ITB - IT Solutions for the next generation
linkedin logo twitter logo facebook logo google+ logo

Advanced Threat Defence – ATD

Back to Partner
Advanced Threat Defence – ATD

McAfee Advanced Threat Defense enhances protection from network edge to endpoint and enables investigation. 

Detect Advanced Malware

McAfee Advanced Threat defence enables organizations to detect advanced, evasive malware and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and expose evasive threats. Tight integration between security solutions—from network and endpoint to investigation—enables instant sharing of threat information across the environment, enhancing protection and investigation. Flexible deployment options support every network.

McAfee Advanced Threat Defence Key Differentiators:

Broad Solution Integration:

  1. Integration with existing McAfee solutions, third-party email gateways and other products supporting open standards
  2. Close the gap from encounter to containment and protection across the organization
  3. Streamline workflows to expedite response and remediation
  4. Enable automation

Powerful analysis capabilities:

  1. Combine in-depth static code analysis, dynamic analysis, and machine learning for more accurate detection with unparalleled analysis data
  2. Advanced features support the SOC and enable investigation

Flexible, centralized deployment:

  1. Reduce cost with centralized deployment that supports multiple protocols
  2. Flexible deployment options support every network

McAfee Advanced Threat Defence: Detect Advanced Threats

McAfee Advanced Threat Defence detects today’s stealthy, zero-day malware with an innovative, layered approach. It combines low-touch analysis engines such as antivirus signatures, reputation, and real-time emulation with dynamic analysis (sandboxing) to analyse actual behaviour. Investigation continues with in-depth static code analysis that inspects file attributes and instruction sets to determine intended or evasive behaviour and assesses similarity with known malware families. A final step in the analysis, McAfee Advanced Threat Defence specifically looks for malicious indicators that have been identified through machine learning via a deep neural network.

Combined, this represents the strongest advanced malware security protection on the market and effectively balances the need for both in-depth inspection and performance. While lower analytical intensity methods such as signatures and real-time emulation benefit performance by catching more easily identified malware, the addition of in-depth static code analysis and insights gained through machine learning to sandboxing broadens detection of highly camouflaged, evasive threats. Malicious indicators that may not execute in a dynamic environment can be identified through unpacking, in-depth static code analysis, and machine learning insights.

Malware writers use packing to change the composition of the code or to hide it in order to evade detection. Most products cannot properly unpack the entire original (source) executable code for analysis. McAfee Advanced Threat Defense includes extensive unpacking capabilities that remove obfuscation, exposing the original executable code. It enables in-depth static code analysis to look beyond high-level file attributes for anomalies, analysing attributes and instruction sets to determine the intended behaviour.

Together, in-depth static code, machine learning, and dynamic analysis provide a complete, detailed evaluation of suspected malware. Unparalleled analysis output produces summary reports that provide a broad understanding and action prioritisation and more detailed reports that provide analyst-grade data on malware.

Advanced Capabilities Support Investigation

McAfee Advanced Threat Defence offers numerous, advanced capabilities including:

  1. Configurable operating system and application support: Tailor analysis images with select environment variables to validate threats and support investigation.
  2. User interactive mode: Enables analysts to interact directly with malware samples
  3. Extensive unpacking capabilities: Reduces investigation time from days to minutes.
  4. Full logic path: Enables deeper sample analysis by forcing execution of additional logic paths that remain dormant in typical sandbox environments.
  5. Sample submission to multiple virtual environments: Speeds investigation by determining which environment variables are needed for file execution.
  6. Detailed reports from disassembly output and memory dumps to graphical function call diagrams and embedded or dropped file, user API logs, and PCAP information: Provides critical information for analyst investigation.
  7. Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to McAfee Advance Threat Defence for inspection.

Deployment

Flexible advanced threat analysis deployment options support every network. McAfee Advanced Threat Defense is available as an on-premises appliance or a virtual form factor, with support for both private and public cloud with availability in the Azure Marketplace. All form factors act as a shared resource between multiple McAfee solutions, cost-effectively scaling and reducing cost.

Speak to ITB about McAfee Advanced Threat Defence – ATD licences today:
CALL for Information and Pricing

GO BACK