© 2007 McAfee, Inc. ePolicy Orchestrator 4.0 with Security Risk Management Mohamed A. Shishtawy
Nov 29, 2014
© 2007 McAfee, Inc.
ePolicy Orchestrator 4.0 with Security Risk Management
Mohamed A. Shishtawy
Security Risk Management with ePolicy Orchestrator
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 3
Module Topics
• Security Risk Management with ePO– SRM Model– Centralized Security Management– Components & Architecture
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 4
Security Risk Management
Identify & group assets
• Machine import• Machine discovery• Rogue detection
Determine risk
• Infection reporting• Measure vulnerability • Notification
Protect and block
• Configuration• Enforcement• Maintenance
Measure complianc
e
• Coverage reporting• Compliance reporting• System compliance• McAfee NAC
SRM Model• Centralized Management • Components & Architecture
SRM Model• Centralized Management • Components & Architecture
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 5
Protecting The Enterprise
• The Challenge– Identify & group assets– Determine risk– Protect and block threats– Measure compliance
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 6
Identify & Group Assets
• Import known machines from a browse list• Synchronize with Active Directory• Detect Rogue Systems• Group machines according to management needs• Assign policies on a generic or granular level
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 7
Determine Risk
• Monitor threat events and propagation• Determine infection and outbreak source• Provide Automatic Responses to rule infringement
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 8
Protect And Block Threats
• Ensure correct configuration• Enforce security policy• Maintain and update protection• Respond to rule intrusion
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 9
Measure Compliance
• Report on coverage and protection levels• Determine compliance to anti-virus policy• Determine compliance to system policy• Roll-up reporting across multiple ePO servers
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 10
Centralized System Security Management
Web-based Consoles
Product UpdatesDAT File Updates
McAfeeDownload
Site
RogueSystem
DetectionSensor
Automatic Responses /
ThreatNotification
Product UpdatesDAT File UpdatesPolicy UpdatesThreat Events
Product UpdatesDAT File Updates
Remote Agent
Handler
Policy UpdatesThreat Events
ePolicyOrchestratorServer and
MasterRepository
DatabaseServer
Managed Systems with McAfee Agents
UpdateRepository
Managed Systems with McAfee Agents
Manage only one policy framework
Consolidate monitoring
and reporting
Easily discovernon-compliant
systems
AutomaticResponses to
Threats
Scalability & Bandwidth
savings SecureBi-directional
Channel
SRM Model Centralized Mgmt• Components/Architecture
SRM Model Centralized Mgmt• Components/Architecture
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 11
Feature Management
• ePolicy Orchestrator manages products through:
– Product deployment
– Configuration management
– Update and task configuration
– Coverage reporting
– Threat Event reporting
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 12
Architecture And Communication
Console UI Database
FrameworkService
MasterRepository
NotificationSystem
APACHE Service
RogueSensorSystemRogue
Sensor
Network
Event Parser Service
HT
TP
8080
HTTPS 8444
Application Server (TOMCAT)
HTTPS 8443
HTTP 80
DA
L
UD
P 8
081
UD
P 8
082
TC
P 8
08
1
ePO Server
Agent Handler
McAfee Agent
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 13
Check Your Understanding
Choose the correct answer(s):
What are the four primary stages of the Security Risk Management model?
• Discover, Determine, Defend, Detect
• Find & Manage, Evaluate, Enforce & Protect, Fix & Comply
• Assess, Remediate, Measure, Prioritize
© 2009 McAfee, Inc. All rights reserved. Security Risk Management with ePolicy Orchestrator Module 1 - 14
Check Your Understanding
Choose the correct answer(s):
What are the four primary stages of the Security Risk Management model?
• Discover, Determine, Defend, Detect
Find & Manage, Evaluate, Enforce & Protect, Fix & Comply
• Assess, Remediate, Measure, Prioritize
© 2007 McAfee, Inc.
ePolicy Orchestrator 4.0 with Security Risk Management
Mohamed A. Shishtawy