McAfee in the Data Center

Slides:



Advertisements
Similar presentations
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Advertisements

1 Dell World 2014 Dell & Trend Micro Boost VM Density with AV Designed for VDI TJ Lamphier, Sr. Director Trend Micro & Aaron Brace, Solution Architect.
© 2014 Cognizant 4 th March 2015 MBaaS: Mobile Backend as a Service Pablo Gutiérrez / Senior Mobility developer.
Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
Virtual techdays INDIA │ 9-11 February 2011 Cross Hypervisor Management Using SCVMM 2008 R2 Vikas Madan │ Partner Consultant II, Microsoft Corporation.
Citrix Partner Update The Citrix Delivery Centre.
INTRODUCING: KASPERSKY Security FOR VIRTUALIZATION | LIGHT AGENT FOR MICROSOFT AND CITRIX VIRTUAL ENVIRONMENTS.
The Evolution of the Kaspersky Lab Approach to Corporate Security Petr Merkulov, Chief Product Officer, Kaspersky Lab Kaspersky Lab Cyber Conference, Cancun,
Virtualization for Cloud Computing
5205 – IT Service Delivery and Support
SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Endpoint Security Current portfolio and looking forward October 2010.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
XD 5.6 Overview. XenDesktop 5.6 Main Focus = Integration of personal vDisk Features Support for Microsoft SCVMM 2012 and SCCM 2012 Updated Citrix License.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Sanbolic Enabling the Always-On Enterprise Company Overview.
Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
PRESIDIO.COM MARCH  Presidio Overview  What’s New in VDP and VDPA  VDPA Features  Backup and Restore Job Creation  Q&A.
2011 / 9/11/ S V E Security for Virtualized Environments The first comprehensive security solution for.
Tim Vander Kooi Systems
The Citrix Delivery Center. 2 © 2008 Citrix Systems, Inc. — All rights reserved Every Day, IT Gets More Complex EMPLOYEES PARTNERS CUSTOMERS.
Microsoft’s Vision for IT as a Service The Server to Virtualized Datacenter to Private & Public Cloud Continuum David Greschler, Director, Microsoft Kondwani.
Preparing your Fabric & Apps for Windows Server 2003 End of Support Jeff Woolsey Principal Program Manager.
Dell Connected Security Solutions Simplify & unify.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
What is Driving the Virtual Desktop? VMware View 4: Built for Desktops VMware View 4: Deployment References…Q&A Agenda.
Introducing Kaspersky Security for Virtualization Peter Beardmore Sr. Director of Product Marketing.
CUTTING COMPLEXITY – SIMPLIFYING SECURITY INSERT PRESENTERS NAME HERE XXXX INSERT DATE OF EVENT HERE XXXX.
Uwe Lüthy Solution Specialist, Core Infrastructure Microsoft Corporation Integrated System Management.
Network security Product Group 2 McAfee Network Security Platform.
2015 Security Conference Dave Gill Intel Security.
System Center Lesson 4: Overview of System Center 2012 Components System Center 2012 Private Cloud Components VMM Overview App Controller Overview.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Microsoft NDA Material Adwait Joshi Sr. Technical Product Manager Microsoft Corporation.
PHD Virtual Technologies “Reader’s Choice” Preferred product.
If it’s not automated, it’s broken!
BUILD SECURE PRODUCTS AND SERVICES
Guide to Operating Systems, 5th Edition
Service Assurance in the Age of Virtualization
Chapter 6: Securing the Cloud
Boost VM Density with AV Designed for VDI
InGenius Connector Enterprise Microsoft Dynamics CRM
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Hybrid Management and Security
SmartHOTEL Planner Add-In for Outlook: Office 365 Integration Enhances Room Planning, Booking, and Guest Management for Small Hotels and B&Bs OFFICE 365.
Letsignit, an Automated Signature Solution for Microsoft Office 365 and Microsoft Exchange, Provides Efficiency in Branding and Customization OFFICE.
Virtualization & Security real solutions
McAfee Security Connected – Next Generation Security
Skyhigh Enables Enterprises to Use Productivity Tools of Microsoft Office 365 While Meeting Their Security, Compliance & Governance Requirements Partner.
Securing Cloud-Native Applications Jason Schmitt CEO
With IvSign, Office 365 Users Can Digitally Sign Word Documents in the Cloud from Any Device Without Having to Install Any Digital Certificates OFFICE.
Healthcare Cloud Security Stack for Microsoft Azure
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Check Point Connectra NGX R60
Guide to Operating Systems, 5th Edition
Agolo Summarization Platform Integrates with Microsoft OneDrive to Relate Enterprise Cloud Documents with Real-Time News Summaries OFFICE 365 APP BUILDER.
BluVault Provides Secure and Cost-Effective Cloud Endpoint Backup and Recovery Using Power of Microsoft OneDrive Business and Microsoft Azure OFFICE 365.
Microsoft Virtual Academy
Panda Adaptive Defense Platform and Services
Contact Center Security Strategies
Healthcare Cloud Security Stack for Microsoft Azure
Technical Capabilities
NSX Data Center for Security
Letsignit, an Automated Signature Solution for Microsoft Office 365 and Microsoft Exchange, Provides Efficiency in Branding and Customization OFFICE.
Increase and Improve your PC management with Windows Intune
DATS International Portfolio.
Monitor VMware with SC2012 SP1 Operation Manager & Veeam Microsoft Tools for VMware Integration & Migration Symon Perriman Michael Stafford Senior.
Presentation transcript:

McAfee in the Data Center Optimized Security for Virtualization Ben Andrew, Sr. Product Manager Simi Sikka, Product Marketing

Evolution of the Datacenter Discrete Datacenter Consolidation Discrete Networks Compute Network Storage Management Traditional Security - Policies tied to physical attributes Virtualized Datacenter Flexible Management 10G Unified Network Unified Network Servers Storage Arrays Mgmt VM Virtualized Security - Context aware policies Cloud Datacenter Efficient and Secure Open Architecture Simplified Network Cloud Infrastructure Network Storage Compute Security Datacenter Facilities (e.g. cooling, power) Federated Security Security delivered as a set of services Cloud, especially public cloud, has been getting a lot of attention. However, the largest cloud sub-segment growth over the next several years is expected in private cloud. The main reason is there are many moving parts to cloud implementation, and IT shops are starting at different points on this continuum with regards to infrastructure and internal expertise. Also, most medium to large IT shops won’t go completely to a public cloud only model, as they want to maintain control of critical business processes and data. The key challenge of discrete data center has been lack of flexibility. Virtualization technologies are a top priority on CIO agendas….and for a very good reason! Virtualization enables the twin goals of business savings and organizational flexibility. But, how should companies expand virtualization and maintain security simultaneously? How can you avoid operational and risk management challenges? The answer lies in McAfee MOVE AV….. Virtualization is taking hold in the datacenter. We are seeing that the silo of compute, network, and storage are broken. Virtualization is enabling high level of agility and driving lower costs as we get rid of proprietary interfaces and proprietary solutions. And improving each to deliver on demand scalable performance so that as the application needs grow the infrastructure can respond.

McAfee Datacenter Infrastructure Security GTI Security Monitoring and Management Datacenter Asset Inventory with Security Overlay Event/Log Correlation Change Control Local Threat Intelligence Authorization/Access Control Security Enablement TXT DeepSafe Geo-tags Hardware McAfee ePO SIEM Endpoint Security File AV (OAS/ODS) Memory Protection Application Whitelisting Host Firewall Host IPS DeepDefender Hypervisor Security Secure Data in Motion Firewall Network IPS Network DLP MOVE Resource Optimization through Offloading Agent-less Security through Integration with VMM Secure Data at Rest Encryption Storage DLP

McAfee Data Center Server Security Solutions Application Whitelisting McAfee Application Control Blacklisting|Antivirus McAfee Virus Scan Enterprise File Integrity Monitoring Configuration Lockdown Memory Protection McAfee Application and Change Control Configuration Assessment Policy Auditing XSS XSS Firewall Firewall AV for Storage AV for Storage DB Vulnerability Mngmnt. DB Vulnerability Mngmnt. Sharepoint Security Sharepoint Security Email Security Email Security DB Activity Monitoring DB Activity Monitoring Domain Controller Web Application Other Database File Email Servers

Why McAfee MOVE The security you need, the flexibility you deserve. 1 OPTIMIZES McAfee AV for virtualized environments 2 Works universally across any virtualized environment 3 Leverages security enablement capabilities offered by hypervisor vendors 4 Security policy managed centrally through ePO console Our tenets are: Optimize McAfee security for virtualized environments – starting with AV and adding more later Works universally across any virtualized environment Leverages security hooks/APIs/capabilities offered by hypervisor vendors management integration into ePO The security you need, the flexibility you deserve.

McAfee MOVE in the Datacenter McAfee ePO Optimized AntiVirus Maintaining offline VMs Intelligent AV Scans Virtual Servers Virtual Desktops Virtual Infrastructure Manager Offline VMs Many organizations face pains such as AV storms, reduced VM density – MOVE helps improves VM density and manages the schedule of on demand scans to present hypervisors from being overloaded, and allow them to have higher VM density. Virtual Infrastructure Virtual Infrastructure Datacenter

Why Optimized Security Optimized AntiVirus McAfee ePO Resource Optimization Ease of Management Optimization: Traditional AV sucks resources in a virtual environment Reduces the consolidation that Virtualization offers in the first place Ease of Management: DAT updating in each VM Agentless means fewer “things” to manage (only SVA not Endpoints) Enhanced Performance of VM (the whole reason you virtualize!) Enhanced Performance

MOVE AV Optimizes Security for VDI VM VM McAfee MOVE AV protects more VMs per Hypervisor, thereby optimizing the performance of your virtualized environment McAfee MOVE-AV

MOVE Features & Benefits Reduce security footprint Improve VM consolidation ratios Prevent antivirus storms Minimize setup and updates Block known and unknown threats Offload malware scanning to an SVA Get instant protection with low impact on memory and processing. Prevent antivirus storms Benefit from options that include on-access, scheduled, and selective scans. Minimize setup and updates Optimize your time with a dedicated, hardened virtual appliance. Block zero-day, unknown threats Leverage real-time file analysis through McAfee Global Threat Intelligence. Add intrusion and web protection Achieve memory and web application protection (included). Leverage McAfee ePolicy Orchestrator (McAfee ePO) software Realize at-a-glance visibility, control, and reporting across your endpoints. Multi-vendor or agentless deployment options Gain support for all major hypervisors. Leverage ePolicy Orchestrator (ePO) software Two flexible deployment options

MOVE AV – Multi-Platform Deployment McAfee ePO GTI File Reputation VM VM MOVE Security Appliance OS MOVE VSE MOVE VSE OS OS Virtual Infrastructure McAfee MOVE Antivirus is a component of McAfee® Management for Optimized Virtual Environments and includes these subcomponents: • McAfee MOVE Antivirus Agent for Windows — Allows virtual desktops and servers to offload file scanning to the McAfee MOVE Antivirus SVA over the virtual network. (Referred to as “MOVE” in the diagram) • McAfee Agent (MA) – Handles policy, task, and event communication between MOVE components and McAfee ePolicy Orchestrator (Referred to as “MA” in the diagram) • McAfee MOVE Antivirus (Security Virtual Appliance) — Provides offloaded scanning support for virtual servers, minimizing the impact on virtual desktops. • McAfee MOVE Antivirus ePolicy Orchestrator extension — Provides policies and controls for configuring McAfee MOVE Antivirus behavior. In multi-platform installations, the McAfee MOVE AV agent runs in each guest image. A McAfee ePolicy Orchestrator® (McAfee ePO™) agent manages policies and scanning functions on each guest image, as well as the activities of the McAfee MOVE AV Offload Scan Server. You can designate and scan a gold image for use as a clean master. Pre-populating global caches with clean images delivers the fastest VM boot-up time. 450 VMs can be handed by a single SVA. When a user accesses a file, the MOVE Offload Scan Server performs an on-access scan, providing a response back to the VM. Users can be notified of issues through a pop-up alert, and files can be moved to quarantine to await a decision. During the session, a lightweight endpoint component communicates to the Offload Scan Server to broker the antivirus processing on behalf of each virtual desktop. Each VM can be configured with unique, individual policies set in the McAfee ePO console, or the VMs can be managed as a group. McAfee first delivered a multi-platform solution for virtualized deployments that leveraged a standard agent on each image and supported all the major hypervisor vendors. We now also offer an adaptive, agentless solution tightly integrated with VMware vShield. Each approach has its strengths. By offering both, we give you ultimate flexibility…. Features Scans guest VMs over the network Supported on all major hypervisors Security is uninterrupted when VMs move between hypervisors Datacenter 11

MOVE AV – Agentless Deployment McAfee ePO GTI File Reputation MOVE Security Appliance VM OS MOVE AV VMtools VMtools Features Scans virtual machines over VMware VMCI channel VMs with VMtools are instantly protected Fewer distinct endpoints to manage (just the SVA and not every VM) Intelligent, scheduled file scanning Protection is vMotion-aware VMware vShield Endpoint VMware vSphere As discussed, in multiplatform, the conversation between the endpoint and server is happening over the network. In agentless deployments, VMware vShield Endpoint uses the hypervisor as a high-speed connection to allow the MOVE Security Virtual Appliance (SVA) to scan virtual machines from outside the guest image. As it scans, the SVA will direct vShield to cache good files or delete or deny access to malicious files. After you install the SVA and components on the ESX servers, every image is automatically protected at creation. There’s no McAfee software on client VMs. VM tools exist in each VM, and the conversation occurs between the pipe that VMware provides. Thus, any transfer of files if happening trough the VM tools pipe, and thus it is FASTER. And you don’t need to worry about protection since you don’t need a MOVE agent in each VM. If going Agentless, you need a vshield license plus MOVE. Datacenter 12

MOVE AV 2.5 Agentless caching Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache 19870110AE1D2675DB 1987... If the File is GOOD, the MD5 is added to the Global Cache, Access is granted and MOVE AV informs vShield Endpoint to cache the file. Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache If the File is MALICIOUS, MOVE AV will inform vShield Endpoint to delete/deny access to the File based on policy. Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache 19870110AE1D2675DB 1987... When the File is accessed from a different endpoint, the Global cache is leveraged, that file has been seen and need not be scanned again Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache MD5 - NOT in the Global Cache, the File is analyzed for Malware using both Signature and GTI technologies. Hypervisor Endpoint SVA McAfee Agent File 1 19870110AE1D2675DB VMware Tools Local Cache Global Cache MD5 - IN the Global Cache, no scanning occurs. Access is granted and MOVE AV informs vShield Endpoint to cache the file. Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache A virtual machine accesses a file… Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache The file is checked against the Local vShield Endpoint Cache. If not in the Local Cache, vShield sends file handle to SVA. Hypervisor Endpoint SVA McAfee Agent File 1 19870110AE1D2675DB VMware Tools Local Cache Global Cache MOVE AV creates an MD5 of the file contents, then checks it against the Global Cache.

A virtual machine accesses a file… If the File is GOOD, the Fingerprint is added to the Local and Global caches and file access is granted 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache 1987... File 1 On a future access of the same File, the Fingerprint is created and compared against the Local cache or “Whitelist” 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache 1987... File 1 When the File is accessed from a different endpoint, the Global cache is leveraged 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache 1987... File 1 If the File is MALICIOUS, MOVE AV will delete/deny access to/quarantine the File depending on the security policy Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache File 1 The File is analyzed for Malware using both Signature and Cloud technologies 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache File 1 Fingerprint of File is created and compared to LOCAL cache or “Whitelist”. 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache File 1 A virtual machine accesses a file… Virtual Infrastructure Scan Server McAfee Agent Global Cache Endpoint Local Cache File 1 If Fingerprint does not exist, it is passed on to the MOVE Scan Server 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache File 1 If Fingerprint is not in the Global cache either, the File itself is moved to the MOVE Scan Server to be analysed 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache November 26, 2018

MOVE Scheduler Datacenter Hypervisor (vSphere, Xen) * VSE VSE VSE MA MA MA OS OS OS McAfee ePO Hypervisor (vSphere, Xen) * Hypervisor Manager Features Manages Hypervisor resources to prevent AV scan storms Integrates with Hypervisor managers (vCenter, XenManager) to schedule scans Datacenter 15

VSE for Offline Virtual Images Secure your VMs and protect your enterprise Save money with automatic updates Save time with unified security management Maintain current security for Dynamic VDI DAT’s VirusScan Enterprise for Offline Virtual Images Direct storage VMware ESX Server VMware vCenter Server Offline VM Images Engine Citrix XenServer VirusScan Enterprise VSE for offline Virtual Images explained… (how it works): Open the disk image Mount the file system and registry hive Virtually map mounted system to “original locations” Scan for malware (ODS-like) Remediate by cleaning malware Check AV DAT level Remediate by updating DATs

Virtual Desktops Suite McAfee MOVE AntiVirus for Virtual Desktops (SKU: MOVCDE) which includes: McAfee MOVE AntiVirus Multi-Platform deployment Agentless deployment McAfee VirusScan® Enterprise McAfee Host Intrusion Prevention System McAfee SiteAdvisor® Enterprise McAfee ePolicy Orchestrator®

Virtual Servers Suite McAfee MOVE AntiVirus for Virtual Servers (SKU: MOVCKE) which includes: McAfee MOVE AntiVirus Multi-Platform deployment Agentless deployment McAfee VirusScan Enterprise McAfee VirusScan Enterprise for Offline Virtual Images McAfee ePolicy Orchestrator McAfee MOVE Scheduler

Analysts Agree: McAfee Leads Ability to Execute Completeness of Vision VISIONARIES NICHE PLAYERS LEADERS CHALLENGERS E-mail Web IPS Firewall Endpoint Mobile Data Protection NAC DLP Gartner Current Offering STRATEGY STRONG PERFORMERS Web E-mail DLP Client Security NAC Forrester

Customer Quote – McKesson Healthcare “McAfee MOVE AV provides McKesson with comprehensive and consistent malicious code protection for our virtual environment.” “As we continue to adopt emerging technologies… implementing McAfee MOVE AV provides us with additional security in our virtual environment.” “The solution makes sizing and deployment simpler and ensures that every system is deployed with the same level of protection.” Patrick Enyart, senior director, McKesson Information Security, Security Operations

Appendix

MOVE AV – Agentless Architecture GTI File Reputation MOVE AV SVA McAfee ePO AV Scanner Engine DAT VM APP OS Kernel BIOS VM APP OS Kernel BIOS VMs Security Admin APPs Shared Cache OS EPsec Interface REST EPSec hooks vShield Endpoint Library Clean cache REST VMTools Driver VI Admin vShield Manager VMCI Enterprise Virus Protection Customer can bring current Enterprise Anti-Virus license and support into a virtualized environment Customer only needs to add MOVE-AV to provide the enhanced control and performance for VDI deployments vCenter ESX vSphere Platform vShield Endpoint ESX Module EPSec APIs EPSec Components VMWare interfaces vShield Components McAfee Components New for EPSec 2.0 23

MOVE AV 2.5 Agentless caching A virtual machine accesses a file… Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache

MOVE AV 2.5 Agentless caching The file is checked against the Local vShield Endpoint Cache. If not in the Local Cache, vShield sends file handle to SVA. Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache

MOVE AV 2.5 Agentless caching MOVE AV creates an MD5 of the file contents, then checks it against the Global Cache. Hypervisor Endpoint SVA McAfee Agent File 1 19870110AE1D2675DB VMware Tools Local Cache Global Cache The SVA cache has a 1M entry limit.

MOVE AV 2.5 Agentless caching MD5 - IN the Global Cache, no scanning occurs. Access is granted and MOVE AV informs vShield Endpoint to cache the file. Hypervisor Endpoint SVA McAfee Agent File 1 19870110AE1D2675DB VMware Tools Local Cache Global Cache The SVA cache has a 1M entry limit.

MOVE AV 2.5 Agentless caching MD5 - NOT in the Global Cache, the File is analyzed for Malware using both Signature and GTI technologies. Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache

MOVE AV 2.5 Agentless caching If the File is GOOD, the MD5 is added to the Global Cache, Access is granted and MOVE AV informs vShield Endpoint to cache the file. Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache 19870110AE1D2675DB 1987...

MOVE AV 2.5 Agentless caching If the File is MALICIOUS, MOVE AV will inform vShield Endpoint to delete/deny access to the File based on policy. Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache

MOVE AV 2.5 Agentless caching When the File is accessed from a different endpoint, the Global cache is leveraged, that file has been seen and need not be scanned again Hypervisor Endpoint SVA McAfee Agent File 1 VMware Tools Local Cache Global Cache 19870110AE1D2675DB 1987...

VMware vShield Endpoint What is vShield Endpoint? vShield Endpoint uses the hypervisor as a high speed connection to allow the SVA to scan virtual machines from outside without the need of a bulky agent inside the guest. MOVE AV is able to: Streamlined Anti-Malware deployment Improved virtual machine performance Prevent antivirus storms and bottlenecks Protect antivirus security software from attack

MOVE AV 2.5 Multi-Platform caching File 1 A virtual machine accesses a file… Virtual Infrastructure Scan Server McAfee Agent Global Cache Endpoint Local Cache The Scan Server does NOT have to be on the same hypervisor as the end point.

MOVE AV 2.5 Multi-Platform caching File 1 Fingerprint of File is created and compared to LOCAL cache or “Whitelist”. 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache

MOVE AV 2.5 Multi-Platform caching File 1 If Fingerprint does not exist, it is passed on to the MOVE Scan Server 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache

MOVE AV 2.5 Multi-Platform caching File 1 If Fingerprint is not in the Global cache either, the File itself is moved to the MOVE Scan Server to be analysed 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache Note that the entire file is not moved. McAfee technology is able to determine the portions of the file that must be scanned for vulnerabilities. When the portions that must be moved are large, the file is chunked and sent over in parts to the scan server. MOVE focuses on scan-avoidance i.e. using the caches to scan only when necessary. NOTE: In the future McAfee is considering distributing whitelists of scanned files and their hashes for standard OS files.

MOVE AV 2.5 Multi-Platform caching File 1 The File is analyzed for Malware using both Signature and Cloud technologies 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache

MOVE AV 2.5 Multi-Platform caching File 1 If the File is MALICIOUS, MOVE AV will delete/deny access to/quarantine the File depending on the security policy Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache

MOVE AV 2.5 Multi-Platform caching File 1 If the File is GOOD, the Fingerprint is added to the Local and Global caches and file access is granted 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache 1987...

MOVE AV 2.5 Multi-Platform caching File 1 On a future access of the same File, the Fingerprint is created and compared against the Local cache or “Whitelist” 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache 1987...

MOVE AV 2.5 Multi-Platform caching File 1 When the File is accessed from a different endpoint, the Global cache is leveraged 19870110AE1D2675DB Virtual Infrastructure Endpoint Local Cache Scan Server McAfee Agent Global Cache 1987...

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.