Using Protection Workspace to identify and remediate threats

You can see all potential threats on managed devices and respond to them using Protection Workspace. You can identify threats and navigate seamlessly to any impacted device for remediation.

Protection Workspace helps you answer these questions:

  • What threats are discovered by advanced threat protection technologies from products like McAfee® MVISION Endpoint and McAfee® Endpoint Security Adaptive Threat Protection (ATP)?
  • Why is a device escalated?
  • Where did the threat come from?
  • When was the threat discovered?

Identifying threats and the security status of your devices

The security status of your device is color coded to efficiently prioritize threats and take action.

  • Red — A threat was discovered, or your software or device is running outdated versions and must be updated to be compliant.
  • Yellow — There are threats to investigate or some devices are not up to date.
  • Green — The current state of your environment is healthy, threats have been mitigated, and devices are compliant.
  • Light blue — Information only. No action needed.
  • Gray — No data available.

Threat event workflow

Protection Workspace provides a snapshot of your network's security status, allowing you to view key threats so you can investigate and determine a response.

  1. Protection Workspace displays key threat events and device compliance across McAfee products.
  2. The security administrator quickly urgent events and escalated devices.
  3. The security team investigates the escalated devices to determine a response.