Security Architecture for Digital Transformation

McAfee Confidential

McAfee MVISION PlatformSecurity Architecture for Digital Transformation

McAfee Confidential

Presenters

Laurent MarechalAdvanced Technology Specialists, EMEA

Mohammed GuermellouAdvanced Technology Specialists, EMEA

McAfee Confidential

Agenda

➢ Transformation Overview

➢ Business Needs for Security

➢ MVISION Platform Introduction

➢ Security Architecture for Modern Workplace

➢ Workplace Security Demonstrations

McAfee Confidential

Every Business is Transforming and so is Security

2 INFRASTRUCTURE

• Adoption of Multiple Cloud Platforms

• Cloud-Native, Modern Applications

• Hybrid Infrastructure for legacy support

• Continuous DevOps and Delivery

• Security and Network Infrastructure Convergence

• Telco and 5G Infrastructure

• Smart Girds and Factories

• IoT Cloud Services and devices

• Hybrid, Legacy Infrastructure

• Supply Chain Diversity

4 IT-OT CONVERGENCE

1

• Cloud Services for business agility

• Work from Anywhere

• IT Consumerization – Any Device

• Talent Retention and User Experience

• IoT for Smart Buildings and Offices

MODERN WORKPLACE

• Intellectual Property Development

• Continuous DevOps and Delivery

• Business Resilience

• Talent Retention

• AI and Analytics-Driven services

3 RAPID INNOVATION

SECURITYCommon Architecture

Cloud-NativeAnalytics-Driven

Threat Intelligence PoweredAutomation

Open IntegrationUser Experience

5

McAfee Confidential

ACCELERATETRANSFORMATION

STOPTHREATS

DRIVEEFFICIENCY

Business Goals for Security

McAfee Confidential

Cloud Adoption and Trends

+600% Increase in collaboration SaaS use in 2020

2x Increase in cloud access by unmanaged devices in 2020

1 in 4 Cloud files contain sensitive data

McAfee Confidential

Cloud Transformation and Security Journey

More SaaS, First IaaS

Need a layer of identity access, and data controls across multiple SaaS and

IaaS

Multi-SaaS, Multi-IaaS

A complete architecture is required to manage risk and threats for all cloud services and data paths

First SaaS App

Native controls are manageable for a

single app

McAfee Confidential

Building the Cloud Architecture

The Foundation1Shadow visibility, Configuration control, Identity Access Management

Data and Threat Protection 2Data Discovery, Cloud2Cloud Data Protection, Device2Cloud Malware Protection

Application Security3

Built into development lifecycle

McAfee ConfidentialExternal Facing Information / Public

MVISION INSIGHTSGlobal Threat Intelligence and Risk Assessment across Endpoints, Network and Cloud

MVISION XDR

Threat Response Workflows Threat Hunting WorkflowsIncident Response Workflows

MVISION SECURITY ARCHITECTURE• Cloud-Native • Analytics-Driven • Threat Intelligence Powered

• Automated • Open Integration

• Common Architecture

• Data-Aware

MVISION Unified Cloud Edge(CASB+SWG+DLP+RBI+UEBA)

MVISION CNAPP(CSPM+CWPP+EDR+DLP+CONTAINERS)

MVISION CloudMVISION Device

MVISION ePO and Endpoint( NG-AV+EDR+DLP+CTI)

Common Integration Services (DXL, MVISION API and Marketplace)

McAfee Confidential

...builds an Ecosystem

Threat Protectionand DetectionMVISION EDR

SecOpsMVISION EDR

Risk ManagementMVISION UCE | MVISION ePO

Endpoint SecurityMVISION Endpoint Security

ComplianceMVISION UCE | MVISION ePO

Data SecurityMVISION UCE

Access ControlMVISION ePO

Extend Security Architecture with McAfee Partners

MVISION API and DXL

McAfee Confidential

MVISION helps Accelerate Digital Transformation

increased use ofcollaboration services due to

virtual world

devices worldwide are expected to be connected to internet in 2021

as many people will be working remotely compared to pre-pandemic

Cloud-Native, Converged Architecture• Secure Cloud Infrastructure• Available• Global Delivery• SASE• ZTNA

Secure a “Work from Anywhere”• Mobile• Home• Cloud

Adaptable Security Architecture• Analytics and Automation• Integrated Threat Intelligence• Extensible

McAfee Confidential

Our Architecture Identifies and Stops Threats before a breach

Increase in Cloud-Native Threats

Increase in Unmanaged AccessTo Enterprise Cloud Services

It’s A Dynamic Threat Landscape:• Volume AND Sophistication of threats• Entry vectors have increased• Data Loss vectors have increased

Threats per minute on average will need to be stopped by organizations

security

McAfee Confidential

MVISION Security Architecture Drives Efficiency

Reduce Complexity of Security Practice • Self Service features• Workflow automation• Analytics to augment human actions

Simplify Attack Surface Management:• Cloud• Device• Data

Consolidate Security Providers:• Common Architecture• Simple integration• Simple consumption models

Of companies use more than one cybersecurity vendor to protect their

business

Unfilled cybersecurity jobs are expected to exist in 2021

Reduce Time to RespondDecrease SOC Efficiencies

McAfee Confidential

MVISION Security ArchitectureModern Workplace Security Use Cases

AssessRisk

AdvancedThreat

Protection

MobileThreat

Protection

Secure Web Access

CloudData

Protection

LeverageSecurity

Ecosystem

Threat Detection

and Response

McAfee Confidential

Workplace Security Use Case Demos

McAfee Confidential

MariaAccount Executive

▪ Manages named accounts

▪ Loves technology and runs a blog for working moms

▪ Breaks glass and gets things done

▪ Always makes quota

McAfee Confidential

Maria—Collaboration Control and DLP

▪ Collaboration control

▪ Cloud-native DLP

SaaS

APIsMVISION Cloud

McAfee Confidential

MVISION Cloud

Maria—DLP for Shadow Cloud Services

DLP for any cloud service – stop sensitive data uploads

Cloud Proxy

SaaS

19

McAfee Confidential

Maria—Endpoint DLP

▪ Stop data loss to USB devices

▪ Block email attachments with sensitive data at the endpoint

McAfee Confidential

Maria—Contextual Access Control

Unmanaged Managed

MVISION Cloud

SaaS

McAfee Confidential

MVISION Cloud

Maria— Tenant Restriction

Use only Corporate Tenant – stop using personal tenant from managed machines

TenantRestriction

SaaS

McAfee - Internal Confidential

Unified Policy

Cloud Email

• Uses web policies and risk database to identify risky websites to isolate.

• Maria is protected from high risk and uncategorized websites.

Safe visual stream

Isolated Browser

Known safe websites

Risky websites

Public Internet

Isolate Risky Websites – Selective Isolation

McAfee Confidential

What’s next?

Executive

Briefing Center⬡ Strategy Discussion

⬡ Threat Landscape

⬡ Vertical Strategy

Architecture

Workshop⬡ SOC

⬡ Workplace, OT,

Closed

⬡ Cloud Security

Architecture

1 2 3

McAfee Confidential

Security

Assessment⬡ SOC

⬡ Cloud

⬡ Workplace

Thank you.

McAfee Confidential