Adaptive Threat Protection – ATP

<< Back to Blogs

NB: McAfee Enterprise is now Trellix!

McAfee® Endpoint Security Adaptive Threat Protection (ATP) analyzes content from your enterprise and decides what to do based on file reputation, rules, and reputation thresholds.

Adaptive Threat Protection with next-generation Real Protect scanning, and Dynamic Application Containment (DAC) performs automated analysis, to contain, block, or clean files with known malicious or unknown reputations.

Use McAfee® ePolicy Orchestrator® (McAfee® ePO™) to configure, manage, deploy, and enforce Adaptive Threat Protection policies. Configure queries, reports, and dashboards to monitor threat activity within your environment.

Adaptive Threat Protection also integrates with McAfee Threat Intelligence Exchange (TIE) for complete protection of persistent threats across your network.

Real Protect

Key benefit: Next-generation scanning and detection performance; automated detection and protection for unknown security threats and malware.

Real Protect scanning performs automated, real-time behavioural analysis to detect zero-day malware which is undetected by static detection methods. Uses signature-less machine learning with minimal client footprint and performance impact. Real Protect stops known threats by comparison and analysis of established malware attributes, then combats and convicts the unknown using behavioural and memory analysis. Real Protect unpacks executables to detect sophisticated threats using obfuscated code variants.

Dynamic Application Containment (DAC)

Key benefit: Maintains productivity while securing patient zero, isolating the network, and preventing damage to endpoint

Suspicious applications run contained; but DAC monitors, restricts, and blocks potential malicious actions executed the unknown process. DAC defeats “Sandbox-aware” malware, malware is less-likely to detect the containment. DAC also speeds up remediation as detection occurs on the endpoint and remediation of the patient zero endpoint is “not needed” since malware was “already contained”.