McAfee Total Protection for Compliance v6.8
Strengths: Very nicely integrated and centralised single picture of risk and risk mitigation options across the numerous security controls deployed
Weaknesses: Currently only supports/interfaces with McAfee products
Verdict: A great solution if you are a complete McAfee defence in-depth shop
McAfee Total Protection (ToPS) for Compliance v6.8 is a GRC solution that can help you understand risk and apply the right protections in the right places. It uses integration and automation to improve visibility into operational risk, reduce exposure and cut the cost of compliance.
In an integrated McAfee environment, ToPS provides a complete picture of the organisation's security infrastructure and posture, allowing you to identify weaknesses and remediate those risks in the manner that best supports the business.
ToPS for Compliance is an integrated risk management suite that eliminates the manual and time-consuming process of correlating threats to critical systems at risk, resulting in improved visibility and agility, reduced cost and compliance with regulatory mandates. Ultimately, it helps address the question of where and when you should spend your next pound on security.
It delivers a unified, comprehensive approach to vulnerability and risk management, policy auditing and compliance reporting in an integrated solution. It is able to conduct agent and agent-less scans, as well as enable proactive correlation of real-time threats with vulnerability and countermeasure data to pinpoint critical assets at risk to optimise remediation/patch efforts.
ToPS integrates with McAfee products to deliver closed-loop remediation. We found the consolidated risk view very powerful, allowing us the ability to choose which control and how we might want to best remediate a risk.
The reporting was very good with a decent graphical/menu driven approach and high-level graphics and customisation capabilities. A very flexible event driven dashboard is customisable via drag-and-drop. The reporting puts the intelligence you need in a very easy to read format.
One of the limitations is that it currently does not support integration with any non-McAfee products. We were told that additional integration is planned later.
Support on a 24/7 basis is available for a fee. The solution is sold as client side software running on a Windows server utilising a SQL backend database. The software is web-based and accessed from a standard web browser, is easy to use and provides a great graphical and detailed vision into operational risk.