McAfee MVISION Protect Plus EDR delivers endpoint detection and response capabilities by identifying and visualizing threat data in real time. The number of modern threats enterprises face daily are constantly on the rise and growing more difficult to detect. This open-architecture solution streamlines workflows with assembled alerts, highlights high risk threats that demand immediate attention then maps them to the MITRE ATT&CK framework.
Endpoint security starts with data. McAfee MVISION uses a simple, cloud-centric architecture to conduct always-on data collection, providing security teams with broad visibility while maintaining flexible retention. A historical search of retained data shows analysts rich, detailed information about every event that has ever occurred on a system.
Local machine learning supports the automation capabilities of this endpoint solution and traces execution in real-time, on or offline, to capture behavior and to detect advanced threats such as signatureless zero-day malware attacks. The detection engine alerts on exploits and legitimate application misuse that static-only detection methods often overlook. It also uses cloud-based data analytics to classify applications and processes according to past incidents.
The complex dashboard offers a wealth of information and functionality. However, this complexity may present an initial challenge for those new to the platform. It includes predefined dashboard templates that are useful for reporting. For those looking for more customizability, the endpoint screen has widgets that analysts may adjust as desired. The story graph adds considerable value to advanced threat investigation because it offers a thorough visualization of the entire process trace. It also offers detailed information about every activity that has ever been executed on a system, the identity of every device affected by a malicious process and a means of mapping that process to MITRE with the suspicious indicator.
MVISION Protect Plus EDR takes total event visibility to the next level, with guided investigations that automate the alert triage process and that correlate enterprise data. This AI-driven component runs as a force multiplier for analyst expertise, streamlining response and remediation and making the most of human security resources. The guided investigations also give junior analysts a leg-up by helping them identify root causes and providing them with answers to questions or hypotheses that SOC analysts often pose.
Overall, security pros will find MVISION Protect Plus EDR a particularly good option for enterprises that require a highly scalable solution. This platform is equipped for massive deployments and workstation grouping for efficient, enterprisewide organization and management. The actual protection and remediation capabilities of this solution streamline the investigation process by offering high threat detection, full visibility into incidents and minimal false positives. However, we have not found MVISION as intuitive as many of the other products we reviewed this month, and because of the vast number of features in MVISION, we conclude that this solution comes with a high learning curve.
The product costs $47.78 per endpoint, per year and includes 24/7 phone, email and website support for one year. Additional support options are available for a fee. Organizations have access to a knowledgebase and FAQ list. We found it difficult to search for relevant manuals, but once found, it's easy enough to understand the available documentation. Revamping the support section and including a help link within the portal itself may reduce the learning curve. We also highly recommend additional installation documentation and a redesigned search function.
Written by Katelyn Dunn
Tested by Tom Weil