Adaptive Threat Protection components

Adaptive Threat Protection is an optional Endpoint Security module that enables you to create policies to contain, block, or clean files or certificates based on reputation.

Adaptive Threat Protection also integrates with:

  • TIE server — A server that stores information about file and certificate reputations, then passes that information to other systems.
  • Data Exchange Layer — Clients and brokers that enable bidirectional communication between the Adaptive Threat Protection module on the managed system and the TIE
Note: For installing Adaptive Threat Protection, you must have installed Endpoint Security Threat Prevention and McAfee Data Exchange Layer software.

These components include McAfee ePO extensions that add several new features and reports.

If the TIE server and Data Exchange Layer are present, Adaptive Threat Protection and the server communicate file reputation information. The Data Exchange Layer framework immediately passes that information to managed endpoints. It also shares information with other McAfee products that access the Data Exchange Layer, such as McAfee® Enterprise Security Manager (McAfee ESM) and McAfee® Network Security Platform.

Figure 1. Adaptive Threat Protection with TIE server and Data Exchange Layer

If TIE server and Data Exchange Layer are not present, Adaptive Threat Protection communicates with McAfee GTI for file reputation information.

Figure 2. Adaptive Threat Protection with McAfee GTI