McAfee Change Control

File Integrity Monitoring and Change Prevention

McAFEE CONFIDENTIAL
McAfee Change Control
End-to-end compliance with laws and regulations such as SOX and PCI DSS

Integrity Monitoring  Alerts to critical and unauthorized changes

 Selectively prevents out-of-policy changes

Change Prevention
 Logs any attempted out-of-policy change

Continuous detection of system-level changes

across distributed and remote locations

McAFEE CONFIDENTIAL 2
McAfee Change Control
Real-time monitoring and read/write protection

File and Registry User Logon/Logof Process Start/Stop

Detect unauthorized Detect stolen/hacked Detect new

changes passwords viruses

Read Protection Stops Unauthorized Access to Sensitive Files

Write Protection Eliminates Unwanted Ad-Hoc Changes and Configuration Drift

McAFEE CONFIDENTIAL 3
File Integrity Monitoring
 Visibility into change helps resolve incidents, increase uptime, and meet
compliance requirements
 Gives the What? Who? When? Why? in real time
 User name
 Time of change
 Program name
 File/registry content
 Alerts for critical changes

McAFEE CONFIDENTIAL 4
Easily Compare File Changes

McAFEE CONFIDENTIAL 5
Use Granular FIM Filters
Multidimensional
Multidimensional
Inclusion/Exclusion
Inclusion/Exclusion

Out-of-the-Box
Out-of-the-Box
Rules
Rules

McAFEE CONFIDENTIAL 6
Keep Systems Up to Date
Use updaters to make changes to files protected by McAfee Change Control

McAFEE CONFIDENTIAL 7
View Agents and Events in Intuitive Dashboards

McAFEE CONFIDENTIAL 8
McAfee Change Control Platforms

Windows
 Embedded (FIM): XPE, 7E, WEPOS, Pos Ready
2009, WES 2009, 8,8.1 Industry
 Server: 2008, 2008 R2, 2012, 2012 R2
 Desktop: Vista, 7, 8, 8.1

Linux
 RHEL/CentOS 5, 6
 SUSE/openSUSE 10, 11
 OEL 5, 6
 Ubuntu 12.04

McAFEE CONFIDENTIAL 9
Why McAfee Change Control?

 Compliance policy enforcement: Fulfills PCI DSS

requirement for file integrity monitoring and
provides Qualified Security Assessor (QSA)-friendly
reports
 Change prevention: Blocks out-of-policy changes
before they occur. Changes are verified against
the change source, time window, or approved
change ticket
 Small footprint and low operational overhead:
Delivers minimal impact on performance with low
memory and CPU usage and no file scanning
 Integrated file integrity Monitoring and change
control: Lowers total cost of ownership and
reduces administration

McAFEE CONFIDENTIAL 10
 McAfee Change Control
Customer Success

Protection Challenge Solution

Configuration drifts Uses McAfee Change

caused application Control to lockdown
downtime and loss of critical configuration
productivity. files to prevent
Type: World’s largest unauthorized changes.
Uranium company.

Needed to track Deploys McAfee

unauthorized changes Change Control on over
to reduce SLA 2,000 servers (Linux,
breaches. Windows), and is used
Type: Billing/ payment to identify
solutions MSP. unauthorized changes.

McAFEE CONFIDENTIAL 11
McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of
others. Copyright © 2017 McAfee, LLC.