McAfee Total Protection for Compliance

Powered by SC Magazine
 

Usability, dashboard, reporting, application whitelisting and file integrity monitoring are decent, but it only integrates with McAfee Countermeasure products.

McAfee's ToPS for Compliance proactively correlates threats with system state data, such as vulnerability, patch level, configuration and application information. It can then countermeasure information to pinpoint critical assets at risk, to optimize remediation/patch efforts. It is able to conduct agent and agentless scans to deliver a unified, comprehensive approach to vulnerability lifecycle and risk management, policy auditing, and compliance reporting in an integrated solution. The offering provides threat, vulnerability and patch analysis for combating IT risk, and ties the risk level into various compliance-level reports.

The tool is delivered as standalone software or as an appliance. Installation of the software version is also supported on virtual machines. The product is marketed to all size organizations looking to meet the vulnerability scanning, policy/regulatory compliance and risk analysis needs of the organization. We were told that ToPS for Compliance can be implemented to begin collecting data for analysis in a matter of minutes. But we believe, based on the documentation installed into an existing McAfee environment, that integration with products via the API would require far more time.

The ePolicy Orchestrator serves as the consolidated "view" that one can use to visualize a current risk profile, conduct risk analytics and even run "what-if" analysis to report on risk prior to making changes. Users also can group assets into a single system for risk reporting at the system level. Discovering assets is fast, and there is even a rogue asset detection feature that scans for new systems via live wire monitoring. The dashboard features are very good. Reporting is complete and contains mappings of risks to specific compliance controls.

There is a full-blown system included for creating tickets and workflows based on risk items, or McAfee's ToPS for Compliance can integrate with third-party ticketing systems.

Copyright © SC Magazine, US edition


McAfee Total Protection for Compliance
 
Overall Rating
Verdict:
As an IT risk product, its real benefit is end-to-end integration. It is stronger in a pure McAfee environment.
Product Info
Specs:
Version 7
 
Supplier:
 
Price when reviewed:
15
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 765

Vote