Integration with McAfee ePO

McAfee ePO is a scalable platform for centralized policy management and enforcement of your system security products such as anti-virus, desktop firewall, and anti-spyware applications. You can integrate McAfee Network Security Platform [formerly McAfee® IntruShield® ] with McAfee ePO. The integration enables you to query McAfee ePO server from the Manager for viewing details of a network host.

The integration of Network Security Platform with McAfee ePO version is based on their compatibility. The current Network Security Platform version supports integrating with the current release of McAfee ePO and with some previous versions of McAfee ePO.

For more information about McAfee ePO, see the McAfee ePolicy Orchestrator Product Guide. You can download the guide from http://www.mcafee.com/us/enterprise/downloads/index.html.

Integrating Network Security Platform and McAfee ePO enables you to send queries to McAfee ePO server to obtain details of the hosts on your network. The details that are fetched from McAfee ePO server include the host type, host name, user name, operating system details, top10 anti-virus events, and the details of system security products installed on the host. You can view these details in the Attack Log. If you have installed McAfee Host IPS [formerly McAfee® Entercept] as part of your McAfee ePO installation, then you can also view the last 10 McAfee Host IPS events for a specific host. These details provide increased visibility and relevance for security administrators performing forensic investigation of security events seen on the network. When you are reviewing alert details for an endpoint in Attack Log, you can view the essential host data such host name, current user, and OS version in the alert details panel.

For more information on McAfee Host Intrusion Prevention events, see McAfee Host Intrusion Prevention Product Guide. You can download the guide from http://www.mcafee.com/us/enterprise/downloads/index.html.

Consider the following scenario to understand how Network Security Platform -McAfee ePO integration works:

You notice in the Attack Log that a host in your network is port scanning the other hosts. You want to know more details about the source of these attacks. You can then double-click on an alert and see the details of the source IP address. The Manager sends queries to McAfee ePO server. You can view the host details by clicking on the exclamation icon next to the IP address. From these details, you may realize for example, that VirusScan (McAfee's antivirus application) is outdated. Looking at the host name, you may also realize that it is the server that was taken off the network sometime back. Therefore, the VirusScan was not updated during this period.

In addition to these features, you may also assign tags through the Threat Explorer of the Manager. For more information on tags, see Tags.

McAfee ePO provides you the option to view Network Security Platform data on a dashboard.

This dashboard in McAfee ePO provides the following monitors:

  • Attack Severity Summary
  • Device Fault Summary
  • Manager Fault Summary
  • Top 10 Attack Destinations
  • Top 10 Attacks
  • Top 10 Attack Sources