Post on 22-May-2020
Next Generation Endpoint Protection
McAfee Confidential—Internal Use Only
Desktop
Laptop
Removable
Media Storage
Workspace
The Evolving Endpoint
Source: McAfee Labs
60M
50M
40M
30M
20M
10M
05,987
7.9million
18.6million
34.8million
56.3million
January
2007
January
2008
January
2009
January
2010
January
2011
CUMULATIVE MALWARE THREATS
Datacenter
Servers
(Physical &
Virtual)
Storage
Databases
“Google removes 55 Apps from
Android market after 10’s of
thousands of users were infected
with DroidDream trojan…”
“Stuxnet computer worm appears
to have wiped out roughly a fifth
of Iran’s nuclear centrifuges…”
Smartphones
Tablets
Medical
Devices
Mobile &Fixed Function
ATM’s
McAfee Confidential—Internal Use Only
Context-Aware Endpoint PlatformNext-Generation Endpoint Security
3
NEXT-GENERATION ENDPOINT SECURITY
Cloud
Application
Database
OS
Chip
Security Information and Events
Risk and Compliance
Unified Security Operations
FIRST-GENERATION
Desktop/Laptop
Blacklist Files
Focus on Devices
Windows Only
Static Device Policy
Disparate,
Disconnected Management
Deskto
p
La
pto
p
Mo
bile
Se
rve
r
Virtu
al
Em
be
dd
ed
Data
Cen
ter
McAfee Confidential—Internal Use Only
Context-Aware Endpoint PlatformNext-Generation Endpoint Security
NEXT-GENERATION
ENDPOINT SECURITYDesktop
Laptop
Mobile
Server
Virtual
Embedded
Data Center
NEXT-GENERATION ENDPOINT SECURITY
Cloud
Application
Database
OS
Chip
Security Information and Events
Risk and Compliance
Unified Security Operations
Deskto
p
La
pto
p
Mo
bile
Se
rve
r
Virtu
al
Em
be
dd
ed
Data
Cen
ter
• Specific protection for core, perimeter and databases
• Optimized security increases virtualization ROI
• Server specific protection supports high performance
• Safely support consumerization programs
• Complete protection for mobile users to protect data,
reduce infection
• Cost effective solution for virtual and physical desktops
• Customized security for every situation
McAfee Confidential—Internal Use Only
Context-Aware Endpoint PlatformNext-Generation Endpoint Security
Chip
OS
Database
Application
Cloud
• Security designed for email, web, storage, SAP, SharePoint
and more
• Protects against unauthorized change, malicious attack
• Protect OS and all applications and data from attack
• Innovative Deep Defender blocks the most advanced
stealth attacks
• Cloud whitelisting, grey listing, access management and
more
NEXT-GENERATION
ENDPOINT SECURITY
McAfee Confidential—Internal Use Only
Context-Aware Endpoint PlatformNext-Generation Endpoint Security
Risk and
Compliance
Security Information and Events Management
Unified
Security
Management
• 15 Security categories under unified management
• Deal with threats in context of the
device, data, application and identity
• Instantly assess and prioritize risk to your critical assets
NEXT-GENERATION
ENDPOINT SECURITY
McAfee Confidential—Internal Use Only
The Anatomy of All Attacks
April 15, 20137
Four Phases of an Attack: Starts with the Web
8
First Contact
Physical Access
Unsolicited Message
Malicious
Website
Network Access
Local Execution
Exploit
Social Engineering
Configuration Error
Establish Presence
Download Malware
Escalate Privilege
Persist on System
Self-Preservation
Malicious Activity
Propagation
Bot Activities
Adware & Scareware
Identity &
Financial Fraud
Tampering
How the attacker first crosses path
with target.
How the attacker gets code
running first time on target
machine
How the attacker persists code on the
system, to survive reboot, stay hidden,
Hide from user and security software
The business logic, what the attacker wants to
accomplish, steal passwords, bank fraud,
purchase Fake AV
Example: Fake AV
McAfee Confidential—Internal Use Only
Anatomy
of All Attacks
FAKE AV
McAfee Confidential—Internal Use Only
Multi-Phase
Protection
FAKE AV PROTECTION
SITE ADVISOR ENTERPRISE
FIREWALL
DEEP DEFENDER
VIRUSSCAN ENTERPRISE
HOST IPS
APPLICATION CONTROL
McAfee Confidential—Internal Use Only
Anatomy
of All Attacks
ZEUS
McAfee Confidential—Internal Use Only
Multi-Phase
Protection
ZEUS PROTECTION
SITE ADVISOR ENTERPRISE
FIREWALL
DEEP DEFENDER
VIRUSSCAN ENTERPRISE
HOST IPS
APPLICATION CONTROL
McAfee Confidential—Internal Use Only
Anatomy
of All Attacks
CRIDEX
McAfee Confidential—Internal Use Only
Multi-Phase
Protection
CRIDEX PROTECTION
SITE ADVISOR ENTERPRISE
DEEP DEFENDER
VIRUSSCAN ENTERPRISE
HOST IPS
APPLICATION CONTROL
McAfee Confidential—Internal Use Only
Anatomy
of All Attacks
STUXNET
McAfee Confidential—Internal Use Only
STUXNET PROTECTION
DEVICE CONTROL
FIREWALL
DEEP DEFENDER
VIRUSSCAN ENTERPRISE
HOST IPS
APPLICATION CONTROL
Multi-Phase
Protection
Global Threat Intelligence
April 15, 201320
Global Threat Intelligence: GTI
ENDPOINT NETWORK
MANAGEMENT
ENDPOINT NETWORK
MANAGEMENT
ENDPOINT
Network
Access Control
Server and Database Protection
Hardware-Assisted Security
Smartphone and Tablet Protection
Virtual Machine and VDI Protection
Embedded Device Protection
Malware Protection Endpoint Encryption Application Whitelisting
Desktop Firewall Device ControlEmail Protection and Anti-Spam
ENDPOINT NETWORK
MANAGEMENT
Intrusion Prevention
Access Control
Next
Generation Firewall
User Behavior Analysis
Threat Behavior Analysis
NETWORK
Network
IPS
300M IPS
attacks/mo.
Firewall
300M IPS
attacks/mo.
Web
Gateway
2B Botnet
C&C IP
Reputation
queries/mo.
Mail Gateway
20B Message
Reputation
queries/mo.
Host AV
2.5B Malware
Reputation
queries/mo.
Host IPS
300M IPS
attacks/mo.
3rd Party
Feed
Geo
Location
Feeds
THREAT
REPUTATION
Global Threat Intelligence: GTI
Network
IPS
300M IPS
attacks/mo.
Firewall
300M IPS
attacks/mo.
Web
Gateway
2B Botnet
C&C IP
Reputation
queries/mo.
Mail Gateway
20B Message
Reputation
queries/mo.
Host AV
2.5B Malware
Reputation
queries/mo.
Host IPS
300M IPS
attacks/mo.
3rd Party
Feed
Geo
Location
Feeds
Global Threat Intelligence: GTI
Gartner Magic Quadrant Summary
April 15, 201326
McAfee and Intel Strategy
April 15, 201327
DEEPSAFE
Intel and McAfee
BETTER SECURITY SOLUTIONS & PRODUCTS
POWER EFFICIENT
PERFORMANCE
INTERNET
CONNECTIVITY SECURITYSECURITY
SECURITY
• Network Security
• Cloud Security
• Security Management
• Endpoint Security
• Technology Ecosystem
• vPro
• Active Management Technology
• Advanced Encryption Standard
• Virtualization
• One Time Password
• Secure BIOS
Intel and McAfee
Applications
Operating System
Anti-Virus Data Loss Prevention Intrusion Prevention System Firewall Deep Defender
DeepSAFE
Central Processing Unit
Input/Output Memory Disk Network Display
Applications
Operating System
Anti-Virus Data Loss Prevention Intrusion Prevention System Firewall Deep Defender
DeepSAFE
Central Processing Unit
Input/Output Memory Disk Network Display
DeepSAFE
APPLICATION SPACE
CRITICAL SYSTEM RESOURCES
Memory I/O DisplayDisk Network
DeepSAFE
APPLICATION SPACE
CRITICAL SYSTEM RESOURCES
Memory I/O DisplayDisk Network
CRITICAL SYSTEM RESOURCES
Memory
I/O
Display
Disk
Network
APPLICATION SPACE
CRITICAL SYSTEM RESOURCES
Memory
I/O
Display
Disk
Network
APPLICATION SPACE
CRITICAL SYSTEM RESOURCES
Memory
I/O
Display
Disk
Network
APPLICATION SPACE
XXXXX
Enterprise Security Management Platform
Security
Management
SIA Associate Partner
SIA Technology Partner
McAfee Portfolio
Security
Management
McAfee’s Next-Generation Endpoint Security Platform
37
PROVIDES
A Single Platform to Secure Desktops to
Data Centers
Security Technology from Chip to Cloud
Multidimensional Awareness AcrossData, Devices, and
Applications
Unified Policy Layer for Full Contextual
Visibility and Protection
A Platform for Action to Immediately
Address Threats