EndPoint Security McAfee: Products, Capabilities and Features
The McAfee MVISION Endpoint Security Platform includes protection for desktops running Windows, Mac or Linux, mobile devices, and Endpoint Detection and Response (EDR) capabilities (see our guide on EDR Cybersecurity), and a central management console called ePO. Read on to learn how McAfee’s solution is structured and the security features each component provides.
The McAfee Endpoint Security suite includes several products that protect desktop devices, cloud native endpoints, and mobile devices.
The suite provides the following general capabilities:
Advanced threat protection – uses machine learning and Endpoint Detection and Response (EDR) to protect against fileless threats, zero-day threats, and ransomware.
Integrated solution – offers a consolidated endpoint security platform with prevention, detection and response, one-click remediation, and central monitoring.
Broad endpoint support – Windows, macOS, Linux, cloud native, Android and iOS, all supported in one agent.
McAfee Endpoint Security Platform features:
Machine-learning behavior classification – detects unknown and zero-day threats, automatically adds rules to prevent future attacks, repairs the endpoint to last known good state.
Protection for targeted attacks – enables automated response to security incidents in milliseconds, with threat intelligence to identify multi-phase Advanced Persistent Threats (APT).
Adaptive malware scanning – avoids scanning of trusted processes to improve performance, prioritizes suspicious processes and applications. Detects and corrects malware fast.
Proactive web security – provides web protection and filtering for endpoints, ensuring safe browsing.
Dynamic Application Containment – prevents ransomware and greyware, and avoids new malware infections from spreading.
Network attacks protection – device firewall that uses reputation scores from the McAfee GTI framework. Detects and blocks connections made by botnets, DDoS attackers and other suspicious parties.
Threat forensics – lets administrators see infections across the enterprise, investigate them, understand the threat and react quickly.
The suite contains the following security products:
MVision Endpoint – defends cloud-native workloads, Windows PC and servers.
MVision Mobile – mobile security for Android and iOS devices.
MVision EDR – helps security teams detect, investigate and respond to security incidents.
MVision ePro – central console offering management and security visibility for endpoints.
Learn more about the features of each product in the following sections.
McAfee MVISION Endpoint Features
McAfee MVISION Endpoint is responsible for securing desktops, servers and cloud-native systems such as containers and serverless functions.
Main features include:
File, fileless, and zero-day defenses – machine-learning based analysis of threats that works effectively both both on-premise machines and cloud-based workloads.
Automatic remediation – reverts endpoints to a healthy state, with no need to reimage or repair the endpoint.
Credential theft monitoring – detects and blocks attempts to compromise user credentials.
Integrates with Windows 10 security – works with Windows Defender, Windows Firewall, and Exploit Guard, letting you use existing policies and apply McAfee policies to Windows security components.
McAfee MVISION Mobile Features
McAfee MVISION Mobile is responsible for securing mobile devices based on Android and iOS.
Main features include
Always-on mobile securit – does not rely on app sandboxing or traffic tunneling, deployed directly on mobile devices (including iPhones and iPads) and protects them regardless of their network connection, including when they are offline.
Advanced threat analysis – uses machine learning to analyze anomalies in device behavior and detect Indicators of Compromise (IoS) at the device, application or network level.
Enables BYOD and compliance on user devices – broad device support, self-contained agent can be deployed on user devices, enforcing security and compliance requirements without affecting user experience or hurting user privacy.
Actionable forensics – instant access to deep threat forensics for incidents occurring on mobile devices.
Phishing Protection – detects harmful links in text messages, social media and emails, alerts and protects users.
McAfee MVISION EDR
McAfee MVISION EDR helps security teams detect, investigate and rapidly respond to security incidents targeting or involving endpoints.
Main features include:
Alert prioritization – prioritizes threats, ensuring security teams only see the most relevant alerts.
Guided investigation – automatically answers questions about security incidents, summarizes and visualizes evidence from multiple sources to save analyst time.
Cloud-based solution, rapid deployment – easy to deploy on endpoints, managed by the on-premises McAfee ePolicy Orchestrator (ePO) or SaaS-based McAfee MVISION ePO.
Incident response – automates manual tasks involved in incident response, allowing more senior analysts to perform threat hunting and respond to day-to-day incidents.
Provides visibility into endpoint threats – lets analysts monitor endpoint activity, identify suspicious behavior and contextualize it to respond to incidents.
McAfee MVISION ePO
McAfee MVISION ePO is offered both on-premises and as a SaaS solution, and provides central monitoring, visibility and control over endpoints across the organization.
Main features include:
Single pane of glass – offers panels and dashboards that show your security posture across all endpoints, as well as threat information and advisories.
Managed and automated workflows – defines workflows for security analysts, with optional review and approval of policy or tasks. Can also automate workflows on endpoints to identify, manage and respond to vulnerabilities and threats.
Common policy management – manages policies in one place for McAfee tools and operating system security controls such as Windows Defender.
Automated mitigation – when a security incident occurs, triggers automatic responses, which can include containment and instant remediation of the device.
Essential risks dashboard – shows critical threats across the enterprise, letting analysts drill down, while viewing current threat information and security advisories.
Two-factor authentication – tight control for access to management interfaces, with optional change control processes.
Endpoint Protection—Prevention, Detection and Protection with Cynet 360