McAfee Total Protection for Compliance v7
Strengths: Reporting/dashboard; agentless capabilities; mobile device support
Weaknesses: Still a stronger solution in a pure McAfee environment, but getting better. With all the modules it can be pricey for a larger deployment
Verdict: Strong IT risk management tool with some innovative capabilities
McAfee Total Protection (ToPS) for Compliance reduces remediation time from months to days by providing unique, countermeasure-aware, impact/risk assessment capabilities.
It correlates endpoint and network countermeasures with new vulnerabilities and provides a third dimension to the vulnerability impact assessment by adding the status of the current countermeasure to vulnerability severity and asset criticality. It enables organisations to conduct (agentless, agent-based or hybrid) compliance audits, configuration assessment, vulnerability assessment, asset management and countermeasure-aware risk assessment for a range of technologies. It provides these functionalities by integrating the company's Risk Advisor, Vulnerability Manager and Policy Auditor on a single management platform: ePolicy Orchestrator.
ToPS is delivered as software and can be installed on virtual machines (VMware ESXi/ESX). It runs on a Microsoft platform and requires MS Server 2003-2008 and SQL Server 2005-2008. A spokesperson at the company claimed deployment of the software was within a few hours. Certainly, users can be up and running within a few days depending on the level of customisation, workflow complexity and integration with non-McAfee products.
This solution addresses risk at the IT risk level using the OVAL (open vulnerability and assessment language) standard for risk assessment. It proactively correlates threats with system state information - including vulnerability data, patch level, configuration information, application data and countermeasure information - to find critical assets at risk so as to optimise remediation/patch efforts. It automates manual audits against regulatory standards, such as SOX, PCI, HIPAA and ISO 27002. This information can come in from other McAfee products or from the endpoints (there are agent and agentless options for the endpoints).
The agentless option allows users to gather valuable information from systems with zero footprint on those devices. The agent-based, agentless or hybrid collectors can co-exist in the same environment so one has numerous deployment options. New to this release is the ability to assess desktop risks, such as Adobe- and Java-based threats. ToPS has also added the ability to conduct file integrity checks to recognise changes made, to report and track changes, and to specify entitlement to certain files.
Other additions to this release include the ability to now track risk associated with BYOD devices through mobile vulnerability assessments. This information is consumed from integration with mobile vendor management to fingerprint a device and capture a user, OS, apps, etc.
Reporting was solid before and has been updated substantially for this release. It now includes an attractive risk summary graphic, a 'threats over time' visual, new canned reports, a report builder and a new PCI dashboard. ToPS has added a tool to allow a user with no SQL skills to write a custom query for reporting using a simple, drag-and-drop programming feature. McAfee has also created an application programming interface (API) to allow other security and network product vendors to integrate with the tool. The isolation was a drawback in the past, so this added capability would help resolve that issue. However, at the time of the review, there was not yet a list of other supported integrations available.
Support includes 24/7 access, plus there are several other options available.