McAfee® Advanced Threat Defense (ATD) - Solution Guide
What does it do?
§ McAfee® Advanced Threat Defense (ATD) enables
organizations to detect today’s advanced targeted
attacks and convert threat information into immediate
action and protection.
§ ATD provides advanced, in-depth file examination;
combining dynamic analysis, in-depth static code
analysis, and machine learning to identify advanced
threats that otherwise get past our competition.
How does it work?
§ Advanced Threat Defense detects today’s stealthy,
zero-day malware with an innovative, layered approach.
It combines dynamic analysis with in-depth static code
analysis – the key to detecting highly camouflaged,
evasive threats that may not execute in a virtual
or sandbox environment.
§ ATD can unpack the code and disassemble it, essentially
reverse engineering the malware
to analyze all attributes and instruction sets
to determine the intended behavior.
Features:
§ Integrated Security with McAfee® products: NSP,
MWG, TIE, Application Control, Endpoint / Server, DLP,
McAfee ePO™ platform, SIEM, MAR, and also Email
Connector, Zeek (formerly Bro Network Security
Monitor), TAXII, and Micro Small and Medium
Enterprises (MSME)
§ Advanced Analysis - Combination of in-depth,
static- code analysis, dynamic analysis (sandboxing)
and machine learning provides unmatched analysis
and detection capabilities.
§ Flexible Centralized Deployment - Offers a
cost-effective, centralized approach to advanced
malware analysis
Where does it fit?
Kill Points:
§ FireEye, PAN, Cisco, and Trend Micro focus on a dynamic sandboxing
approach with no / limited static-code analysis; making them susceptible
to evasion techniques.
§ FireEye underperformed other vendors in the NSS Labs breach detection
report and received a ‘Neutral’ rating rather than ‘Recommended’.
§ Palo Alto ‘free’ Cloud-service results can be slow: up to 24-48 hours.
§ FireEye requires an additional management appliance to share intelligence
across different appliances.
§ FireEye offers no virtual deployment options.
§ vATD is the first sandbox to be offered through the Azure Marketplace.
§ McAfee ATD performs full, static-code or in-depth code analysis
Differentiators – Competitive:
§ Real-time threat sharing across products, including local
context through TIE
§ SIEM integration that correlates data from multiple products,
automates Indicator of Compromise (IOC) hunting across the
environment, and initiates endpoint action
§ Full life-cycle capabilities to detect, protect, and correct
§ Advanced Threat Defense integrates with an extensive range
of solutions – from the network edge through the endpoint
and any email gateway with ATD Email Connector
Reviews – Proof Points
§ “ATD does as much or more than other sandboxes, but its integration
with other McAfee solutions is what makes it so incredibly powerful…if
found malicious, the file is then automatically removed across the entire
enterprise. That is truly transformative for our small security team.
It augments our own abilities and saves us a lot of time.”
- Holly Frontier – Fortune 500
§ “With the addition of these three products—McAfee Threat Intelligence
Exchange, McAfee Advanced Threat Defense, and McAfee Endpoint
Security—we significantly improved our overall security posture across
the entire environment.” – CISO, Fortune 100 Company
Integrated Products:
§ McAfee® Enterprise Security Manager (ESM)
§ McAfee® Network Security Platform (NSP)
§ McAfee® Threat Intelligence Exchange (TIE)
including McAfee® Application Control, McAfee® Endpoint Protection
(EPP), McAfee® Data Loss Prevention (DLP), Server Security, and MSME
§ McAfee® Web Gateway (SWG), and McAfee® Active Response (MAR)
§ Any E-mail Gateway via ATD Email Connector
§ McAfee® Advanced Threat Defense can also be used as a stand-alone
malware analysis tool by security operations/forensics teams. It supports
a REST API and can take malware submissions via File Transfer Protocol
(FTP) or manually.
Add Ons:
§ ESM, NSP, TIE, SWG, MAR, and EPP
§ McAfee® Cloud Security Gateway (CSG), Training, and Pro Services
How is it licensed?
§ Appliances – ATD3100,6100 – per unit
§ Virtual Appliance – 8 instances - per Virtual Server, per endpoint,
or per mailbox
§ Virtual ATD add on to Web (WPS/WSG)
How is it managed?
§ McAfee ePO™ platform