McAfee Endpoint Security has always been a big contender in this space and they still manage to stay on top of their game with modern solutions for their endpoint security product. Integrated endpoint detection and response (EDR) is prominent, as is machine learning offering static pre-execution detection and behavioral post-execution-based detection. It also features signature-based detections and exploit and intrusion prevention. These capabilities and others can be integrated with third-party vendors, thus simplifying policy management, system management, patch/software deployments, event reporting, and more.
This version of McAfee Endpoint Security integrates protection, detection, and correction into a single platform with a single agent that is managed by a single console called McAfee ePolicy Orchestrator (ePO). McAfee's centralized threat database helps immediately remediate infected endpoints by providing global threat insights to the entire enterprise based on reputation. It receives indicators of compromise (IOC) and other threat data from McAfee products and third-party sources through direct integration via McAfee Data Exchange Layer or an API.
We received a pre-configured virtual test environment on an Intel Next Unit of Computing (NUC) system with the test environment ready to go. From the product documentation, the setup appears to be a standard on-premises process. After logging into the McAfee ePO, we noticed that McAfee Endpoint Security has an integrated endpoint detection and response capability. that lets administrators visualize threat data in near-real time. A dashboard in the detection and response section can streamline analyst workflows and displays important alerts in the foreground, so analysts can focus on threats that require attention. A process trace feature enhances investigation capabilities by showing parent process, child process, network connections, registry entry, file access, and process injection in an interactive interface. Immediate remediation is provided by killing the process and deleting the file or inoculating the entire environment by blocking the process from executing on any other system.
After launching a malware attack consisting of ransomware and credential theft, McAfee was able to block them successfully. We were able to see the process tree that broke down the attack's timeline from its introduction.
Basic support is offered with 24x7 phone and email support. There are multiple premium support options based on the customer's size and support needs, ranging from Enterprise to Resident Enterprise Programs. Additional support is offered such as education services in product training and deployment and assessment consulting.
- Matthew Hreben
Tested by: Matthew Hreben
