Home >
Enterprise >
Participants >
McAfee > Carbanak+FIN7 Configuration
|
McAfee Configuration
Product Versions
- ePO 5.10
- EDR 3.3
- ENS 10.7 with DLP powered by MVISION Insights
- ATD 4.1
- NSP 10.1
- ESM 11.3
Product Description
McAfee Endpoint Protection, Detection and Response (EDR), combined with McAfee’s next-generation IPS and McAfee’s SIEM solution provides McAfee innovations that offer a single point of visibility, comprehension, and control across your entire digital estate.
McAfee’s endpoint solution helps to manage the high volume of alerts, empowering analysts of all skill levels to do more and investigate more effectively, and automatically respond to threats. Unique to MVISION Endpoint Security (ENS) is McAfee® MVISION Insights, the first technology to proactively prioritize threats before they hit you, predict if your countermeasures will stop them, and prescribe exactly what you need to do if they won’t, simultaneously.
McAfee’s DLP technology provides comprehensive protection for all possible leaking channels, including removable storage devices, the cloud, email, instant messaging, web, printing, clipboard, screen capture, file-sharing applications and more.
McAfee Network Security Platform (NSP) is a next-generation intrusion detection and prevention system (DPS) that discovers and blocks sophisticated malware threats across the network. It utilizes advanced detection and emulation techniques, moving beyond mere “PATTERN” matching to defend against stealthy attacks with a high degree of accuracy.
As the foundation of McAfee’s SIEM solution, McAfee Enterprise Security Manager (ESM) delivers actionable intelligence and integrations required for you to prioritize, investigate, and respond to threats. An extensible and distributed design integrates with more than three dozen partners, hundreds of standardized data sources, and industry threat intelligence. The embedded compliance framework and built-in security content packs simplify analyst and compliance operations. With direct integration into McAfee’s EDR capabilities, McAfee’s SIEM solution links your endpoint and enterprise infrastructure.
McAfee’s technologies are managed through McAfee’s industry-acclaimed, open and comprehensive, centralized management platform, McAfee ePolicy Orchestrator (ePO) to respond proactively, faster, and with higher efficacy; driven by AI-powered preemptive guidance, analytics and intelligence.
https://www.mcafee.com/enterprise/en-us/solutions/mvision.html
Product Configuration
For the detection evaluation all ENS scanners and rules were set to report-only.
For the protection evaluation ENS Attack Behavior Blocking (ABB)/Attack Surface Reduction (ASR) rules were set to block while the “Remotely creating or modifying files or folders” rule was disabled at MITRE’s request.