Ips: manage and monitor intrusion prevention devices

IPS:Intrusion Prevention System, which proactively safeguardbusiness assets by managing and analysing traffic flow across the network. MBSuses McAfee’s Network Security Manager to manage and monitor intrusionprevention devices with predefined, custom security threat-blocking policies aswell as recommended-for-block IPS signatures, SIEM:Security Incident and Event Management, a singleenvironment to consolidate, correlate and report on security information fromheterogeneous devices by setting policies, rules and thresholds to generatealerts and mitigations. MBS uses McAfee’s products Enterprise Security Manager (ESM)as the central console with Event Receiver (ERC) to collect events, flows andlogs from monitored devices on the network including firewalls, IDS/IPS,servers, routers and workstations.

The ERC also aggregate and parses the rawlogs then passed on to the ESM for further process.  If any threatoccurs, the ESM would act on the threat automatically based on configuredpolicy and save the history for analysis. The ESM would also notify securityanalyst through the user interface and/or email.  Antivirus:Host-based security program or software that prevent,detect and remove malwares or potentially unwanted software. McAfee VirusScanEnterprise is used by MBS to protect the systems. Systems or files are scan intwo ways, on-demand scanning (ODS) and on-access scanning (OAS). ODS isscheduled to run automatically on systems at predetermined intervals as definedby administrator, while OAS is real-time scanning that examine objects when theuser or system accesses files. Host-based IPS/IDS:Host-based intrusion prevention and detection system thatprotects systems and applications from both external and internal attacks.

McAfee Host Intrusion Prevention (HIP) is used by MBS to block zero-day andknown attacks with monthly policy updates.    Site-Advisor:Site-Advisor is a service that reports on the safety ofwebsites by crawling and testing the websites to finds for malware and spam.McAfee SiteAdvisor Enterprise is used by MBS to monitor web searching andbrowsing activities on employees’ client computers to protect against threatson web pages and in file downloads. The product also enable administrators tocontrol access to sites based on URL, domain name, types of content and safetyrating.        FullDisk Encryption: Full disk encryption is to helpprotect data on tablets and laptops to prevent the loss of sensitive data,especially from lost or stolen equipment. By encrypting the whole drive, it actas another layer of protection from data leakage. McAfee Drive Encryption isused by MBS.        FireEye Web & Email: (NX/EX)MBS uses FireEye Web Security (NX)as a group of threat prevention platforms that stop Web-based attacks thattraditional and next-generation firewalls (NGFW), IPS, AV, and Web gatewaysmiss.

Protects MBS against zero-day Web exploits and multi-protocol callbacksto keep sensitive data and systems safe. Email Security (EX) as another threatprevention platforms that is use by MBS to protect against spear-phishing emailattacks that bypass anti-spam and reputation-based technologies.        FireEye Threat Prevention: (ETP) FireEye Email ThreatPrevention (ETP) is deployed in the cloud to detect and stop advanced andtargeted attacks immediately, including spear phishing and ransomware beforethey enter the organization environment.        McAfeeePolicy Orchestrator (ePO)With McAfee ePO software, MBSadministrators can unify security management across endpoints, networks, data,and compliance solutions from McAfee and third-party solutions.

It providesflexible, automated management capabilities for the administrators to identify,manage, and respond to security issues and threats with defined direct alertsand security responses based on the type and criticality of security events.