What does it do? Where does it fit? Reviews – Proof Points
§ McAfee® Advanced Threat Defense (ATD) enables § “ATD does as much or more than other sandboxes, but its integration organizations to detect today’s advanced targeted with other McAfee solutions is what makes it so incredibly powerful…if attacks and convert threat information into immediate found malicious, the file is then automatically removed across the entire action and protection. enterprise. That is truly transformative for our small security team. § ATD provides advanced, in-depth file examination; It augments our own abilities and saves us a lot of time.” combining dynamic analysis, in-depth static code - Holly Frontier – Fortune 500 analysis, and machine learning to identify advanced threats that otherwise get past our competition. § “With the addition of these three products—McAfee Threat Intelligence Exchange, McAfee Advanced Threat Defense, and McAfee Endpoint Security—we significantly improved our overall security posture across the entire environment.” – CISO, Fortune 100 Company
How does it work? Kill Points: Integrated Products:
§ Advanced Threat Defense detects today’s stealthy, § FireEye, PAN, Cisco, and Trend Micro focus on a dynamic sandboxing § McAfee® Enterprise Security Manager (ESM) zero-day malware with an innovative, layered approach. approach with no / limited static-code analysis; making them susceptible § McAfee® Network Security Platform (NSP) It combines dynamic analysis with in-depth static code to evasion techniques. § McAfee® Threat Intelligence Exchange (TIE) analysis – the key to detecting highly camouflaged, § FireEye underperformed other vendors in the NSS Labs breach detection including McAfee® Application Control, McAfee® Endpoint Protection evasive threats that may not execute in a virtual report and received a ‘Neutral’ rating rather than ‘Recommended’. (EPP), McAfee® Data Loss Prevention (DLP), Server Security, and MSME or sandbox environment. § Palo Alto ‘free’ Cloud-service results can be slow: up to 24-48 hours. § McAfee® Web Gateway (SWG), and McAfee® Active Response (MAR) § ATD can unpack the code and disassemble it, essentially § FireEye requires an additional management appliance to share intelligence § Any E-mail Gateway via ATD Email Connector reverse engineering the malware across different appliances. § McAfee® Advanced Threat Defense can also be used as a stand-alone to analyze all attributes and instruction sets § FireEye offers no virtual deployment options. malware analysis tool by security operations/forensics teams. It supports to determine the intended behavior. § vATD is the first sandbox to be offered through the Azure Marketplace. a REST API and can take malware submissions via File Transfer Protocol § McAfee ATD performs full, static-code or in-depth code analysis (FTP) or manually. Features: § Integrated Security with McAfee® products: NSP, Differentiators – Competitive: Add Ons: MWG, TIE, Application Control, Endpoint / Server, DLP, § Real-time threat sharing across products, including local § ESM, NSP, TIE, SWG, MAR, and EPP McAfee ePO™ platform, SIEM, MAR, and also Email context through TIE § McAfee® Cloud Security Gateway (CSG), Training, and Pro Services Connector, Zeek (formerly Bro Network Security § SIEM integration that correlates data from multiple products, Monitor), TAXII, and Micro Small and Medium automates Indicator of Compromise (IOC) hunting across the How is it licensed? Enterprises (MSME) environment, and initiates endpoint action § Appliances – ATD3100,6100 – per unit § Advanced Analysis - Combination of in-depth, § Full life-cycle capabilities to detect, protect, and correct § Virtual Appliance – 8 instances - per Virtual Server, per endpoint, static- code analysis, dynamic analysis (sandboxing) § Advanced Threat Defense integrates with an extensive range or per mailbox and machine learning provides unmatched analysis and detection capabilities. of solutions – from the network edge through the endpoint § Virtual ATD add on to Web (WPS/WSG) and any email gateway with ATD Email Connector § Flexible Centralized Deployment - Offers a How is it managed? cost-effective, centralized approach to advanced § McAfee ePO™ platform malware analysis