Overview of Adaptive Threat Protection

McAfee® Endpoint Security Adaptive Threat Protection (ATP) is an optional module of Endpoint Security that examines your enterprise content and decides what to do based on file reputation, rules, and reputation thresholds.

Adaptive Threat Protection provides these benefits:

  • Fast detection and protection against security threats and malware.
  • The ability to know which systems or devices are compromised, and how the threat spread through your environment.
  • The ability to immediately contain, block, or clean specific files and certificates based on their threat reputations and your risk criteria.
  • Integration with Real Protect scanning to perform automated reputation analysis in the cloud and on client systems.
  • Real-time integration with McAfee® Advanced Threat Defense and McAfee GTI to provide detailed assessment and data on malware classification. This integration allows you to respond to threats and share the information throughout your environment.

For additional threat intelligence sources and functionality, deploy the McAfee® Threat Intelligence Exchange (TIE) server. For information, contact your reseller or sales representative.

Optional components

Adaptive Threat Protection can integrate with these optional components:

  • TIE server — A server that stores information about file and certificate reputations, then passes that information to other systems.
  • Data Exchange Layer — Clients and brokers that enable bidirectional communication between the Adaptive Threat Protection module on the managed system and the TIE server.

    Data Exchange Layer is optional, but it is required for communication with the TIE server.

These components include McAfee ePO extensions that add several features and reports.