Freely subscribe to our NEWSLETTER

McAfee Total Protection for Compliance combines the power of the McAfee Vulnerability Manager appliance and the McAfee Policy Auditor software with McAfee ePolicy Orchestrator (ePO) software to create a single platform for deployment, management, risk analysis, and compliance reporting. This solution also includes a new capability for correlating the latest threats with vulnerabilities, asset values and existing security protection.

"Regulations and standards are growing in number, and IT audits are increasing in complexity and cost," said George Kurtz, senior vice president and general manager, Risk & Compliance Business Unit at McAfee. "With the release of Total Protection for Compliance, we continue to drive innovation into our products and meet the high standards of excellence our customers expect. By ushering in a new era of risk management and compliance automation, we are changing the audit paradigm in order to help improve return on IT investments and reduce the learning curve costs for users."

Simplify Compliance

McAfee is the first to simplify compliance coverage through unifying disparate technology approaches for IT policy auditing. Companies struggle with a lack of time, resources and expertise to perform audits, and current technologies have forced them to decide between agent-based or agent-less assessments. Only McAfee can offer a solution that leverages both technology approaches to reduce the complexity of compliance and save time spent on auditing tasks. Translating security policy to automated control checks is complex and redundant when using multiple vendors’ technologies. Total Protection for Compliance reduces the need to deploy multiple products and aggregates assessment results to improve documentation.

The Total Protection for Compliance solution utilizes the existing McAfee ePO security management infrastructure to increase efficiencies and allows users to extend their compliance coverage without the costly burden of adding more overhead. McAfee integration through the ePO software also results in improved metrics and communications about where vulnerabilities exist and which systems need priority attention.

Countermeasure Risk Management Application

McAfee also extends risk management through awareness of countermeasures, which increases the value of security protection. Until now, administrators received threat advisory information without any context; they had to determine the threat impact on their particular environment. Now, McAfee correlates threat information with the unique vulnerabilities, asset values, and existing protection measures of each user. By adding more intelligence into protection, McAfee provides security personnel with a customized threat intelligence perspective on their particular environments.

McAfee integration through ePO results in improved metrics and communications about where vulnerabilities exist and which systems need priority attention. Many security intelligence services only deliver generic information on threat advisories, but McAfee goes beyond to specify how existing efforts to protect assets mitigate risk. Using McAfee’s countermeasure-aware risk management application, new threats and vulnerabilities are evaluated against the deployment of anti-virus, buffer overflow, and intrusion prevention solutions. Assets that have these countermeasures are at less risk and allow administrators to allocate remediation efforts toward areas of highest criticality.

For example, when assessing a threat event, McAfee’s technology allows IT administrators to identify and focus on only the vulnerable systems and not those that have acceptable levels of protection. This provides immediate insight, saves critical time, and dramatically improves security. When IT is empowered by this information, it can often mean the difference between worrying about 30 systems instead of 3,000.

Leverage Industry Standards

McAfee Total Protection for Compliance allows customers to leverage industry standards and automate auditing to achieve compliance best practices. While regulatory bodies and companies are demanding more assessment content based on authoritative sources, companies are have a hard time deciding which controls to assess (and how) to meet policy. Developing new content is cumbersome and often beyond the skill set for many IT managers.

Total Protection for Compliance has predefined policy content, utilizes industry standard protocols for fast, accurate policy template creation and comes packaged with FDCC and other regulatory templates. The Total Protection for Compliance assessment capabilities include content built by third parties that follow XCCDF, OVAL, and other open standards included in the Security Content Automation Protocol (SCAP).

– Availability

McAfee Total Protection for Compliance solution is available now and includes McAfee Vulnerability Manager, McAfee Policy Auditor, McAfee ePolicy Auditor and the McAfee AVERT threat advisory service with countermeasure aware risk management and correlation.