Adaptive Threat Protection components

Adaptive Threat Protection can include the optional components: TIE server and Data Exchange Layer.

Adaptive Threat Protection is an optional Endpoint Security module that enables you to create policies to contain, block, or clean files or certificates based on reputation. In addition, Adaptive Threat Protection integrates with Real Protect scanning to perform automated reputation analysis in the cloud and on client systems.

Adaptive Threat Protection also integrates with:

  • TIE server — A server that stores information about file and certificate reputations, then passes that information to other systems.

    TIE server is optional. For information about the server, see the Threat Intelligence Exchange Product Guide.

  • Data Exchange Layer — Clients and brokers that enable bidirectional communication between the Adaptive Threat Protection module on the managed system and the TIE server.

    Data Exchange Layer is optional, but it is required for communication with TIE server. See McAfee Data Exchange Layer Product Guide for details.

These components include McAfee ePO extensions that add several new features and reports.

If TIE server and Data Exchange Layer are present, Adaptive Threat Protection and the server communicate file reputation information. The Data Exchange Layer framework immediately passes that information to managed endpoints. It also shares information with other McAfee products that access the Data Exchange Layer, such as McAfee® Enterprise Security Manager (McAfee ESM) and McAfee® Network Security Platform.

Figure 1. Adaptive Threat Protection with TIE server and Data Exchange Layer

If TIE server and Data Exchange Layer are not present, Adaptive Threat Protection communicates with McAfee GTI for file reputation information.

Figure 2. Adaptive Threat Protection with McAfee GTI