Having become McAfee’s SIA Partner of the Year in 2017, Avecto has taken great strides to providing a more integrated and compatible security solution. , Our alliance with McAfee aims to deliver a more comprehensive (yet simplified) approach to security management. Read on to discover the five best practices for achieving this, as revealed in a joint Avecto + McAfee webinar…
Addressing an evolving threat landscape
With over 500,000 new threats discovered every single day by McAfee Labs in the last six months, it’s easy to see why more companies are looking to step up their security measures. And while it’s not just about the volume , we need to mitigate the chance of falling victim to the ones specifically designed to target your organization.
Often with thousands of devices and access points, companies are more at risk than ever before. Couple this with the fact that cybercrime is becoming more advanced by the minute, it’s little wonder that an increasing amount of time and resources are being spent on finding/developing more complete cyber security solutions.
Mark Mastrangeli, McAfee’s Technical Solution Architect, states that “In order to deal with these threats, we have to focus on the basics. We have to enforce a least privilege security posture across our environment, and we need to be keeping up with patches in a rapid way.”
The removal of admin rights is one such step in achieving least privilege, and McAfee highlights the role which Avecto’s Defendpoint solution plays:
“Avecto Defendpoint is an absolutely perfect example of what we want our partners to do and take advantage of with the Security Innovation Alliance. They’ve taken full advantage of the integration capabilities with McAfee ePO, as well as McAfee open DXL, and enable real-time communications on the message bus, as well as completing a number of actions with those integration points.”
Below we can see all five of the best practice recommendations from McAfee and Avecto, in achieving more simplified security.
Five key steps to making security more simple
With so many things to consider, creating an attack-proof security strategy can be very time-consuming. But by utilizing the right tools, and combining the right software, it doesn’t have to be.
Below are five steps you can take to keep your security management simple – no matter how large your company might be.
1. Improve security foundations: Remove admin rights from all users across Windows and macOS endpoints
This is the first best step to take. Time and again it has been proven that removing admin rights mitigates the majority of threats. And despite preconceptions about least privilege, this can now be achieved without hindering user productivity.
By combining this with effective application whitelisting (allowing only known and trusted applications to run), and keeping up-to-date with application and operating system patches, the foundations of your security, according to the Australian Signals Directorate, could mitigate 85% of cyber attacks.
These four foundational steps are advocated by many respectable cybersecurity bodies, including NIST, SANs, GCHQ, the Australian DoD - as well as featuring in the NSA’s top 10 IA mitigations list.
2. Increase time to value: Rapid deployment with Defendpoint Quick Start policy
Previously, privilege management solutions have taken months, if not years, to roll out. This not only means that a return on investment takes longer to achieve, but also makes companies vulnerable to new attack vectors during the monitoring or listening phase of deployment. With Defendpoint’s Quick Start policy, this isn’t the case.
By leveraging information and learning from hundreds of previous deployments, we’ve developed an intelligent, out-of-the-box configuration which allows companies to operationalize the benefits from day one as the default rules cover around 80% of use cases. The Quick Start policy accommodates for different types of end users from Developers & IT Pros, all the way through to task based roles all out of-the-box. The exception handling and behavioural data analysis covers the remaining 20% and prevents unnecessary calls to the helpdesk for common sense functions and actions – like installing a printer.
The end result is a more secure working environment, without impacting on user productivity.
3. Simplify management: Centralized management via the McAfee ePO security management platform
Defendpoint offers a full integration with McAfee ePO, meaning that management is achieved through a single console and utilizes existing architecture. Implementation is simplified, improving time to value, as policies can be seamlessly configured and deployed to all your endpoints leveraging the existing ePO platform.
Reporting and auditing is also collated and viewed within the McAfee ePO management platform, allowing for a more intuitive, single-pane-of-glass.
4. Integrate disparate security solutions: Real-time and intelligent connectivity with McAfee TIE using the OpenDXL communications fabric
As the Defendpoint agent is uploaded to McAfee’s master repository, it is able to be deployed through the client deployment task. The McAfee agent continues to be the single point of contact between ePO and endpoint, and the agent is responsible for installations and upgrades for that endpoint – so the same architecture applies, offering all the same visibility and controls. In a nutshell, Defendpoint is fully baked into ePO, just as if it is a native McAfee solution.
This is enables us to correlate our event information with the Data Exchange Layer (DXL) to read threat information. As we are an early adopter of this technology, this information gives security professionals more indicators than ever before for making decisions on the next action.
The portal allows for seamless endpoint communication, as Defendpoint is a proactive solution, so the visibility of the application, the tasks, scripts, users and privileges, can all be viewed within the Avecto reporting section in the McAfee console. This allows us to take events from the reporting and directly add them to policy, in a straightforward tick box fashion – allowing for faster policy building and adding to operational efficiency.
5. Actionable intelligence: Reporting and auditing for visibility and compliance
Within the reporting console, we’re able to take the information and, with a single pane of glass, we can turn event information into policy. It allows us to explore applications that require admin rights to run within your environment, view their reputation via the Data Exchange Layer (DXL) up with TIE (McAfee’s Threat Intelligence Exchange), meta data, parent/child relationships, user actions.
You can also see who is logging in with an admin account vs. standard user accounts. Through collecting all of this data, it’s possible to create a custom environment that suits your business needs for security and efficiency.
To conclude, here is a full list of the benefits on offer in the Avecto-McAfee integrated solution:
- Allows you to quickly reduce the attack surface on the endpoint
- Fully integrated solution offers a single management console and architecture for operational ease
- No additional infrastructure results in lower TCO
- Simple implementation, seamlessly configuration of policies
- Reporting and auditing is collated and viewed within the McAfee ePO management console
- Ongoing management is simplified, with little to no training for IT staff
- Defendpoint configuration changes informed by TIE application reputation data
- Defendpoint reporting drives risk-based policy adjustment
If you would like more information on this, or have any unanswered questions, please don’t hesitate to get in touch or schedule a discovery workshop today.
And In case you missed our joint webinar with McAfee, you can still watch the full recording on-demand.