Yesterday I blogged about a presentation I gave at GFIRST in Atlanta, Georgia where I demonstrated a number of application and database attacks and referenced how this is extremely relevant to Continuous Monitoring (CM) for federal agencies.
McAfee’s Approach to Continuous Monitoring
Risk awareness across all subsystems enables agencies to understand real-time activities within the environment, including specific asset details and security controls. It helps agencies generate actionable, prioritized responses. McAfee solutions detect the vulnerabilities on endpoints and malicious traffic traversing the network and assign asset values. In addition, security controls are enriched with threat intelligence gleaned from millions of sensors worldwide. McAfee solutions also understand what countermeasures are in place to mitigate threats. Understanding the risk as a combination of asset value, asset vulnerabilities, real-time attack information, threat intelligence, and countermeasures means that incident response is more accurate, responders are more focused, and time to remediation is faster.
Data protection comes in many forms. Depending on the subsystem, there may be a need to protect data at rest, in motion, and in use. The database subsystem can offer unique challenges, requiring database virtual patching, vulnerability assessment, and activity monitoring. McAfee offers purpose- built solutions for each of these requirements to secure the most complex subsystems.
McAfee combines discovery, prevention, monitoring, and reporting through a centralized solution enriched with supporting information from network and endpoint controls. McAfee helps address questions such as: what data was accessed, by whom, when, how, and from where. With so many attacks focused on sensitive data, a layered, connected approach is the key to mitigating abuse by external and internal users, even those with administrator privileges.
Centralized Management and Monitoring
Unifying security management through an open platform, McAfee makes risk and compliance management simpler and more successful. Flexible automation streamlines workflows, dramatically reducing the cost and complexity of security and compliance administration across the various subsystems within the CAESARS technical reference architecture. Unique capabilities include situational awareness across endpoints, network, and data, as well as streamlined workflows that accelerate administrative tasks and reduce audit fatigue.
Some of the key value drivers we see around our solution for continuous monitoring include:
- Reducing the time and effort required to demonstrate compliance with regulatory mandates
- Allowing more streamlined workflows to maximize operational efficiencies
- Cultivating a complete platform of situational awareness where more informed decision-making can be achieved more quickly
- Taking advantage of connected, automated solutions that ultimately yield greater security ROI per security asset while reducing manual tasks
For more information about the Security Connected Reference Architecture, visit: www.mcafee.com/securityconnected.