You’ve heard a lot from us leading up to this launch. If you’ve been following our Redefining Endpoint Security blog series, you learned how Real-Time for ePO, Deep Defender, Application Control, and Risk Advisor are key differentiators when it comes to products that deliver optimum protection against today’s more complex threats.

As we move out in front to lead in this new era, we wanted to hear from you. We asked several McAfee partners to talk about what the new endpoint suites mean for their business and here’s what they had to say:

Redefining Endpoint Security Together

Together, we’ve built a 60 million endpoint installed base that can be upgraded and that’s just the beginning. According to IDC, the enterprise endpoint market continues to experience healthy growth–from roughly $3.5 billion in 2012 to $4.8 billion in 2017.

Visit the Partner Portal Endpoint Suite resource page for the latest information including:

• Accelerated Deal Registration
• Partner and Distributor Demand Generation Kits
• Training presentations
• $2, $4 and $6 McAfee Rewards
• $100 “Bring McAfee to the Game” competitive displacement incentive

So who is going to lead in this new era? I humbly submit McAfee and here’s why:

1. We began our integrated security platform (SecurityConnected) journey 5 years ago and launched the initiative at FOCUS 2010, putting us years head of the competition in the race to integrate.
2. We are the only provider of chip to the cloud protection.
3. We continue to improve as a company to partner with, moving up 6 spots to #19 on CRN’s Best Companies to Partner with list, and we aren’t done yet.

What’s New in Endpoint Protection?

The new McAfee Complete Endpoint Protection Suites are the industry’s first endpoint suites to provide customers proactive, chip-to-cloud protection. The new suites provide this unique level of protection by being the only endpoint suites that include hardware-enhanced security, dynamic whitelisting, risk intelligence and real-time security management.

Leading up to this launch, our Redefining Endpoint Security blog series took a close look at our four key differentiators: Real-Time for ePO, Deep Defender, Application Control, and Risk Advisor and explained how these products deliver optimum protection against today’s more complex threats.

There are two new suites you can start selling today: McAfee Complete Endpoint Protection – Enterprise and McAfee Complete Endpoint Protection – Business. To get started watch our new Endpoint Suites channels launch webcast.

In addition to the new Endpoint Suites, we are also extending our comprehensive security protection to mobile devices (smart phones, tablets, etc…) with the integration of EMM (Enterprise Mobile Management) into ePO. Mobile security is a massive market opportunity and a top CIO concern, according to The 2012 Gartner CIO Agenda Survey. Allowing you to help customers protect their data on employee-owned devices through a single console is a huge competitive advantage and is included in the new Comprehensive Endpoint Suites.

For McAfee Partners: Helping You Differentiate, Grow and Prosper

With these new endpoint suites we are accelerating mutual profitability by helping you differentiate, grow and prosper.

• Differentiate: with chip to the cloud protection and real-time security management
• Grow: together we built a 60 million endpoint installed base that can be upgraded and according to IDC, the enterprise endpoint market continues to experience healthy growth–from roughly $3.5 billion in 2012 to $4.8 billion in 2017.
• Prosper: visit the Partner Portal Endpoint Suite resource page, your one-stop location for all the latest information and links including: Accelerated Deal Registration; $2, $4 and $6 McAfee Rewards; the “Bring McAfee to the Game” competitive displacement incentive; the partner demand generation kit; as well as double continuing education credits.

There has never been a better time to be a McAfee channel partner.

Together we can!

Application Control is actually a powerful security solution with a centrally managed list of applications that it allows onto the network. In this fourth blog in our series on Redefining Endpoint Security, we look at Application Control and how it works to keep desktops, servers, or even point-of-service devices safe from malware and scripts.

To learn more about how McAfee is redefining endpoint security, take a look at the past blog posts in the series covering RealTime for ePolicy Orchestrator (ePO), Deep Defender, and Risk Advisor. And stay tuned for some big news coming next week.

Not Just Security, Layers of Defense

Application Control takes inventory of every program in the organization and breaks them down into good, bad, and unclassified after correlating it with McAfee’s Global Threat Intelligence (GTI), which is a large database of known good and bad applications and processes. Those without a bad or good reputation are classified as outlier applications and are put on the gray list so they can be investigated further.

Thanks to the Application Inventory feature, all binaries across the enterprise are displayed by vendor and application in an easy-to-understand hierarchical format. It’s easy to search for insights to find out which applications were added and when, uncertified binaries, files with unknown reputations, or even systems that are running outdated versions of Adobe Reader.

With a complete inventory of all applications, libraries, drivers, and scripts, and when a program was run, the system can check that against the whitelist and then either permit (or deny) the action or program based on whether it’s in the allowed list.

And, what about when a new unknown binary tries to run? Application Control blocks it and all unknown dangerous applications. Luckily, the list to enter the network grows as trusted sources grow and that means whitelists get updated, too, and will grow dynamically. Even if you’re in between patch cycles.

Using this technique, networks are safe no matter what applications try to get in.

The second layer of network defense is memory. And though vulnerabilities will exist, once a program is whitelisted programs it’s exploit-proof. Even programs like Adobe Reader or Internet Explorer can be used safely. The best part…Application Control is completely signature-less.

What This Means for Partners

For partners, whitelisting is the most effective way to prevent customers’ networks from zero day attacks. Meaning customers can identify (whitelist) only approved executables, rather than the hugely time-consuming task of constantly reviewing/managing all executables and manually blacklisting suspicious or malicious files as would need to happen with a host IPS.

Whether running on a server, corporate desktops or a variety of fixed-function devices like ATMs, kiosks, and POS devices, McAfee Application Control provides superior security coverage on day zero (or any day).

Throughout history, guard dogs, canons, moats, and drawbridges have kept intruders out of homes and businesses.

These preventative measures merely block off entrances, offer little, if anything, in the way of proactively preventing threats, and don’t let you make adjustments on the fly.

Today’s businesses face a similar predicament. Maybe there aren’t any moats or guard dogs, but when customers purchase and deploy point security products, it’s difficult for them to know whether they’re completely overdoing it or completely under protected and vulnerable to attack.

In this third part of our blog series Redefining Endpoint Security, we take a look at Risk Advisor. (Be sure to read our two previous posts on Deep Defender and ePolicy Orchestrator, too, if you haven’t.)

Risk Plus Visibility

No one wants to think about security after the fact. By then it’s too late.

Risk Advisor plugs right into McAfee’s ePolicy Orchestrator (ePO) and correlates threats, vulnerabilities, and countermeasures so customers have the information needed to pinpoint assets that are at risk and require immediate action. That means IT departments have control of the tools they need to act immediately, rather than having to guess and hope.

This also means eliminating “patch panic” so customers don’t need to worry about every individual patch. Instead, they can focus on critical risks and better understand which regulations are impacted by a specific threat, and what corrective actions are required to ensure compliance.

With a consolidated viewer, Risk Advisor makes it easy to see detailed information about a specific threat, with a complete description and overview, analysis, remediation, and recommended actions.

Minimizing Risk, Maximizing ROI

Common questions you may hear your customers ask likely include:

• Where am I at risk?
• How am I at risk?
• What is the ROI for deployed security products?
• What about patches?

With Risk Advisor, you can help your customers better answer those questions and rest assured their infrastructure is more secure. No moats or guard dogs required.

Watch this video for more details and information around Risk Advisor’s features and capabilities. http://www.mcafee.com/us/resources/demos/risk-advisor-demo.html

Learn more about McAfee Risk Advisor.

McAfee’s soon to be announced endpoint suite will provide a new level of assurance with real-time protection, management and more importantly results. Incorporating Intel hardware-assisted security through Deep Defender assures that systems are free of rootkits and blocks these kinds of APT’s. Some may argue that this type of advanced protection would be hard to cost-justify but having it included in our suite now provides one of the industry-changing ways to stronger security.  What used to be a nice-to have can now be a key component to keeping things on-track and secured.  It’s been estimated that up to 5 hours could be spend per system re-imaging them after detection of a rootkit.  Isn’t our time and resources better spent elsewhere than dealing with aftermath of a preventable situation?

But it’s also important to prove that the right level of protection has been enabled and where you may have gaps. Today this has to be accessible within minutes. McAfee Risk Advisor’s global risk dashboard allows you to quickly drill down to get granular details of a threat and how it relates to the specific assets in your organization. It lets you know where additional controls might be needed to combat the current threats of concern and target activities that will make the most of your time combating security risks. Time is precious and we want to make it easier for you to get the security that will protect the systems and infrastructure so you can provide the privacy controls that are right for your business.

In part two of a new five-part blog series on Redefining Endpoint Security,  we explore some of the new security threats facing customers, but most importantly, we feature the products that can help you differentiate, grow, and prosper as a McAfee partner.

Last week, we covered Real Time for ePO with its amazing technology inside that helps collect McAfee endpoint security product status instantly.

This week, we’ll take a closer look at Deep Defender, the first McAfee product built on DeepSAFE technology co-developed with Intel.

Many companies understand how network security works and run operating-system level security (and may think they’re protected), but cyber criminals’ malware can circumvent traditional network security solutions that work within the operating system.

Deep Defender is a proactive solution that works on kernel-level threats and beyond the OS to help keep networks safe. Think of it as a super hero hiding in your customers’ infrastructure to stop threats.

Deep Defender is deployed using the ePolicy Orchestrator (ePO) management console and supports Intel Core i3, i5 and i7 processors.

Advantage for McAfee Partners: Protecting Your Customers from the Start

For McAfee partners, this means you can recommend a solution that protects your customer from the start. Deep Defender automatically removes rootkits once deployed.

With a security solution that works beyond the operating system, there’s a new vantage point for security.

Learn more about McAfee Deep Defender and stay tuned for part three of our Redefining Endpoint Security series next week.

Now for a little background: The evolution of malware has posed two major problems for security developers. One is the use of polymorphic and packing techniques that make it difficult for security researchers to write signatures. The second is fiddling with internal OS data structures, kernel modules, and kernel memory to hide the presence of malware on a system; this rootkit behavior.

Rootkits are not new, but in recent years we have seen malware patching kernel data structures at numerous places to hide their presence. Windows, the most prevalent OS in homes and offices, cannot protect the kernel from legitimate third-party device drivers because they are loaded in kernel memory space and run at the same CPU privilege level. Some third-party software  relies on undocumented kernel-patching mechanisms to implement their functionality.

In an attempt to protect the kernel on 64-bit platforms, Microsoft introduced the security component PatchGuard, which runs periodically and detects kernel patching. If PatchGuard finds a problem, it halts the system and informs the user that critical structures have been compromised.

Although 64-bit processors are now common, the adoption of 64-bit Windows lags. PatchGuard and kernel driver signing enforcement have certainly restricted the number of kernel malwares and rootkits on 64-bit systems. However, there are already detailed studies published on bypassing PatchGuard. Malware such as TDL can defeat kernel-mode signing and Xpaj can defeat PatchGuard protections.

McAfee has worked jointly with Intel to counter the problem of illegal access to kernel memory and platform hardware. The latest 64-bit processors from Intel come with hardware-assisted virtualization (VT-x), which enables hardware to run code at a level more privileged than the kernel. VMXROOT can set memory protections on a guest kernel, which still runs at its intended CPU privilege level, i.e., level zero. DeepSAFE technology, developed jointly by McAfee and Intel, leverages the benefits of VT-x and provides protections against illegal access to key kernel memory and key CPU hardware registers. DeepSAFE keeps the operating system completely under its control and monitors the key areas. We are certain to see threats that bypass kernel mode signing and PatchGuard and thus compromise a system. DeepSAFE raises the bar for malware developers by preventing the illegal access of kernel memory and hardware registers.

Since High Roller appears to be introduced via a malicious website or social engineering attack, McAfee SiteAdvisor Enterprise and McAfee Web Gateway can prevent users from accessing malicious host sites.  McAfee Host Intrusion Prevention (HIPS) can block drive-by vulnerability exploits, preventing the malware from running for the first time on a target machine. McAfee Application Control can prevent any unknown or unapproved application from being installed or allowed to run.  McAfee VirusScan Enterprise protects the machine from any known variants. McAfee Deep Defender will block the vast majority of kernel mode rootkits that High Roller variants may contain, day zero, with no need to update any signatures. Additionally, both McAfee VirusScan Enterprise and McAfee Host Intrusion Prevention prevent registry modifications and other configuration changes. And finally the McAfee Desktop Firewall can block outbound command and control communication to sites deemed malicious by McAfee Global Threat Intelligence technology.

Read the full report on Operation High Roller here:

http://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf

For more on the four phases of every attack, please see my blog:

http://blogs.mcafee.com/enterprise/the-four-phases-of-every-attack

And more detail about protecting yourself against the 4 phases of every attack is here:

http://blogs.mcafee.com/enterprise/how-todays-new-generation-of-security-products-protect-you-in-each-of-the-4-phases-of-every-attack

More on High Roller as it comes out.

Be SAFE!

The primary focus of my presentation was maintaining security while embracing the Consumerization of IT and all that comes with it.  In terms of solutions, it’s always important to understand that at one time the telephone, computer, and later the Internet were all seen as a disruptive technology. Similarly, just saying “no” will never scale as users demand that the capabilities they have at work be at least in par with what they are using for their personal lives.

The attendance was great, and the room was well over capacity with people lining up in the back and sitting on the floor. It kind of felt like a Grateful Dead concert – but I digress. With such a beyond-capacity attendance I spent about thirty minutes following my presentation talking one-on-one with the attendees.  One thing became very clear – every organization is struggling with security for application-ready, cloud-ready and social media-ready mobile devices of all brands and versions. This is truly a global topic, and fortunately, there are many solutions. The products that continually cropped up in conversation were:

• Enterprise mobility provisioning and management solutions – McAfee EMM
• Virtualization solutions that allow for the optimization of virtual desktop environments or VDI while maintaining security and not degrading the operational upside that virtualization promises – McAfee MOVE
• Cloud solutions that address the two “big” issues – data security and identity federation – McAfee DLP and Identity Management
• Security within the silicon that stretches across not just laptops and servers, but into smartphones, automobiles, ATMs, medical equipment, critical infrastructure, etc. – McAfee Deep Defender and DeepSafe Technology

The Bottom Line: Embracing the Consumerization of IT doesn’t mean giving up on security.

As more and more evidence points to the fact that every major U.S. organization has been the target of organized cyber crime, it begs the question: Who is involved in the manufacturing process, delivery and installation of these machines?  With so many parties involved – from the sub-components, to the building of specialized devices, software providers, integrators, and resellers – any one of them could have, even inadvertently, introduced the gift of malware.  We all try our best, but without a single point of contact, how do you really know that what you are about to plug into your network is healthy?

The obvious recommendation is to verify, scan for viruses, and validate the firmware, bios and software of any new system prior to giving it full rights to the environment. This step should always be done as a precaution to ensure that both intentional and unintentional deliveries of infected components are thwarted.  If you ever encounter malware, push hard on all parties involved in the manufacturing, delivery and installation of these systems, letting them know what your expectations are. At minimum, they are responsible for clean components, as well as their vendors’ actions.

In the end, it’s not just about protecting your environment. It’s about pushing for lasting change in how all parties involved perceive their roll in protection and security. For our part, McAfee is working with all industries and manufacturers on how advanced security technologies like Integrity Control and Deep Defender can provide trusted execution, helping to solve the issue of device and component security.

For more information on this topic, stay tuned here in the Security Connected blog, and be sure to follow us on Twitter at @McAfeeBusiness for the latest in industry news, resources and events.