Request a Demo

In this article

EndPoint Security McAfee: Products, Capabilities and Features


Share on:

The McAfee MVISION Endpoint Security Platform includes protection for desktops running Windows, Mac or Linux, mobile devices, Endpoint Detection and Response (EDR) capabilities, and a central management console called ePO. Read on to learn how McAfee’s solution is structured and the security features each component provides.

To learn more about how to move beyond EDR with Extended Detection and Response (XDR) solutions, click here.

Download our comprehensive eBook

The Dark Side of EDR

  • 7 key considerations when evaluating EDR solutions
  • Learn about the dark sides of EDR for small teams
  • Explore associated costs: direct and intangible

McAfee Endpoint Security Suite Overview

The McAfee Endpoint Security suite includes several products that protect desktop devices, cloud-native endpoints, and mobile devices.

The suite provides the following general capabilities:

  • Advanced threat protection – uses machine learning and Endpoint Detection and Response (EDR) to protect against fileless threats, zero-day threats, and ransomware.
  • Integrated solution – offers a consolidated endpoint security platform with prevention, detection and response, one-click remediation, and central monitoring.
  • Broad endpoint support – Windows, macOS, Linux, cloud native, Android and iOS, all supported in one agent.

McAfee Endpoint Security Platform features:

  • Machine-learning behavior classification – detects unknown and zero-day threats, automatically adds rules to prevent future attacks, repairs the endpoint to last known good state.
  • Protection for targeted attacks – enables automated response to security incidents in milliseconds, with threat intelligence to identify multi-phase Advanced Persistent Threats (APT).
  • Adaptive malware scanning – avoids scanning of trusted processes to improve performance, prioritizes suspicious processes and applications. Detects and corrects malware fast.
  • Proactive web security – provides web protection and filtering for endpoints, ensuring safe browsing.
  • Dynamic Application Containment – prevents ransomware and greyware, and avoids new malware infections from spreading.
  • Network attacks protection – device firewall that uses reputation scores from the McAfee GTI framework. Detects and blocks connections made by botnets, DDoS attackers and other suspicious parties.
  • Threat forensics – lets administrators see infections across the enterprise, investigate them, understand the threat and react quickly.

The suite contains the following security products:

  • MVision Endpoint – defends cloud-native workloads, Windows PC and servers.
  • MVision Mobile – mobile security for Android and iOS devices.
  • MVision EDR – helps security teams detect, investigate and respond to security incidents.
  • MVision ePro – central console offering management and security visibility for endpoints.

Learn more about the features of each product in the following sections.

McAfee MVISION Endpoint Features

McAfee MVISION Endpoint is responsible for securing desktops, servers and cloud-native systems such as containers and serverless functions.

Main features include:

  • File, fileless, and zero-day defenses – machine-learning based analysis of threats that works effectively both both on-premise machines and cloud-based workloads.
  • Automatic remediation – reverts endpoints to a healthy state, with no need to reimage or repair the endpoint.
  • Credential theft monitoring – detects and blocks attempts to compromise user credentials.
  • Integrates with Windows 10 security – works with Windows Defender, Windows Firewall, and Exploit Guard, letting you use existing policies and apply McAfee policies to Windows security components.

McAfee MVISION Mobile Features

McAfee MVISION Mobile is responsible for securing mobile devices based on Android and iOS.

Main features include

  • Always-on mobile securit – does not rely on app sandboxing or traffic tunneling, deployed directly on mobile devices (including iPhones and iPads) and protects them regardless of their network connection, including when they are offline.
  • Advanced threat analysis – uses machine learning to analyze anomalies in device behavior and detect Indicators of Compromise (IoS) at the device, application or network level.
  • Enables BYOD and compliance on user devices – broad device support, self-contained agent can be deployed on user devices, enforcing security and compliance requirements without affecting user experience or hurting user privacy.
  • Actionable forensics – instant access to deep threat forensics for incidents occurring on mobile devices.
  • Phishing Protection – detects harmful links in text messages, social media and emails, alerts and protects users.

McAfee MVISION EDR

McAfee MVISION EDR helps security teams detect, investigate and rapidly respond to security incidents targeting or involving endpoints.

Main features include:

  • Alert prioritization – prioritizes threats, ensuring security teams only see the most relevant alerts.
  • Guided investigation – automatically answers questions about security incidents, summarizes and visualizes evidence from multiple sources to save analyst time.
  • Cloud-based solution, rapid deployment – easy to deploy on endpoints, managed by the on-premises McAfee ePolicy Orchestrator (ePO) or SaaS-based McAfee MVISION ePO.
  • Incident response – automates manual tasks involved in incident response, allowing more senior analysts to perform threat hunting and respond to day-to-day incidents.
  • Provides visibility into endpoint threats – lets analysts monitor endpoint activity, identify suspicious behavior and contextualize it to respond to incidents.

McAfee MVISION ePO

McAfee MVISION ePO is offered both on-premises and as a SaaS solution, and provides central monitoring, visibility and control over endpoints across the organization.

Main features include:

  • Single pane of glass – offers panels and dashboards that show your security posture across all endpoints, as well as threat information and advisories.
  • Managed and automated workflows – defines workflows for security analysts, with optional review and approval of policy or tasks. Can also automate workflows on endpoints to identify, manage and respond to vulnerabilities and threats.
  • Common policy management – manages policies in one place for McAfee tools and operating system security controls such as Windows Defender.
  • Automated mitigation – when a security incident occurs, triggers automatic responses, which can include containment and instant remediation of the device.
  • Essential risks dashboard – shows critical threats across the enterprise, letting analysts drill down, while viewing current threat information and security advisories.
  • Two-factor authentication – tight control for access to management interfaces, with optional change control processes.

Download our comprehensive eBook

The Dark Side of EDR

  • 7 key considerations when evaluating EDR solutions
  • Learn about the dark sides of EDR for small teams
  • Explore associated costs: direct and intangible

Endpoint Protection—Prevention, Detection and Protection with Cynet 360

Cynet 360 is a security solution that includes a complete Endpoint Protection Platform (EPP), including Next-Generation Antivirus (NGAV), device firewall, advanced EDR security capabilities and automated incident response. The Cynet solution goes beyond endpoint protection, offering network analytics, UEBA and deception technology.

Cynet’s platform includes:

  • NGAV—blocks malware, exploits, LOLBins, Macros, malicious scripts, and other known and unknown malicious payloads.
  • Zero-day protection—uses User and Entity Behavior Analytics (UEBA) to detect suspicious activity and block unknown threats.
  • Monitoring and control—asset management, endpoint vulnerability assessments and application control, with auditing, logging and monitoring.
  • Response orchestration—automated playbooks and remote manual action for remediating endpoints, networks and user accounts affected by an attack.
  • Deception technology—lures attackers to a supposedly vulnerable honeypot, mitigating damage and gathering useful intelligence about attack techniques.
  • Network analytics—identifying lateral movement, suspicious connections and unusual logins.

Learn more about the Cynet 360 security platform.

How would you rate this article?

In this article

decorative image decorative image decorative image

Let’s get started

Ready to extend visibility, threat detection and response?

mobile image

See Cynet 360 AutoXDR™ in Action

Prefer a one-on-one demo? Click here

By clicking next I consent to the use of my personal data by Cynet in accordance with Cynet's Privacy Policy and by its partners