Download presentation
Presentation is loading. Please wait.
Published byAmi Washington Modified over 9 years ago
1
McAfee Web Protection Protect Your Enterprise Against Web Threats
2
Malware Is Changing… 2011 2012 2013 Rise in Adobe- based attacks
PDF, Flash Zero-day Java and JavaScript- based attacks Sophisticated evasion techniques Unique, one time-only URL or file Obfuscation Dynamic code generation Browser-specific attacks Ex: known Firefox exploits Anticipate rise in HTML5 attacks Not only is the volume of malware accelerating, but we’re see the character of malware becoming more sinister, as well. Malware authors are becoming much more professional in their design and development, and there are even professional software development kits posted for sale on the Internet to make it easier to get started. We’re seeing much more content delivered using a one-time unique URL or attachment (such as a PDF file), which helps to evade signature-based detection tools, since the signature is only used once by the malware. More malware are using obfuscation and code generation techniques to hide encrypted code inside the malware as variables, which are then decrypted and used to dynamically generate run-time code. This means we now have to look deeper not only into the code itself, but any variables that may be hiding inside the payload. As more and more sites begin using media like Adobe PDF and Flash to deliver content, we’re seeing a corresponding rise in infected files using these formats. And, as users expect sites to be increasingly interactive, we’re also seeing a significant rise in Java and JavaScript-based exploits; along with browser-specific attacks looking for known vulnerabilities. For example, we’ve seen malware that tries to determine which browser and version the user is using and then executes different styles of attacks, depending on what it learns at runtime. Lastly, we anticipate that as HTML 5 becomes more popular, we’ll see more attacks attempting to exploit vulnerabilities in that new web platform.
3
The Cloud Brings New Challenges
SECURITY Increasingly sophisticated malware Increased SSL-encrypted web traffic Advanced, persistent threats APPLICATION VISIBILITY More people & devices connecting to more applications outside traditional network, often without IT knowledge FLEXIBILITY Need to accommodate changing business conditions Protection needs to travel with the user and device rather than stay in the office With all this in mind, today I am going to focus on 3 areas causing problems for a lot of organization’s today as they move more and more applications to the cloud: Security, Application Management and Flexibility. Security: The more your employees use the cloud, the more you’re risking exposure to malware. You need to know that your web protection is keeping up to meet evolving threats. ApplicationS: With more people & devices connecting to more applications outside traditional network, are users getting where they need to go? And what about visibility - Do you even know which web applications your employee’s are using? Are your users acquiring cloud applications without your knowledge or approval? How can you enforce security or acceptable usage policy over applications you don’t even know about? Do you know what data is flowing out of your company? And then there’s flexibility: in today’s mobile world, protection needs to travel with the user and device rather than stay in the office.
4
The Cloud Brings New Challenges
SECURITY Increasingly sophisticated malware Increased SSL-encrypted web traffic Advanced, persistent threats APPLICATION MANAGEMENT More people & devices connecting to more applications outside traditional network FLEXIBILITY Need to accommodate changing business conditions Protection needs to travel with the user and device rather than stay in the office With all this in mind, today I am going to focus on 3 areas causing problems for a lot of organization’s today as they move more and more applications to the cloud: Security, Application Management and Flexibility. Security: The more your employees use the cloud, the more you’re risking exposure to malware. You need to know that your web protection is keeping up to meet evolving threats. Application management: With more people & devices connecting to more applications outside traditional network, are users getting where they need to go? And what about visibility - Do you even know which web applications your employee’s are using? Do they have uncontrolled access? Do you know what data is flowing out of your company? And then there’s flexibility: in today’s mobile world, protection needs to travel with the user and device rather than stay in the office.
5
Security How bad is the problem? How can I block web-borne threats? What about outbound threats? What other add-on tools should I consider? First, let’s tackle security… the topic that’s top of mind for many IT executives in today’s world of highly publicized, embarrassing and costly breaches.
6
Global Threat Intelligence
GTI GTI Network Activity Geo-location Threat Reputation Ports / Protocol Application Web Reputation . File Reputation Sender Reputation URL Mail Activity Domain Affiliations The first thing you need to know is how to identify known threats that have already been detected at other sites around the globe. McAfee Global Threat Intelligence is a live service that McAfee uses to power our Web Protection’s filtering technologies. McAfee GTI creates a profile of all Internet entities—websites, , and IP addresses—based on hundreds of different attributes gathered from the massive, global data collection capabilities of McAfee Labs. It then assigns a reputation score based on the security risk posed, enabling administrators to apply very granular rules about what to permit or deny. With this service, McAfee distributes information about malicious activity virtually in real time, allowing you to block access to malicious sites without wasting time or taking further action. And, when you compare us with the competition, ask them how many dedicated, full-time research scientists and engineers they have working on their threat intelligence service. McAfee Labs has more than 500 full-time research staff, which is often more than our competitors have employees! IP Address Web Activity Address DNS Server Data Activity Network IPS Firewall Web Gateway Host AV Mail Gateway Host IPS 3rd Party Feed 300M IPS attacks/mo. 2B Botnet C&C IP Reputation Queries/mo. 20B Message Reputation Queries/mo. 2.5B Malware Reputation Queries/mo. 300M IPS Attacks/mo. Geo location feeds 6 Security Connected
7
McAfee Gateway Anti-Malware Engine Scanning
Unique to McAfee Web Protection Emulation provides real-time protection Most effective zero- day protection DISSECT ANALYZE McAfee’s provides proven anti-virus software that can block known threats that have a recognized signature. However, this ability, while essential, is not sufficient. As I noted previously, malware authors are becoming more proficient at creating attacks that evade signature detection, since the signature is used only once. Therefore, what’s needed is a proactive analysis engine that uses a heuristic approach to emulate and evaluate the behavior of a payload, without depending on a signature. Gateway Anti-malware (GAM) Engine is just such an engine. Other vendors evaluation processes look at the category, reputation and signature of an incoming web page. GAM, on the other hand, dissects the page into its various components, then analyzes each component in detail. Finally, it emulates the target environment to evaluate the behavior of the payload. Is it doing anything suspicious, like trying to unpack an encrypted set of code? Based on the proactive intent analysis of the payload, GAM does a superior job of identifying zero-day malware and blocking it. In fact, in the 2014 Magic Quadrant for Secure Web Gateways, Gartner said, “MWG has strong malware protection due to its on-box browser code emulation capabilities. The solution provides the ability to adjust the sensitivity of malware detection. A rule-based policy engine enables flexible policy creation.” I should point out that this is not a true sandbox platform. That capability is part of McAfee Advanced Threat Defense, which we’ll discuss in a moment. However, short of running a sandbox, GAM is the most effective zero-day malware detection you can run. EMULATE “MWG has strong malware protection due to its on-box browser code emulation capabilities.” Gartner, Magic Quadrant for Secure Web Gateways
8
Security Malware detection New 2013 results
95% 99% New 2013 results Web Gateway increases Zero-Day protection to 95% Other vendors invited to participate No response And, we’re not the only ones to recognize that… To better help demonstrate the effectiveness of the McAfee solution, we commissioned AV-Test Labs, a well-respected independent company that specializes in malware testing, to compare McAfee Web Gateway with other competitors. To ensure a fair test, McAfee did not supply any samples or had any knowledge of the sample that were used in the test. The test focused on different types of malware – and you can see from the results – the McAfee solution outperformed the competition in every category. For the Zero-Day Protection portion: McAfee Web Gateway blocked the most malicious URLs, with a protection rate over 90%. Zero-day threats are typically identified through the gateway’s ability to open up content for inspection, coupled with whatever proactive scanning abilities and cloud intelligence a vendor may provide. The next area focused on PE (portable executable) Malware Detection: Again, McAfee achieved the best score in this category testing at 99.9 percent, detecting nearly all malicious samples ranging from worms and Trojans to password stealing programs and rogue applications. This test focused on the generic malware detection and blocking capabilities, especially with signature-based protection. And finally, Non-PE (portable executable) Malware Detection which looks for things like PDF exploits and files, including malicious scripts and macros for Microsoft Office and other applications. McAfee detected nearly 99 percent of malicious non-PE files, the highest of any other vendor tested. (at the time of the testing, Websense did not provide protection for PDF exploits) Zero Day Protection Rate PE Malware Detection Non-PE Malware Detection Cloud intelligence Ability to open content and inspect Proactive scanning Signature-based protection Worms, Trojans PW stealing programs PDF exploits Macros for MS Office Malicious scripts AV-Test.org Performance results obtained using specific combinations of hardware, software, and test samples. The results reflect approximate relative performance as measured by the tests performed. Any difference in system hardware, software or available threat information may cause your performance to vary.
9
Proof Point Competitive POC BACKGROUND OUTCOME
Fortune 10 US corporation with world-wide network Existing Blue Coat installation BACKGROUND Scanned Results 30-Day POC Evaluation One sixth of web traffic sent to Web Gateway after being scanned by existing solution Ninety-two million URLs 346,000 websites and web objects 280,000 URLs categorized incorrectly by current proxy 50,000 URLs with unacceptable reputations 16,000 discrete web objects containing malware While tests can be helpful, the best way to understand the power of McAfee Web Protection is to bring it into your organization, like this Fortune 10 corporation did. They installed Web Gateway behind an existing Blue Coat system so that it would analyze and filter the traffic after it had been deemed appropriate. During a 30 proof of concept, they found some pretty startling results: an unacceptable amount of malware was getting into their network, despite using one of the secure web gateway market leaders. This corporation estimated that during the 30 day POC, Web Gateway helped protect 1,000 desktops from infection. Applying their own internal remediation costs, they determined that they had saved between $ K just in that one month period. That translates into approximately $1M per month across the entire organization. OUTCOME 1,000 desktops saved from infection during POC Remediation costs: $150–$200 per desktop During POC: $150,000–$200,000 savings POC result: Prospect became a customer
10
Security Integrated DLP prevents data leakage
Credit card numbers found In addition to controlling the applications, McAfee also enables you control over the data that is being sent through cloud applications. McAfee includes Data Loss Prevention technology as part of its web protection capabilities. McAfee Web Gateway supports predefined DLP dictionaries and enables custom dictionaries to be created through either keyword matching or regular expressions. This enables you to apply comprehensive DLP rules to your outbound web traffic, ensure and document regulatory compliance, and provide forensic data in the event of a breach – all without purchasing another solution. In this example you can see that an employee at “Acme Rocket Co.” is attempting to send credit number data (protected by PCI DSS) in a LinkedIn message – but a DLP rule blocked the attempt. McAfee DLP is recognized as a Leader in the Gartner DLP Magic Quadrant, most of the other vendors who provide DLP technology either have much weaker offerings, or use third-party DLP software which is not under their control. Apply comprehensive DLP rules Supports preformatted McAfee DLP dictionaries (HIPAA, PCI, UK-NHS, European IBAN)
11
Security Encrypt data going to the cloud
Data loss prevention can also be extended to protect uploads to file sharing/collaboration sites containing sensitive information, such as credit card numbers, and (based on your policies) automatically encrypt or block the file before uploading it. This prevents the file from being access by anyone who attempts to download it without going through the Web Gateway first. This file encryption feature is unique to McAfee and was called out as one of our strengths in the most recent Gartner Magic Quadrant: “In addition to its existing data loss prevention (DLP) support, MWG also protects sensitive data stored in public clouds from unauthorized access. It can automatically encrypt files transmitted to Dropbox and other file sharing and collaboration sites, and users cannot retrieve and decrypt files without going through the MWG.” Encryption protects cloud-based files
12
McAfee Advanced Threat Defense
Comprehensive approach to malware Advanced Threat Defense Threat Intelligence Exchange FIND Network Security Platform While it’s not part of the McAfee Web Protection solution, we should take a moment to mention McAfee Advanced Threat Defense (ATD) – which is McAfee’s advanced dynamic sandboxing and static code analysis solution. McAfee Advanced Threat Defense is designed to work with McAfee Web Gateway, McAfee Gateway, Next Gen Firewall, Endpoint, and other McAfee security products The MWG system administrator can set a suspicion threshold in the rules engine, that forwards suspect payloads to ATD, which, in turn, performs a deep analysis of the payload by running it in a true sandbox that simulates the target platform – browser, operating system, etc. ATD not only runs the code in a sandbox, it also reverse-engineers the code and compares it with malware code that’s been previously identified. Since not all malware code gets executed in the sandbox, the addition of static code analysis provides the ability to catch virtually any malware packet. While ATD is performing its analysis, McAfee Web Protection can periodically check its status and update the user, until the payload either passes muster and is forwarded to the user, or its identified as malware and blocked. The MWG administrator also has the option to set a time-out parameter which forces the user to wait for a pre-determined interval and, if the sandbox hasn’t completed its analysis by then, allow the payload through to the user. If it’s later determined to be malware, ATD can notify McAfee ePO which can then remediate the malware from affected clients. Next Generation Firewall FREEZE FIX McAfee Enterprise Security Manager (SIEM) McAfee Web Gateway McAfee Real Time McAfee Gateway Endpoint
13
Application Management
Application Discovery What applications are your users actually using? Application Controls Can you manage application entitlements? Application Access Can you deliver user access and strong authentication? A major challenge for many organizations is the shadow IT problem caused by users purchasing applications without considering the security ramifications of deploying them in your network. As a system administrator you have to know what SaaS applications your users are actually using. Otherwise, they may be exposing your organization to security risks you’re not even aware of. Once you’ve identified the specific applications in your environment, the next step is to implement your acceptable usage policy and enforce any restrictions you need to place on end-user entitlements. Finally, the last stage is to enable and manage application access for the web applications your users are using. For those applications that contain sensitive data, you should also require multi-factor authentication to validate a user’s identity before granting him/her access to the application.
14
TODAY’S REALITY: More than 80% of employees worldwide use SaaS applications without IT approval. “shadow IT” is not a trivial problem. In a recent world-wide survey of both IT professionals and line-of-business users (non-IT) conducted for McAfee by industry analyst firm Frost & Sullivan, we discovered that more than 80% of employees in the surveyed organizations were using SaaS applications that IT knew nothing about. The survey also uncovered the disturbing fact that on average, 15% of employees worldwide have experienced a security, access, or liability incident while using SaaS. Frost & Sullivan: The Hidden Truth Behind shadow IT
15
Application Discovery
What are your users up to? What applications are on your network? What applications are on your network? Which are blocked? Which are blocked? The bottom line is you can’t control what you don’t know about. How do you solve this problem? MWG Content Security Reporter (CSR) integration with Web Gateway includes the ability to create dashboards that you can use to identify any and all SaaS/cloud applications your users are accessing. Application discovery eliminates the uncertainty of shadow IT by exposing which applications are in your network, who’s accessing them and what impact they’re having on your infrastructure. Who are the top users? Who are the top users? How much bandwidth are they using? How much bandwidth are they using?
16
Integrated, Actionable Discovery
Content Security Reporter + McAfee ePO = visibility, control, compliance McAfee’s powerful security management platform, McAfee ePolicy Orchestrator or ePO, supports detailed and actionable web reporting through the McAfee Content Security Reporter extension which is part of McAfee Web Gateway. Content Security Reporter gives you the granular information and tools you need to understand how your organization is using the web, comply with regulations, identify trends, document problems, and tailor your filtering settings to enforce your web usage policies. Combine these granular reporting capabilities with the fact that Web Gateway can retrieve and apply data from ePO to its policies – and you begin to see the power of Security Connected. Let’s see how this works - with actionable reports in Content Security Reporter, you can simply right-click a URL in a report, add that site to an ePO block list and any ePO connected solution, such as McAfee Web Protection, can immediately apply it to policy. This is very powerful for accelerating response and mitigating problems across ePO connected solutions.
17
Web Application Controls
Enforce acceptable usage policy Enable/Disable specific applications Control entitlements, access, data sharing Now that you know WHO has is running cloud applications in your environment, the next step is to control WHAT they can do with those applications. With McAfee, you can choose from a range of more than 1,000 controls to enforce your organization’s acceptable usage policy for most popular web applications, enabling or disabling access along with specific functionality as needed. You control who uses a web application and how it is used. Do you want to enable access to Facebook but not allow Facebook chat or posting? Block users from sending out LinkedIn messages? No problem. Apply policy based on application, user, group, risk, …
18
Application Controls YouTube example
Customize block page with your logo, colors, instructions… To help demonstrate the power of application control, I want to share a YouTube example. With McAfee, you can allow access to YouTube but control what content your users are accessing such as Music videos. Note that YouTube has their own categories on the left side. Real-time look-ups of YouTube content categories enable you to easily incorporate YouTube categories into access policies. This allows you to, for example, block users from playing music videos during work hours. Note, also that you can customize the block page message with your own logo, color scheme, and text. Query for YouTube category in real-time Set policy by: Category, Author, Channel
19
Web Identity Launch Pad
Application Access Web identity Single Sign On One Time Password Laptop Internal User When your employees get access to multiple SaaS applications , one inevitable result is password chaos – with passwords attached to sticky notes and filed in (unprotected) lists in the employee’s mobile device. Employees hate to have to remember and manage multiple passwords. Just ask yourself, “how many passwords do you have?” With McAfee Web Identity, an optional add-on SKU for McAfee Web Gateway, McAfee is the only vendor to give you the flexibility and convenience of integrated web application single sign-on that eliminates the hassle of remembering all those passwords. Plus, your help desk will appreciate the reduction in password reset calls. You also have the option to use multi-factor authentication to reliably verify a user’s identity before giving them access to SaaS applications that contain corporate secrets or personally identifiable information. A final consideration is provisioning and de-provisioning capabilities that can be used to automatically create and terminate accounts as users profiles in your enterprise directory are added or removed. Built-in reporting helps you monitor SaaS application usage and compliance with regulatory requirements. This integrated solution includes easy to deploy and user-friendly access management capabilities that make life more convenient for users, cut down on help desk calls, while at the same time providing the enterprise with stronger security. Mobile Web Identity Launch Pad
20
Web Gateway Multi-layered Protection
Reputation (GTI) Geo-location (GTI) URL categorization & filtering (GTI) Media & file analysis Identify web applications in use Controls enforce acceptable usage policy SSO and multi-factor authentication for access Application Management Content Inspection DLP Engine Full dictionaries Enforce data leakage policy File encryption Protect data on file-sharing sites Scrutinize HTTPS traffic Identify malware hidden in encrypted web sessions Enforce application controls Data Leakage ePO SSL Scanning In summary, then, McAfee Web Gateway provides extensive, multi-layered protection for your systems. It delivers (build on each bullet): Wide ranging content inspection, including reputation analysis and site categorization from GTI, plus a variety of file filtering techniques SSL scanning – which is essential for examining the contents of HTTPS-enabled web traffic for both hidden malware as well as applications that IT needs to manage Anti-malware – both signature-based and zero-day malware detection Botnet client – the ability to spot malicious applications that may have slipped onto a computer that are trying to contact a command-and-control server Data leakage – a DLP engine with can enforce policy regarding the movement of sensitive data outside the enterprise network; as well as the ability to transparently encrypt files that are uploaded to Box or some other file-sharing site Application management – the ability to find all web applications in use, and apply acceptable usage policies on approximately 1,000 popular SaaS applications and social media, to improve security and end-user convenience with SSO and multi-factor authentication. Signature-based AV Zero-day malware detection Dissect, emulate target platform environment Evaluate code behavior Botnet Client Anti-Malware Identify “phone-home” behavior Aggressive scanning of non-human initiated requests Outbound Traffic Inbound Traffic
21
FLEXIBILITY What is the most effective deployment scenario for me?
Should I go on-premises or the cloud? How do I manage web access for remote or mobile users? Is there some way to protect them from malware infections? Now, let’s talk for a few moments about Flexibility. Some of the questions you should be asking yourself include the deployment scenario that makes the most sense for your organization, as well as how difficult or easy is it to modify your environment as your business needs change. And, with more and more mobile or remote users, you need to figure out how to give them the same degree of protection that you provide for you users who are inside the firewall.
22
Common policy, management & reporting
Flexibility Deploy on-premise, in the cloud, or a hybrid combination VM Appliance and SaaS (Hybrid) Remote Users (SaaS) SaaS or VM Performance and Scalability from Branch Offices to Corporate Headquarters Common policy, management & reporting McAfee Web Protection has unique flexibility that allows you to cost-effectively mix-and-match deployment options. Gartner noted this as one of McAfee’s strengths in the 2014 Magic Quadrant, “Intel Security has a good implementation of a hybrid cloud/on-premises solution.” Deploy any way you want – on-premises, in-the-cloud or a hybrid combination – all using the same set of licenses. For example, you can offload web traffic to the cloud for added high-availability or use the hybrid model as a cost-effective fail-over option. Common policy synchronization and reporting streamline management, ensure consistent policy enforcement, and simplify reporting and investigation. With the on-premises option, you’ll find a family of appliance models— which can be clustered for improved performance and availability— support for virtualized machines, and even a blade option, to give you the performance, scalability and flexibility that you need. The SaaS option gives you all the performance and scalability of the cloud, while ISO certified data centers in major geographies (North America, South America, Europe, Japan, Asia, Australia and New Zealand) give you the assurance that your data will be kept secure using industry best practices. You deploy the solutions that make the most sense for how your business is organized, with the assurance that you can modify your configuration as needed to adjust to changing business conditions, without needing to buy additional licenses – one SKU covers both on-premises and cloud users. Some of our competitors offer on-premises or cloud-based access, however they don’t have the common license model that we provide, nor do they have the ability to manage both on-premises and cloud deployment using a common set of rules and policies. SaaS Hardware Appliances Cloud-based Virtual Appliance Blade Server
23
McAfee Client Proxy Protect mobile & remote users ? Off Network ?
Corporate Office On-Network Web Gateway ? Off Network Internet ? As the cloud grows and the workforce becomes more mobile with more devices, protection needs to travel with the user rather than stay in the office. McAfee Web Protection enables organizations to extend their security policies to today’s popular smart phones, tablets and laptops by directing web traffic to McAfee Web Protection for advanced anti-malware protection and corporate web access policies. McAfee Web Gateway also extends protection to mobile devices accessing content that is traditionally available on internal corporate servers such as intranets, wikis, SharePoint servers, and other web-based solutions. One example of off network protection is McAfee Client Proxy, our solution for laptops. With McAfee Client Proxy, a tamperproof agent enables roaming users to seamlessly authenticate and redirect to a McAfee Web Protection solution, either Security-as-a-Service (SaaS) or our on-premises web gateway. This enables Internet access policy enforcement and full security scanning to be applied, even if their Internet access is being provided through a captive portal, such as at a coffee shop, hotel, or other Wi-Fi hotspot. Here’s how it works: McAfee Client Proxy will check to see if it is on the network and behind a Web Gateway. If there is no reply, it becomes active if an Internet connection is available and directs the traffic to either McAfee SaaS Web Protection or a Web Gateway in a DMZ. Browser Browser Client Proxy McAfee Data Center SaaS Web Protection (or Web Gateway in DMZ) Active
24
Features & Benefits Secure Proven Scalability Flexible Architecture
Best of breed security services, #1 malware defense Protect on-premises and remote/traveling users Proven Scalability Start small - SMB to enterprise Add capacity, as needed Flexible Architecture Fit business requirements Adapt as business needs change With the McAfee hybrid deployment model, you have the freedom and flexibility to configure your Web Gateway to meet your unique business requirement and change them as circumstances change. For example, one customer who was using an on-premises appliance acquired another company. They found the quickest, easiest way to protect the acquired company’s infrastructure was to set them up with SaaS Web Protection. The model is not only flexible but extremely scalable. You have the ability to assign users where it makes business sense, and still deliver the overall performance and throughput you need. You can scale up your on-premises systems by acquiring larger appliances, or clustering appliances together. And if you’re using the SaaS platform, we take care of making sure that performance is quick and crisp. Because our systems can be fully synchronized, with the same policies on both platforms, you have consistent security regardless of how your users are accessing the web. It’s cost-effective, so you don’t have to buy more capacity than you need. We’ll work with you to deliver the right-sized system to meet your requirements. And, finally, because both on-premises and cloud systems can be synchronized from one location, it’s easy to manage the system. Consistent dashboards and reporting also simplify monitoring and management tasks. Cost-effective One SKU, one price Buy only what you need Manageable Easy policy synchronization Consistent, cross-platform reporting
25
McAfee Web Protection Security Rules-based policy enforcement
Global Threat Intelligence AV & Gateway Anti-Malware engines Built-in Data Loss Prevention Cloud storage file encryption Advanced Threat Defense integration Application Management Identify and control rogue SaaS applications Single sign-on and multi-factor authentication Flexibility Mobile & remote user protection Hybrid deployment options with policy synch Forward and reverse proxy options In summary, McAfee Web Protection provides your organization with industry-strength security technologies the ability to identify and effectively control user’s access to cloud applications and web sites Mobile and hybrid deployment options that extend your security umbrella to from internal to cover mobile, remote or external users
26
Next Steps – Prove It to Yourself!
STEP ONE Communicate Results. Take Action! STEP THREE Run Web Gateway Proof of Concept STEP TWO: REVIEW RESULTS Now that you know what can be done, let’s take a look at the next steps you can take to prove this to yourself. Install McAfee Web Gateway off any mirror port This is a passive installation that can be easily deployed in under 2 hours to sit behind your existing firewall or gateway solutions Immediate Results: Show malware that’s been missed by your existing solution Identify applications in use See your data is going Generates an “Executive Summary Threat Report” for CxO team to review. Use the results to make the case for replacing your current solution with McAfee Web Protection. APPLICATION NAME SUM OF HITS BitTorrent Variants 22640 Google Analytics 1183 Hotmail 766 Facebook 754 Other 4093 TOTAL 29463 CATEGORYNAME # of Detailed Web Access Payment Card Industry – Credit Card Number Violations 35 DLP: User-Defined Dictionary 23 SOX Compliance – Merger and Acquisition 1 TOTAL 59 MALWARE NAME SUM OF HITS McAfeeGW: Heuristic.BehavesLike.JS.Infected.A 38 GoMcAfeeGW: Heuristic.BehavesLike.JS.Unwanted 19 McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious-BAY.G 11 McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious-BAY.K 7 Other 12 TOTAL 87
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.