McAfee Total Protection for Compliance

Powered by SC Magazine
 

Usability, dashboard, reporting, application whitelisting and file integrity monitoring are decent, but it only integrates with McAfee Countermeasure products.

McAfee's ToPS for Compliance proactively correlates threats with system state data, such as vulnerability, patch level, configuration and application information. It can then countermeasure information to pinpoint critical assets at risk, to optimize remediation/patch efforts. It is able to conduct agent and agentless scans to deliver a unified, comprehensive approach to vulnerability lifecycle and risk management, policy auditing, and compliance reporting in an integrated solution. The offering provides threat, vulnerability and patch analysis for combating IT risk, and ties the risk level into various compliance-level reports.

The tool is delivered as standalone software or as an appliance. Installation of the software version is also supported on virtual machines. The product is marketed to all size organizations looking to meet the vulnerability scanning, policy/regulatory compliance and risk analysis needs of the organization. We were told that ToPS for Compliance can be implemented to begin collecting data for analysis in a matter of minutes. But we believe, based on the documentation installed into an existing McAfee environment, that integration with products via the API would require far more time.

The ePolicy Orchestrator serves as the consolidated "view" that one can use to visualize a current risk profile, conduct risk analytics and even run "what-if" analysis to report on risk prior to making changes. Users also can group assets into a single system for risk reporting at the system level. Discovering assets is fast, and there is even a rogue asset detection feature that scans for new systems via live wire monitoring. The dashboard features are very good. Reporting is complete and contains mappings of risks to specific compliance controls.

There is a full-blown system included for creating tickets and workflows based on risk items, or McAfee's ToPS for Compliance can integrate with third-party ticketing systems.

Copyright © SC Magazine, US edition


McAfee Total Protection for Compliance
 
Overall Rating
Verdict:
As an IT risk product, its real benefit is end-to-end integration. It is stronger in a pure McAfee environment.
Product Info
Specs:
Version 7
 
Supplier:
 
Price when reviewed:
15
 
 
 
Top Stories
Change is the only constant at iiNet
iiNet's Matthew Toohey is trialling IBM's Watson - between preparing for an acquisition and making sure Netflix doesn't swamp the network.
 
Why straight-through processing is the holy grail for banks
Big benefits from stripping away human intervention and digitising processes.
 
CBA sued over frozen millions in IT bribery scandal
Eric Pulier's not-for profit lodges lawsuit in US.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  44%
 
No
  56%
TOTAL VOTES: 667

Vote