.

McAfee Confidential

McAfee Web Protection Protect Your Enterprise Against Web Threats

.

McAfee Confidential

2

Malware Is Changing…

20132011 2012

Sophisticated evasion techniques• Unique, one time-only

URL or file• Obfuscation• Dynamic code generationBrowser-specific attacks• Ex: known Firefox exploits• Anticipate rise in HTML5

attacks

Rise in Adobe-based attacks• PDF, Flash

Zero-day Java and JavaScript-based attacks

.

McAfee Confidential

The Cloud Brings New Challenges

SECURITY

Increasingly sophisticated

malwareIncreased SSL-encrypted web

trafficAdvanced,

persistent threats

APPLICATIONVISIBILITY

More people & devices connecting to more applications outside traditional

network, often without IT knowledge

FLEXIBILITY

Need to accommodate

changing business conditions

Protection needs to travel with the user and device rather than stay in the

office

3

.

McAfee Confidential

The Cloud Brings New Challenges

SECURITY

Increasingly sophisticated

malwareIncreased SSL-encrypted web

trafficAdvanced,

persistent threats

APPLICATIONMANAGEMENT

More people & devices connecting to more applications outside traditional

network

FLEXIBILITY

Need to accommodate

changing business conditions

Protection needs to travel with the user and device rather than stay in the

office

4

.

McAfee Confidential

5

How bad is the problem?

How can I block web-borne threats?

What about outbound threats?

What other add-on tools should I consider?

Security

.

McAfee Confidential

.

File Reputation

Web Reputation

Ports / Protocol

Application

Network Activity

Geo-locationIP AddressAffiliations Email Address DNS ServerWeb Activity Data Activity

Mail ActivityURL

Sender Reputation

Domain

ThreatReputation

Global Threat Intelligence

Network IPS Firewall

Web Gatewa

yHost AV

Mail Gateway

Host IPS

3rd Party Feed

300M IPS attacks/mo.

300M IPS attacks/m

o.

2B Botnet C&C IP

Reputation Queries/mo.

20B Message Reputation

Queries/mo.

2.5B Malware Reputation

Queries/mo.

300M IPS Attacks/mo.

Geo location feeds

GTIGTI

6 SecurityConnected

.

McAfee Confidential

7

DISSECT

ANALYZE

EMULATE

• Unique to McAfee Web Protection

• Emulation provides real-time protection

• Most effective zero-day protection

McAfee Gateway Anti-Malware Engine Scanning

“MWG has strong malware protection due to its on-box browser code emulation capabilities.”

Gartner, Magic Quadrant for Secure Web Gateways

.

McAfee Confidential

8

SecurityMalware detection

0%

20%

40%

60%

80%

100%91%

99% 99%

74%

94%97%

25%

85%

71%

58%

91%

16%

McAfee

Blue Coat

Cisco

Websense

• Cloud intelligence

• Ability to open content and inspect

• Proactive scanning

• Signature-based protection

• Worms, Trojans

• PW stealing programs

• PDF exploits

• Macros for MS Office

• Malicious scripts

AV-Test.orgPerformance results obtained using specific combinations of hardware, software, and test samples. The results reflect approximate relative performance as measured by the tests performed. Any difference in system hardware, software or available threat information may cause your performance to vary.

95%99%99%

New 2013 results• Web Gateway

increases Zero-Day protection to 95%

• Other vendors invited to participate

– No response

Zero Day Protection Rate

PE Malware Detection Non-PE Malware Detection

.

McAfee Confidential

30-Day POC Evaluation

One sixth of web traffic sent to Web Gateway after being scanned by existing solution

9

Proof PointCompetitive POC

Scanned Results

BACKGROUND• Fortune 10 US corporation with world-wide network• Existing Blue Coat installation

OUTCOME

• 1,000 desktops saved from infection during POC

• Remediation costs: $150–$200 per desktop• During POC: $150,000–$200,000 savings• POC result: Prospect became a customer

Ninety-two million URLs

346,000 websites andweb objects

280,000 URLs categorized incorrectly by current proxy

50,000 URLs with unacceptable reputations

16,000 discrete web objects containing malware

.

McAfee Confidential

Apply comprehensive DLP rulesSupports preformatted McAfee DLP dictionaries

(HIPAA, PCI, UK-NHS, European IBAN)

SecurityIntegrated DLP prevents data leakage

Credit card numbers found

.

McAfee Confidential

11

SecurityEncrypt data going to the cloud

Encryption protects cloud-

based files

.

McAfee Confidential

12

McAfee Advanced Threat DefenseComprehensive approach to malware

FIXFREEZE

FIND

Advanced Threat Defense

Endpoint

Next GenerationFirewall

NetworkSecurity Platform

McAfeeEmail Gateway

McAfeeWeb Gateway

ThreatIntelligence Exchange

McAfee Enterprise Security Manager (SIEM)

McAfeeReal Time

.

McAfee Confidential

13

Application Discovery

• What applications are your users actually using?

Application Controls

• Can you manage application entitlements?

Application Access

• Can you deliver user access and strong authentication?

Application Management

.

McAfee Confidential

More than 80% of employees worldwide use SaaS applications without IT approval.Frost & Sullivan:The Hidden Truth Behind shadow IT

TODAY’S REALITY:

.

McAfee Confidential

15

What applicationsare on your network?

How much bandwidth are

they using?

Who are the top users?

Which are blocked?

Application DiscoveryWhat are your users up to?

What applicationsare on your network?

How much bandwidth are

they using?

Who are the top users?

Which are blocked?

.

McAfee Confidential

Content Security Reporter + McAfee ePO = visibility, control, compliance

Integrated, Actionable Discovery

16

.

McAfee Confidential

17

Enable/Disable specificapplications

Control entitlements, access, data sharing

Apply policy based on application, user, group, risk, …

Web Application ControlsEnforce acceptable usage policy

.

McAfee Confidential

Application ControlsYouTube example

Query for YouTube category in real-timeSet policy by: Category, Author, Channel

Customize block page with your

logo, colors, instructions…

.

McAfee Confidential19

Application AccessWeb identity

OneTimePassword

Laptop

Mobile

Internal User

Web Identity Launch Pad

SingleSignOn

.

McAfee Confidential

Web Gateway Multi-layered Protection

ePO

• Identify web applications in use• Controls enforce acceptable usage policy• SSO and multi-factor authentication for access

Anti-MalwareBotnet Client

Data Leakage

Application Manageme

nt

Content Inspection

SSL Scanning

•DLP Engine‒ Full dictionaries‒ Enforce data leakage policy

•File encryption‒ Protect data on file-sharing

sites

• Identify “phone-home” behavior

• Aggressive scanning of non-human initiated requests

•Signature-based AV•Zero-day malware detection‒ Dissect, emulate target

platform environment‒ Evaluate code behavior

• Scrutinize HTTPS traffic• Identify malware hidden in

encrypted web sessions• Enforce application

controls

• Reputation (GTI)• Geo-location (GTI)• URL categorization & filtering (GTI)• Media & file analysis

Outbound TrafficInbound Traffic

.

McAfee Confidential

21

What is the most effective deployment scenario for me?

• Should I go on-premises or the cloud?

How do I manage web access for remote or mobile users?

• Is there some way to protect them from malware infections?

FLEXIBILITY

.

McAfee Confidential

FlexibilityDeploy on-premise, in the cloud, or a hybrid combination

VM

Appliance and SaaS (Hybrid)

Appliance and SaaS (Hybrid)

Remote Users (SaaS)

SaaS or VM

Performance and Scalabilityfrom Branch Offices to Corporate HeadquartersCommon policy, management & reporting

HardwareAppliances Blade

Server

Virtual Appliance

Cloud-based

SaaS

.

McAfee Confidential

23

McAfee Client ProxyProtect mobile & remote users

Off Network

McAfee Data CenterSaaS Web Protection

(or Web Gateway in DMZ)

Internet

Active

?

Browser

Browser

Corporate OfficeOn-NetworkWeb Gateway

?

Client Proxy

.

McAfee Confidential

Features & Benefits

24

Flexible Architecture• Fit business requirements• Adapt as business needs change

Secure• Best of breed security services, #1 malware

defense• Protect on-premises and remote/traveling

users

Cost-effective• One SKU, one price• Buy only what you need

Manageable• Easy policy synchronization• Consistent, cross-platform reporting

Proven Scalability• Start small - SMB to enterprise• Add capacity, as needed

.

McAfee Confidential

25

Security

• Rules-based policy enforcement

• Global Threat Intelligence

• AV & Gateway Anti-Malware engines

• Built-in Data Loss Prevention

• Cloud storage file encryption

• Advanced Threat Defense integration

Application Management

• Identify and control rogue SaaS applications

• Single sign-on and multi-factor authentication

Flexibility

• Mobile & remote user protection

• Hybrid deployment options with policy synch

• Forward and reverse proxy options

McAfee Web Protection

.

McAfee Confidential

Next Steps – Prove It to Yourself!

APPLICATION NAME SUM OF HITS

BitTorrent Variants 22640

Google Analytics 1183

Hotmail 766

Facebook 754

Other 4093

TOTAL 29463

CATEGORYNAME# of

Detailed Web Access

Payment CardIndustry – Credit Card Number

Violations35

DLP: User-Defined Dictionary 23

SOX Compliance – Merger and Acquisition 1

TOTAL 59

MALWARE NAME SUM OF HITS

McAfeeGW: Heuristic.BehavesLike.JS.Infected.A 38

GoMcAfeeGW: Heuristic.BehavesLike.JS.Unwanted 19

McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious-BAY.G 11

McAfeeGW: Heuristic.BehavesLike.Win32.Suspicious-BAY.K 7

Other 12

TOTAL 87

STEP TWO: REVIEW RESULTS

Run Web Gateway Proof of Concept

Communicate Results.Take Action!

STEP ONE STEP THREE

26

.

McAfee Confidential

27

www.McAfee.com/webprotection