Embed Size (px)
Citation preview
.
Intel Security Confidential
.Grant McDonald | Endpoint Security 10 Product Manager
McAfee Endpoint Security 10:6 Reasons to Migrate in 2016
.
Intel Security Confidential
Agenda
• Why do you need to migrate to Endpoint Security 10?
• Why do you need to migrate data?
• How do you migrate data?
• What are the requirements?
.
Intel Security Confidential
Why do you need to migrate?
3
Simplifies the technologies you
already have while also allowing multiple
endpoint defense technologies to
communicate and collaborate against new and advanced
threats.
3 core modules: Threat Prevention, Web Control and Firewall – deploy together or individually
VSE’s 12 policies are now optimized and covered
by 5 Threat Prevention policies
Future scanners and content can be deployed without requiring point product binary updates.
Optimized and Consolidated Platform
Other Areas:Zero impact ScanningEnhanced LoggingPerformance improvements
.
Intel Security Confidential
Better Remediation, Intelligence, Threat Forensics
A file hash is sent from Web Control to Threat Prevention, triggering an ODS
4
Defenses Collaborate in Real Time
Event data is shared with other modules and ePO, and is visible in client UI
Malicious files are detected and blocked before they have full access to the system
Forensics data is captured (Source URL, file hash, etc.)
Client UI
TIEThreat
Prevention
Web Control Firewall
ePO
.
Intel Security Confidential
Better Remediation, Intelligence, Threat Forensics
5
(Cont’d): Threat Forensics Available with ENS 10
Detect, understand, and track the attack
Machine Host Name
Ipv6 Address
Ipv4 Address
Mac
Location
TargetIpv4 Address Parent Process SignedIpv6 Address Parent Process SignerPort NameURL PathShare Name File SizeMac Modify TimeProtocol Access TimeUser Name Create TimeProcess Name Device Display NameHash Serial NumberSigned Device VIDSigner Device PIDDescription
Detection FeatureNameVersionContent VersionContent Creation DateRule IDRule NameReg InfoGTI QueryName
Threat DataEvent IDSeverityNameTypeAction TakenHandledDetected On CreateImpactEvent ID
Source
Ipv4 Address File Path
Ipv6 Address File Size
Port Hash
URL Signed
Share Name Signer
Mac Modify Time
User Name Access Time
Process Name Create Time
Parent Process Name Device Serial Number
Parent Process Hash Device VID
Parent Process Signed Source Description
Parent Process Signer
AdditionalCleanable
Task Name
API Name
First Attempted Action
Second Attempted Action
First Action Status
Second Action Status
Event ID Description
Natural Language Description
Duration Before Detection
Attack Vector Type
Direction
ICMP Type
Firewall Event Type
Throttled Event Count
.
Intel Security Confidential
It’s Ready for Advanced Threat DefensesEasily Enhance ENS 10 with Threat Intelligence Exchange (TIE)
Centralized Visibility and ControlIncident response knowledgebase
Local prevalence intelligence
Integrated Endpoint ModuleExecution-time reputation inspection and protection
Open, Connected EcosystemNetwork, gateway, endpoint, and cloud-based countermeasures and intelligence
Data Exchange LayerUltra-fast persistentbidirectional messaging fabric
6
TIE Server
Intel Security
Solutions
3rd PartyPartners
Threat Intelligence
Feeds
TIE Endpoints
.
Intel Security Confidential
Why do we need to migrate data?
7
Endpoint Security 10 optimized and consolidated legacy products into a new platform.
7
.
Intel Security Confidential
What changed?
8
• New settings for new functionality
• Some existing settings or functionality deleted or EOL’d
• Multiple existing point product settings now being handled by a single setting or policy
• Functionality consolidated by new modules
8
.
Intel Security Confidential
4. Migration Tools Make it Easy
9
The Migration Assistant was created to educate and aid customers in migrating data to the ENS platform.
Automatic migration can create new policies and client tasks automatically, based on your current product settings, and assign them to groups and managed systems based on your current assignments.
Manual migration lets you select the settings you want to migrate and, optionally, edit them. Manual migration does not retain assignments.
Automatic Migration Manual Migration
Select what items you want to migrate:• Policies• Client tasks• Catalog (FW only)
Select what items you want to migrate:• Policies• Client tasks
Preview policy migration results
Configure policies or tasks
Migrated items are created and assigned automatically
Migrated items are created
Manually assign migrated items
Repeat to migrate additional items
.
Intel Security Confidential
Automatic migration
1010
.
Intel Security Confidential
Automatic migration
1111
.
Intel Security Confidential
Deployment Requirements
12
Microsoft WorkstationsMacintoshePOMcAfee Agent
Windows 10, 8.1, 8.0, 7.0, Vista
Windows Embedded 8.1, 8, 7
Microsoft Servers
Windows 2012, 2012 R2
Windows 2008, 2008 R2
Windows Small Business Server 2011, 2008
Windows Embedded 2009
Windows Point of Service 2009, 1.1
Mac OS X (server and workstation):
El Capitan 10.11x,
Yosemite 10.10x
Mavericks 10.9x
ePO 5.1.1 or later
ePO Cloud 5.5
McAfee Agent 5.02 or later
.
Intel Security Confidential
FAQs
Q – How long will it take?
A – A typical system migration takes roughly 10-15 minutes to complete. (Your mileage may vary)
Q – What if we need help?
A- Online resources, support and professional services are available
Q – How do we know if we should use the manual or automatic migration approach?
A – Based largely on the number of managed systems, number of custom policies, and your use of HIPS and customizations
Q – Why shouldn’t we just stay on our current VSE deployment?
A – Better performance, integrations with our advanced defenses, future functionality that will only be available through ENS 10
13
Other common questions
.
Intel Security Confidential
Where to start
Simply log into McAfee ePO and ENS 10 is available in the Software Manager
Existing Endpoint Suites Customers Have Access Now
14
Learn more about ENS 10 or migrating to ENS 10:• ENS landing page• The ENS 10 Expert Center• Migrating McAfee Host IPS 8.0 to McAfee
Endpoint Security 10.1 - YouTube• Migrating from McAfee VirusScan
Enterprise 8.8 to McAfee Endpoint Security 10.1 - YouTube
.
Intel Security Confidential15
