McAfee Total Protection for Compliance

Powered by SC Magazine
 

Usability, dashboard, reporting, application whitelisting and file integrity monitoring are decent, but it only integrates with McAfee Countermeasure products.

McAfee's ToPS for Compliance proactively correlates threats with system state data, such as vulnerability, patch level, configuration and application information. It can then countermeasure information to pinpoint critical assets at risk, to optimize remediation/patch efforts. It is able to conduct agent and agentless scans to deliver a unified, comprehensive approach to vulnerability lifecycle and risk management, policy auditing, and compliance reporting in an integrated solution. The offering provides threat, vulnerability and patch analysis for combating IT risk, and ties the risk level into various compliance-level reports.

The tool is delivered as standalone software or as an appliance. Installation of the software version is also supported on virtual machines. The product is marketed to all size organizations looking to meet the vulnerability scanning, policy/regulatory compliance and risk analysis needs of the organization. We were told that ToPS for Compliance can be implemented to begin collecting data for analysis in a matter of minutes. But we believe, based on the documentation installed into an existing McAfee environment, that integration with products via the API would require far more time.

The ePolicy Orchestrator serves as the consolidated "view" that one can use to visualize a current risk profile, conduct risk analytics and even run "what-if" analysis to report on risk prior to making changes. Users also can group assets into a single system for risk reporting at the system level. Discovering assets is fast, and there is even a rogue asset detection feature that scans for new systems via live wire monitoring. The dashboard features are very good. Reporting is complete and contains mappings of risks to specific compliance controls.

There is a full-blown system included for creating tickets and workflows based on risk items, or McAfee's ToPS for Compliance can integrate with third-party ticketing systems.

Copyright © SC Magazine, US edition


McAfee Total Protection for Compliance
 
Overall Rating
Verdict:
As an IT risk product, its real benefit is end-to-end integration. It is stronger in a pure McAfee environment.
Product Info
Specs:
Version 7
 
Supplier:
 
Price when reviewed:
15
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 433

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 209

Vote