McAfee Application Control software provides complete protection
from unwanted applications and code—blocking threats without requiring
signature updates.
• Protect against zero-day and APTs
without signature updates
• Strengthen security and lower ownership
costs with dynamic whitelisting
• Automatically accept new
software added through
your authorized processes
• Provide flexibility to desktop
users by optionally allowing
them to approve new
applications
• Block known and unknown threats
• Use whitelisting to only allow approved
applications to run
• Integrates with McAfee ePO console for
centralized IT management
• Easily protect unsupported legacy
systems, such as Microsoft Windows NT
and 2000
Complete
Endpoint Security
45
48. .
McAfee Confidential
48
Multi-platform features:
• Quarantine restore from ePO
• Ability to restore quarantined files from within ePO
• Instantly run on-demand scan
• Run ODS ‘now’
• On a VM or a group of VMs
Agentless features:
• Automatic SVA deployment on each hypervisor
• Enabled via integration with VMware NSX Service Composer
McAfee MOVE AV Features
49. .
McAfee Confidential
49
• Optimized for large, dynamic virtual environments
• Automated assignment of clients to available offload servers
• New SVA Manager for scan server load balancing
• Display scan server load and status in Data Center Dashboard
• Locate unprotected endpoints via scan reports
• Visibility to OS memory protection status
• Agentless Host Firewall
• Manages multiple vCNS firewalls in data centers
• Visibility into all virtual network isolations via ePO reports
• Integration with vCNS App Firewall and NSX Distributed
Firewall: enables to control and isolate VMs and data
Advanced Features with McAfee Server Suites 3.5
50. .
McAfee Confidential
McAfee is a Leader in Endpoint Security
50
• Superior Manageability with ePO
• Next Generation Endpoint Platform Vision
• Security Connected Vision
• Advancing Protection Rankings
• Comprehensive Solution Strength
• Intel / McAfee Together
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire
document. The Gartner document is available upon request
Six Year Gartner Magic Quadrant Leadership
Niche Players Visionaries
Challengers Leaders
McAfee
Sophas
Microsoft
Completeness of vision
Abilitytoexecute
Kaspersky Lab
Symantec
Trend Micro
Eset
Panda Security
Bitdefender
F-Secure
ThreatTrack
Security
BeyondTrust
Check Point
Software Technologies
Webroot IBM
LANDesk
Lumension Security
Arkoon Network
Security
51. .
McAfee Confidential
Complete Protection—Proven by Independent Testing
51
Day Zero Rootkit Protection
Collection Missed Detected Total Detected (%) Missed (%)
Anti-Malware Desktop 0 4634 4634 100.000 0.000
Spyware 0 1773 1773 100.000 0.000
Trojan 0 910 910 100.000 0.000
Overall 0 7317 7317 100.000 0.000
VSE On-Access, HIPS, and Dynamic Application Control
Source: Westcoast Labs 2012
Exploit Evasion Combined
McAfee 97% 100% 99%
Symantec 91% 100% 96%
Sophos 88% 97% 93%
Kaspersky 92% 92% 92%
F-Secure 79% 88% 84%
Microsoft 65% 100% 83%
AVG 76% 88% 82%
ESET 71% 92% 82%
Trend 73% 53% 63%
Norman 47% 75% 61%
Panda 41% 75% 58%
Combined Detection Rates
Source: NSS Labs 2013Source: AV-Test 2013
McAfee
DeepDefender
Microsoft System Center
2012 Endpoint Protection
Symantec
Endpoint Protection
48 of 48
100%
40 of 48
83% 32 of 48
67%
52. .
McAfee Confidential
Complete Protection—Proven by Independent Testing
Figure shows: Average block rate over a period of seven days.
Average Block Rate on Download for Socially Engineered Malware
Source: NSS Labs Apr. 2014