McAfee Total Protection for Compliance v6.8
Strengths: Very nicely integrated and centralized single picture of risk and risk mitigation options across the numerous security controls deployed.
Weaknesses: Currently only supports and interfaces with McAfee products.
Verdict: It’s a great solution if you are a complete McAfee defense-in-depth shop.
McAfee Total Protection (ToPS) for Compliance v6.8 is a GRC solution that can help users understand risk and apply the right protections in the right places. ToPS uses integration and automation to improve visibility into operational risk, while reducing exposure and cutting the cost of compliance. In an integrated McAfee environment, ToPS provides a complete picture of the organization's security infrastructure and posture, allowing admins to identify weaknesses and remediate those risks in the manner that best supports the business.
ToPS for Compliance is an integrated risk management suite that eliminates the manual and time-consuming process of correlating threats to critical systems at risk. This results in improved visibility and agility, as well as reduced cost and compliance with regulatory mandates. Ultimately, it helps address the question: "Where and when should I spend my next dollar on security?" It delivers a unified, comprehensive approach to vulnerability and risk management, policy auditing and compliance reporting in an integrated solution. It's able to conduct agent and agent-less scans, as well as enable proactive correlation of real-time threats with vulnerability and countermeasure data. This enables admins to pinpoint critical assets at risk to optimize remediation/patch efforts.
The offering integrates with McAfee products to deliver closed-loop remediation. We found the consolidated risk view very powerful, allowing us the ability to choose which control and how we might want to best remediate a risk.
The reporting was very good, using a menu-driven approach with high level graphics that drill down with customization capabilities. A very flexible event-driven dashboard is also customizable via drag and drop. The reporting puts the intelligence users need in an easy-to-read format while giving the ability to drill down to any level of detail.
One of the limitations of the product is that it currently does not support integration with non-McAfee products. We were told that additional integration is planned later.
24/7 support is available at a fee. The solution is sold as client-side software running on a Windows server using a SQL backend database. The software is web-based, accessed from a standard web browser, is easy to use and provides a great graphical and detailed vision into operational risk.