McAfee Total Protection for Compliance v7.x
Strengths: Reporting/dashboarding, agentless capabilities, mobile device support.
Weaknesses: Still a stronger solution in a pure McAfee environment, but getting better. Still, with all the modules it can be pricey for a larger deployment.
Verdict: Strong IT risk management tool with some innovative capabilities.
McAfee Total Protection (ToPS) for Compliance reduces remediation time from months to days by providing unique, countermeasure-aware, impact/risk assessment capabilities. The tool correlates endpoint and network countermeasures with new vulnerabilities and provides a third dimension to the vulnerability impact assessment by adding the status of the current countermeasure to vulnerability severity and asset criticality. It enables organizations to conduct (agent-less, agent-based or hybrid) compliance audits, configuration assessment, vulnerability assessment, asset management and countermeasure-aware risk assessment for a range of technologies.
It runs on a Microsoft platform and requires MS Server 2003-2008 and SQL Server 2005-2008. A spokesperson at the company claimed deployment of the software was within a few hours. Certainly, users can be up and running within a few days depending on the level of customization, workflow complexity and integration with non-McAfee products.
The solution addresses risk at the IT risk level using the OVAL (open vulnerability and assessment language) standard for risk assessment. ToPS proactively correlates threats with system state information - including vulnerability data, patch level, configuration information, application data and countermeasure information - to find critical assets at risk so as to optimize remediation/patch efforts.
The agentless option allows users to gather valuable information from systems with zero footprint on those devices. The agent-based, agentless or hybrid collectors can co-exist in the same environment so one has numerous deployment options. New to this release is the ability to assess desktop risks, such as Adobe- and Java-based threats. ToPS has also added the ability to conduct file integrity checks to recognize changes made, to report and track changes, and to specify entitlement to certain files. Other additions to this release that caught our attention include the ability to now track risk associated with BYOD devices through mobile vulnerability assessments. This information is consumed from integration of McAfee Asset Manager (part of McAfee Vulnerability Manager) to passively fingerprint a device, user, OS and app.
Reporting was solid before and has been updated substantially for this release. It now includes an attractive risk summary graphic, a "threats over time" visual, new canned reports, a report builder and a new PCI dashboard. ToPS has also added a tool to allow a user with no SQL skills to write a custom query for reporting using a simple, drag-and-drop programming feature. McAfee has also created an application programming interface (API) to allow other security and network product vendors to integrate with the tool. The isolation was a drawback in the past, so this added capability will help resolve that issue. However, at press time, there was not yet a list of other supported integrations available.
Support includes 24/7 access, plus there are several other options available.