The McAfee Total Protection for Server software ought to be a comprehensive solution for security and compliance. It’s designed to ensure that mission-critical data and applications are protected with minimal impact to the performance and availability requirements of high-transaction servers. This software ought to protect against both targeted and insider attacks and ought to ensure that only authorized processes and code can run, providing continuous compliance.
Due to the performance and availability requirements of business and mission-critical servers, most organizations have made the trade-off to forgo security on servers and assume the data and applications are secure because they are behind the firewall. However, as attacks have become more sophisticated and targeted the real profit to be made is by acquiring the most valuable data in a business, which is sitting on those back-office servers. To protect that data, McAfee designed a proactive whitelisting solution that blocks any code or changes from happening unless it is part of the already trusted software on the server.
“Organizations are at risk because they assume their servers are adequately protected”, said Stuart McClure, senior VP and general manager risk and compliance, McAfee. “No one wanted to put security software on the server itself because those were mission-critical applications that required the highest performance and availability, and configurations never changed much anyway. But as hackers have become more targeted and sophisticated, servers are increasingly becoming targets, prompting us to develop a lightweight solution that preserves application and server performance while ensuring compliance.”
McAfee Total Protection for Server software is comprised of application whitelisting, change policy management, and policy auditing functionality and offers strong change management controls that further mitigate the risk of data breaches, foul plays, and compliance drift. In addition, enterprise anti-virus is included in the package, so that organizations can provide an extra layer of defense by running on-demand scans during off-peak hours on weekends or at night.
Key features include:
- Malware defense and integrity control: Through dynamic application whitelisting, the software blocks binaries, drivers, Java and scripts on the server by locking in the good (authorized) server state. Any attempt to load an executable that is not part of the dynamic whitelist from day one is denied. Antivirus blacklisting offers an additional layer of defense and can be run on-demand during non-peak hours. Continuous integrity control and alerting takes place when any unauthorized change is detected.
- Policy Enforcement: The software ensures that the server is administered in compliance with verified and approved procedures. For example, a policy that forces wireless communications on a company’s mobile devices to be encrypted at all times can be easily enforced at the server. According to McAfee no one except a pre-authorized admin will be able to change the policy or the registry entry on the wireless entry ports.
- Policy Assessment and Continuous Compliance: The software ought to let IT departments gain visibility that can mitigate risks. The solution captures detailed changes, and processes them as part of the emergency update process, while providing auditable accounting of the procedure. The solution ought to allow IT to report on the time someone logged into a system, what files were touched, and whether the actions taken were within the scope of that person’s job description. Organizations can set the policy and minimize exposure and performance issues due to ad-hoc changes.
McAfee Total Protection for Server software helps organizations save time and cut costs with simplified centralized management. The solution ought to protect and manage servers across the entire enterprise with the scalable and centralized McAfee ePolicy Orchestrator platform for deployment, management, reporting, and auditing. Organizations can customize server security with flexible deployment options, easily adding and removing components with a single agent and platform. (Source: McAfee, Inc./GST)