SOMOS Educação, the largest K through 12 educational organization in Brazil, with more than 50 sites across Brazil, looked to McAfee for a robust, scalable endpoint security solution; simple, centralized management; and stronger protection for sensitive business and personal data. SOMOS Educação/Customer Profile

• Incorporated in 2011, SOMOSEducação (SEDU3:BZ) is thelargest K through 12 group inBrazil. It has a broad portfolioof integrated educationalsolutions (textbooks, digitalproducts, and services) andalso administers proprietaryschools and preparatorycourses.
• Industry:Education
• IT Environment:3,000 nodes, 5,000 employees,50 sites

Challenges

• Prevent both internal business data and personal data from being exfiltrated
• Reduce security management complexity in a distributed environment
• Find a security vendor that offers robust, integrated solutions and reliable support at an affordable price
• Accelerate threat detection and mitigation
• Raise security awareness among employees

McAfee Solution

• McAfee® Complete Endpoint Protection
• McAfee® DLP Endpoint
• McAfee® Drive Encryption
• McAfee® ePolicy Orchestrator® (McAfee ePO™)
• McAfee® Web Protection

Results

• An integrated, single-vendor security architecture
• Centralized and scalable single-console management
• Comprehensive, full-coverage endpoint protection
• Improved protection for sensitive data
• Greater peace of mind for parents, students, schools, and employees
• Simplified deployment 

For Juliano Pereira, CIO, and his IT colleagues at SOMOS Educação, securing sensitive data and the infrastructure is paramount to his organization’s greater mission, which is to elevate the nation of Brazil by contributing an important intangible asset: education. With the full support of the board and executive team, Pereira and his team have embarked on a journey to solidify and stabilize their cybersecurity strategy in order to better protect student information and business data and allow employees to work safely and without interruption. With a lean and efficient security team overseeing 50 sites, 3,000 nodes, and 5,000 employees distributed across Brazil, SOMOS needed a reliable vendor that could offer robust, scalable solutions, centralized management, and excellent service and support. Chief among the organization’s cybersecurity concerns are protecting against advanced threats like WannaCry ransomware, which hit several government agencies in Brazil in 2017; safeguarding business information; and preserving the privacy of the students SOMOS serves. Dissatisfied with their previous vendor because of poor service, a limited feature set, and implementation complexity, the IT leadership team at SOMOS selected McAfee as the organization’s primary security vendor based on the reputation of the McAfee brand; its connected, integrated portfolio; and the affordability of its solutions. The organization implemented McAfee endpoint security, data protection, and single-console security management. As Ricardo Costa, IT governance manager, notes, “Because many IT team members had positive experiences with McAfee in the past, it was an easy decision.” Single-Agent Endpoint Security Platform Reduces Infections and Improves Detection Pereira and his team deployed McAfee® Complete Endpoint Protection to its 3,000 endpoints in several phases over a period of only three months. The deployment was smooth and straightforward, with “zero errors,” as Marco Aurelio, IT infrastructure manager, asserts. With its single-agent architecture, McAfee Complete Endpoint Protection provides SOMOS with a single, consolidated platform that brings together multiple defenses. So far, the security team has deployed four modules. The Threat Prevention module provides intelligent, on-demand scanning and coverage for vulnerabilities and exploits. The Web Control module ensures that employees are safe when browsing the web and downloading files. And, the Firewall module leverages McAfee® Global Intelligence reputation scores to protect users from network attacks. The team has also implemented Real Protect, which uses real-time behavioral analysis and machine learning to detect advanced and zero-day threats. According to Pereira, the organization has significantly improved its ability to quickly detect malware and suspicious activities and neutralize threats. McAfee DLP Endpoint Technology Safeguards Business and Personal Information To address data protection and privacy concerns, the organization implemented McAfee DLP Endpoint, which protects data at rest, in use, and in motion across all endpoints. McAfee DLP Endpoint capabilities make it easy to categorize and map out the data that flows through the organization and apply appropriate controls and policies to relevant assets. Additionally, drive encryption combined with strong access control prevents employees from unauthorized access to confidential data on all endpoints—from desktops and laptops to tablets and USB drives. Pereira has made a point to inform employees about these new data security controls and believes that this has helped instill a greater sense of vigilance about handling sensitive data across the organization. “One of our biggest issues is possible damage to our reputation should a breach occur. I believe that implementing McAfee DLP will have a positive effect on everyone. Students and their parents will feel more at ease, and employees will be more mindful about the way they use and transmit data,” points out Willians Santos, IT security leader. McAfee ePO Simplifies Management and Increases Security Effectiveness Tying it all together is the McAfee ePO management console. Pereira’s staff can now maximize their time and efficiency by getting visibility into the organization’s entire infrastructure from a centralized single pane of glass. The easy-to-use McAfee ePO console enables the team to monitor the security health of endpoints and servers and to create and enforce data protection policies. They regularly check both built-in and customized dashboards that provide them with valuable data and statistics like the number of threat events within a defined timeframe, including names of affected hosts and types of threats. Just recently, for example, they discovered that, via the McAfee ePO console, McAfee intercepted 1,065 threats in the course of a week. Fundamental to the McAfee connected ecosystem, the McAfee ePO console has simplified security management at SOMOS Educação and has empowered its security professionals to be more effective through automation. “The single greatest benefit we’ve experienced from McAfee is the ability to use a single tool for security management, which makes it easy to scale as required. Now everyone everywhere can enjoy the same level of security,” relates Pereira. McAfee Helps Drive Technology Innovation The company has big plans for the next two years. Migration of educational services to the cloud is currently in the works. SOMOS Educação has two major instructional systems in the cloud and is negotiating with partners to implement new modules and updated versions of existing systems. They have also migrated several applications focused on student assessment, tutoring, and other learning activities. McAfee® Web Protection provides a unified defense, including antimalware, web filtering with reputation scoring, cloud application control, and real-time behavioral analysis to help prevent against zero-day threats. It provides the organization with consistent protection and policy enforcement in the cloud as well as on premises. Pereira explains that the organization is doing everything possible to strengthen its security architecture: updating and stabilizing the environment overall; investing in cutting-edge defenses for endpoints, servers, and databases; streamlining, evaluating, and testing every new security tool against potential threats; and improving technology processes. “We are at the beginning of our journey, and we still have far to go before we achieve all our goals, but we take pride in the fact that we are leading the way when it comes to cybersecurity. When our schools hear that we are providing them with stronger security, they arereally pleased and receptive. Compared to 99% of theeducational organizations in Brazil, we are way ahead ofthe game,” Pereira affirms.

Integrating McAfee® Advanced Threat Defense and the Bro open-source network security platform widens the scope of threat detection to include unmanaged devices Multinational Software Company

• Large global software company
• Industry: Technology
• Environment: Fluid environment with up to 150,000 endpoints at any given time, many of them virtual, across 20 countries

Challenges

• Protect against zero-day threats across extended global enterprise
• Shrink detection to remediation gap

McAfee solution

• McAfee® Advanced Threat Defense
• McAfee® Complete Endpoint Threat Protection
• McAfee® ePolicy Orchestrator®
• McAfee® Threat Intelligence Exchange

Results

• Accelerates time to protection, thanks to automation
• Augments threat reputation information shared across
• McAfee ePO softwaremanaged devices with information gleaned from incidents involving unmanaged devices
• Facilitates endpoint incident forensics and accelerates response
• Saves security operations time and hassle

Automated submission of threat information to McAfee Advanced Threat Defense and automated sharing of that information across the enterprise improves protection while saving security operations time and hassle. This large global software company with more than 20,000 employees in 20 countries has implemented an IT infrastructure that is highly virtual and fluid. Systems come and go daily on the company’s network. For instance, in a recent week, 45,000 systems, including virtual machines, connected to the corporate network. However, during peak periods, up to 150,000 endpoints can be connected. For the company’s senior manager of security engineering, who oversees the team responsible for deployment of all security tools across the global enterprise, this environment poses distinct challenges. Challenge: Close Gaps to Block Zero-Day Attacks Although the company employs the McAfee Complete Endpoint Threat Protection suite on all its high-risk physical and virtual endpoints, it also has many virtual endpoints connecting to its network that do not have a McAfee agent installed and are therefore not updated with the latest threat protection via the McAfee ePolicy Orchestrator (McAfee® ePO™) management console. The company’s more important virtual machines host a McAfee agent but many “low-risk” systems do not. Until recently, if one of these unmanaged endpoints downloaded a malicious file, the McAfee ePO softwaremanaged endpoints would be at risk because they had no way of knowing of the existence of that threat within the environment. “Zero-day threats are our biggest concern,” remarks the senior manager of security engineering. “If any of our endpoints—managed or unmanaged—downloads a zero-day threat, we want our whole environment to know about it, and we want to be able to react appropriately as fast as possible.” In addition, if a managed endpoint became infected, security analysts would receive an alert, but, because of the fluidity of systems coming on and off the network, by the time an analyst has logged in and has attempted to find the suspicious payload, the system could easily have moved offline, essentially removing the information needed to understand what had transpired. As a result, security operations center (SOC) engineers found that they had to spend extra time tracking down infected systems and remediating them. Hunting and Blocking Zero-Day Threats with McAfee Advanced Threat Defense Along with McAfee Complete Endpoint Threat Protection, the company had implemented the Data Exchange Layer (DXL) communication fabric and McAfee Threat Intelligence Exchange. DXL connects and optimizes security actions across multiple vendor products, as well as internally developed and open source solutions, and McAfee Threat Intelligence Exchange leverages DXL to bi-directionally share threat information across all DXL-connected systems. To this automated threat reputation-sharing framework, the company added McAfee Advanced Threat Defense for “zero-day hunting,” as the senior manager of security engineering describes the appliance’s main role.  “If an unknown or suspicious file comes across one ofour endpoints protected by McAfee Endpoint Security, the file is automatically sent to McAfee Advanced ThreatDefense for sophisticated static and dynamic behavioralanalysis,” explains the senior manager of securityengineering. “If McAfee Advanced Threat Defensedeems the file to be malicious, its reputation is thenautomatically broadcast via McAfee Threat IntelligenceExchange to all the endpoints connected to DXL. Thisautomatic distribution of threat reputation informationhelps us block zero-day threats before they can harmour environment.” Enhancing Intrusion Detection with Bro But what about threats entering the environment through the company’s many unmanaged endpoints? To extend detection to these systems, the company turned to the open-source Bro network security monitoring platform. Bro ingests the company’s network traffic off a span or inline tap and converts the traffic data into logs and metadata in binary format. In a typical week, Bro submits approximately 6,000 files to McAfee Advanced Threat Defense for analysis. Of those, approximately 10% to 20% end up in the McAfee Threat Intelligence Exchange threat reputation database and are subsequently shared throughout the enterprise. “Bro gives us the ability to retain network traffic in a searchable format, which is extremely useful,” the senior manager of security engineering explains. “For instance, using Bro, we can search for source or distributed IP so we can easily conduct lightweight investigations— discover who or what connected to a specific IP address, what the payload looks like, determine the packet size, and so on.” The information captured by Bro supplements the threat information delivered via the McAfee Global Threat Intelligence cloud and disseminated via McAfee Threat Intelligence Exchange. With the Bro script and advice provided by McAfee (now available as a deployment kit), the senior manager of security engineering’s team integrated Bro with McAfee Advanced Threat Defense so that the Bro traffic data is automatically submitted to McAfee Advanced Threat Defense, just as suspicious files from McAfee Endpoint Security are automatically submitted through McAfee Threat Intelligence Exchange. Since the team was already very familiar with Bro, the integration was straightforward. Automatic Immunization Against Threats that Hit Unmanaged Endpoints “If one of our unmanaged endpoints downloads a malicious file, Bro will capture that event among the network traffic and submit it to McAfee AdvancedThreat Defense for analysis,” notes the senior managerof security engineering. “If McAfee Advanced ThreatDefense determines the file is malicious, then thatmalicious reputation will be shared automatically withevery McAfee ePO software-managed system in ourentire enterprise—in other words, with all the systemswe care about. Put another way, if one of our unmanagedvirtual machines downloads a malicious file, all of ourmanaged devices automatically receive an immune shot.” Facilitating and Accelerating Incident Response With the McAfee Advanced Threat Defense/Bro integration and threat reputation information automatically disseminated across endpoints via McAfee Threat Intelligence Exchange, inoculation of endpoints happens much faster than it did before. Consequently, there is a much greater likelihood that a system will “receive the immune shot” before it goes offline. In addition, because the actual event and surrounding intelligence is captured by Bro, even if the system goes offline, McAfee Advanced Threat Defense, as well as security analysts, have a great deal more information to help determine appropriate action, and, if necessary, to remediate more quickly. “With the McAfee automated threat framework and supporting intelligence from the Bro integration, plus automated remediation that we have also set up, our SOC very rarely needs to pay attention to endpoint incidents,” points out the senior manager of security engineering. “The Bro integration and all that automation save a ton of time.” To fortify its defenses further, the company continues to build upon its DXL-based integrated security framework. For instance, the company is currently in the process of adding McAfee DLP Monitor to gather, track, and report on data in motion across its entire network and augment its McAfee DLP Endpoint host-based data protection. “The more we can integrate our systems and automate responses, the safer we will be,” says the senior managerof security engineering.

With McAfee® Endpoint Security, McAfee Advanced Threat Defense, and McAfee Threat Intelligence Exchange, this CIO can focus on his main job, using technology tokeep his company thriving and to increase value for his company’s customers, notinformation security.  Challenges Simplify security management for small information security team Minimize impact of security on business end users Keep organization secure, avoid unwanted appearances in the boardroom McAfee Solution

• McAfee® Advanced ThreatDefense
• McAfee Complete Endpoint Threat Protection
• McAfee Endpoint Security
• McAfee ePolicy Orchestrator
• McAfee Threat Intelligence Exchange

Results

• Elimination of ransomware
• Superior endpoint protection experience for both end users and administrators
• Ability to focus on business rather than security issues
• Trusted partnership with company focused solely on security

Harry Folloder loves his job as Chief Information Officer of Waypoint, the premier sales and marketing agency for foodservice (as well as non-foods channels) in North America. As CIO, he oversees the use of technology within the company and across its 1,500 endpoints and three data centers. “It’s fun,” he says. “I get to spend a lot of my time innovating and looking for ways to use technology to increase the value we provide our customers.” No News is Good News Folloder’s job was a lot less fun and his phone a lot less quiet a few years ago. “So much of my security staff’s time was spent dealing with false positives and other program problems; they would end up calling me and griping about the problems,” recalls Folloder, who is also CIO of Marlin Networks, the leading marketing agency in the food service industry. “Sometimes the security issues would even take salespeople out of the field for a day or two while waiting for the issue to be resolved. Ultimately, I decided we needed a security partner focused solely on security, with products that do what they’re supposed to do, so I don’t have to hear about them and, more importantly, so our end users can keep focusing on doing their part to serve our customers and grow our business.” Folloder says his top priority as CIO is to be an ambassador to clients and customers and to keep the business moving forward. “Keeping security running is not my job,” he says. “When security is running smoothly and my phone is quiet, with no unwanted calls from my security team or my Board, then I can focus on my real job.” Result of Migrating to McAfee Endpoint Security: Better User Experience and Reduced TCO Folloder found in McAfee the security partner he was looking for. After replacing Waypoint’s previous endpoint protection software with McAfee Complete Endpoint Protection Enterprise (now called McAfee Complete Endpoint Threat Protection), phone calls from his staff decreased significantly. When Folloder and his staff heard that McAfee was introducing a new, more intelligent, more collaborative endpoint protection framework, McAfee Endpoint Security, they couldn’t wait to take advantage of it. After running McAfee Endpoint Security version 10.2 briefly in a test environment, they used the McAfee ePolicy Orchestrator® (McAfee ePO™) central console to push it out across all of Waypoint’s approximately 1,500 nodes. The migration of the virus scanning engine, McAfee VirusScan® Enterprise, and McAfee SiteAdvisor® software from the McAfee Complete Endpoint Threat Protection to McAfee Endpoint Security took place within a two-and-a-half-week period that also included deployment of McAfee Threat Intelligence Exchange across all endpoints and McAfee Advanced Threat Defense for sandbox analysis. “Migrating to McAfee Endpoint Security was one of the easiest platform migrations ever,” notes Folloder. “It went off without a hitch. The only calls received were from a handful of users who had shut down or rebooted in the middle of the upgrade process. Folloder and his staff have been extremely pleased with the results. “McAfee Endpoint Security is a much better experience for our administrative staff, providing better protection with less management time,” says Folloder. “It allows us to better serve our business with higher quality levels, lower total cost of ownership, and lower cost of administration. It also allows our business users to focus on their jobs rather than issues caused by security software.” No Ransomware. Period. Folloder was most excited to integrate McAfee Endpoint Security with McAfee Advanced Threat Defense via McAfee Threat Intelligence Exchange, for even greater ability to combat advanced threats and deliver actionable threat forensics. Leveraging the McAfee Data Exchange Layer (DXL), McAfee Threat Intelligence Exchange combines multiple internal and external threat information sources and instantly shares this data along the DXL backbone that extends to all of the company’s nearly 1,500 nodes. Integration of McAfee Endpoint Security with Threat Intelligence Exchange enables information generated by McAfee Advanced Threat Defense to be shared immediately with all endpoints. “McAfee Threat Intelligence Exchange is information sharing at its best; you’re aggregating everything that McAfee and all of its customers are seeing in a way that helps crowdsource the good info,” explains Folloder. “It gives us comprehensive, near real-time threat intelligence and shares it with all our machines to make them safer.” As for McAfee Advanced Threat Defense, Folloder says: “One of the initial things that caught my eye was the inspection methodology and in-depth analysis that Advanced Threat Defense does, that I just didn’t see elsewhere. Its simple packet inspection, which is what a lot of malware targets, and in-depth analysis of disassembled raw code drew me in immediately. Then when I found out what else it did, I became a true believer. Best of all, it fulfills its promise to detect zeroday, zero-hour attacks, and does so in a very elegant way with minimal end-user impact.” “Since implementing McAfee Endpoint Security, Threat Intelligence Exchange, and Advanced Threat Defense, we haven’t had a single case of ransomware,” says Folloder. “Period.” McAfee Advanced Threat Defense also catches many undesirable files that try to install on users’ browsers, such as adware, the Mindspark toolbar, fake utilities like Optimizer Pro and PC Accelerator, and plugins for music players, coupons, and online games. Experience Improved for Both Business Users and Security Administrators Waypoint’s legacy endpoint protection—McAfee VirusScan Enterprise software—although many times better than the company’s previous antivirus solution, still required some heavy processor usage at times. With the upgrade to McAfee Endpoint Security, however, the impact of malware scanning on CPU utilization has diminished significantly.  “Our end users have a much better experience,” says Folloder. “Whether or not their personal computer has experienced a significant change in processor usage, all of our users perceive less interference and faster computing. Since the rollout of McAfee Endpoint Security, we haven’t heard a single complaint about corporate virus scans.” The user experience for Waypoint’s two information security administrators has also improved with the migration to McAfee Endpoint Security. “I don’t have to interact with [Endpoint Security] much, which is a good  thing,” says Folloder, “but my techs say that it has a much nicer, more modern interface than before.” Quiet and Peace of Mind “Worth Every Penny” “At my level, the measure of success for a product is that I haven’t had to hear about it or worry about it,” says Folloder. “I haven’t had to mess with McAfee Endpoint Security. I haven’t had to hear from anyone in the C-suite or their direct reports. It is doing exactly what we paid for it to do and I love it.” Furthermore, adds Folloder, since the migration to McAfee Endpoint Security, endpoint protection has not interrupted a single associate or sales person’s work. “The less interruptions of business and service to our customers, the better,” he states. “That’s really my overarching goal. That’s why I invest in products like McAfee Endpoint Security. It’s worth every penny.” A True Security Partner But it’s not just the quality of products that count. “I look for partners, not vendors,’ says Folloder. “At the end of the day we’re a service company. Partnering with the best allows us to focus on our core competency.” “I know I sound like an ad for McAfee, but I really do love that I can sleep at night, knowing that Waypoint’s IT infrastructure is protected by a company that is focused on protecting my environment and not distracted by backup or storage or whatnot,” continues Folloder. “Ask yourself, ‘Is my security vendor focused specifically on securing my environment? Does it have leading researchers and state-of-the-art resources to protect my infrastructure and users, and to keep innovating and evolving to face new threats?’ Take a hard look. My experience with McAfee has been everything a partnership should be and more.”

О заказчике Efes Rus — пивоваренная компания, входящая в четверку крупнейших игроков на российском рынке, подразделение международной пивоваренной компании Anadolu Efes. На сегодняшний день в активах Efes Rus шесть пивоваренных заводов — в Калуге, Уфе, Казани, Новосибирске, Ульяновске и Владивостоке и 1 солодовенный комплекс. Проблематика Постоянное развитие ИТ-инфраструктуры, увеличение числа пользователей, расширение спектра приложений привело к увеличению объема требующих анализа данных и практической невозможности контролировать состояние информационной безопасности (ИБ) компании без использования дополнительных средств, поэтому руководством компании Efes Rus было приняло решение о внедрении системы мониторинга событий информационной безопасности (SIEM). Для реализации этого проекта была выбрана компания «Андэк». Кроме того, сотрудниками «Андэк» ранее был проведен аудит обработки персональных данных в компании Efes Rus. Внедрение системы SIEM было одной из рекомендаций по результатам этого проекта, призванной реализовать требования по управлению событиями информационной безопасности в информационных системах персональных данных. Задачи Перед специалистами компании «Андэк» стояла задача не просто внедрить SIEM систему, необходимо было обеспечить подключение специфических источников событий, а также реализовать мониторинг действий привилегированных пользователей и контроль использования приложений SAP. Кроме этого, необходимо было подключить источники событий (элементы ИТ-инфраструктуры, СУБД, приложения SAP), настроить мониторинг прав привилегированных пользователей, провести настройку корреляции событий от различных источников с целью автоматического выявления инцидентов ИБ и провести настройку отчетов и панелей мониторинга для использования специалистами по ИБ компании Efes Rus. Описание проекта К моменту начала реализации проекта в московском офисе Efes Rus еще не были внедрены средства автоматизированного централизованного мониторинга событий ИБ. После консультаций было принято решение реализовать систему мониторинга событий на базе McAfee ESM, развернув ее в виртуальной среде Заказчика. Специалистами Андэка были разработаны кастомизированные парсеры журналов для нескольких систем: аудита СУБД DB2, журналов аудита приложений SAP и журналов трафика системы MS Exchange 2013, позволяющие собирать события с источников. Для контроля привилегированных пользователей была выполнена глубокая интеграция системы с несколькими доменами Active Directory. Во внедренной SIEM системе был реализован мониторинг назначения и использования привилегий (ролей) SAP, а также мониторинг запуска критичных бизнес-транзакций, в реальном времени и генерация исторической отчетности в соответствие с требованиями Заказчика. Были настроены правила корреляции, позволяющие выявлять критичные инциденты ИБ автоматически и уведомлять о них ответственный персонал компании-заказчика. Результат Внедрение SIEM системы повысило уровень защиты от внешних угроз, реализованный проект позволяет специалистам Efes Rus получить целостную картинку ситуации в корпоративной сети, визуализированную и упорядоченную, так как SIEM осуществляет централизованный сбор, обработку и хранение событий информационной безопасности. Кроме этого, система предоставляет возможности использования отчетности разной степени детализации и периода, что облегчает проведение расследований инцидентов. Комментарий заказчика «Система автоматического информирования зарекомендовала себя положительно. Она позволяет выстраивать автоматический превентивный контроль по ряду транзакций и процессов, которые могут быть сочтены критическими, позволяет в режиме online реагировать на возникающие угрозы в части возникновения критического совмещения полномочий. Внедренная SIEM-система является дополнительным, но не лишним инструментом контроля» — подчеркнул Павел Шветц, менеджер по внутреннему контролю компании Efes Rus. Комментарий специалиста компании «Андэк» Дмитрий Никифоров, руководитель дирекции реализации проектов компании «Андэк» прокомментировал данный проект: «Мы рады, что нам представилась возможность участвовать в этом проекте, нашими специалистами был получен уникальный опыт прямого подключения журналов аудита SAP без помощи сторонних средств. Надеемся, что наше давнее и плодотворное сотрудничество в части внедрения и развития систем обеспечения информационной безопасности продолжится и в дальнейшем».

Как показывает опыт последних лет, использование лишь одного антивируса на всех рабочих станциях корпоративной сети, как единственной средства для информационной защиты, уже не является достаточной и эффективной мерой для обеспечения высокого уровня информационной безопасности. На сегодняшний день, наиболее эффективным способом является комплексный подход к защите конечных точек. В связи с ежедневным повышением риска утери данных на рабочих станциях и серверах, офицеры информационной безопасности Айбокс Банка (АгроКомбанка) принялись за поиск решения для комплексной защиты рабочих станций. Продукты компании McAfee ежегодно признаются мировыми экспертами как одни из лучших решений на рынке. А линейка продуктов для защиты конечных точек по предоставлению непрерывной, обновляемой и мощной защиты от самых разных угроз - McAfee Endpoint Protection Suite и McAfee Total Protection for Data постоянно является лидером мировых рейтингов продуктов для защиты рабочих станций и серверов. Специалистами компании ISSP была изучена сетевая инфраструктура банка и предложен вариант внедрения решений от компании McAfee. Универсальный инструмент McAfee ePolicy Orchestrator (McAfee ePO) – это масштабируемый под любую сетевую инфраструктуру механизм «все-в-одном» для централизованного управления, контроля и отчетности. еРО разработан для среды уровня «Энтерпрайз» благодаря чему за короткое время, были развернуты все продукты для комплексной защиты конечных точек: анти-вирус, анти-спам, межсетевой экран на рабочих станциях, продукт для безопасной работы в интернете, контроль портов, шифрования дисков, шифрование файлов и папок, шифрование съемных носителей. По результатам проекта инфраструктура Айбокс Банка (АгроКомбанка) получила защищенные рабочие станции посредством установки продуктов для защиты конечных точек с возможностью управления ими с единой консоли еРО. Это позволяет удобно и централизовано вести постоянный контроль над всеми компьютерами в сети организации.

Проект по миграции сервера управления программным обеспечением McAfee, используется в банке на новую версию McAfee ePolicy Orchestrator 4.6 начался после окончания действия поддержки поставщиком старой версии Эро 4.5. В рамках этого проекта специалисты банка также решили реализовать некоторые изменения архитектуры работы решения с целью улучшения его производительности, а именно перенос базы данных на отдельный сервер. Учитывая, что ОАО «Альфа-Банк» - имеет большую инфраструктуру, а миграция требует углубленных знаний и работы с программным обеспечением (ПО) McAfee к проекту были привлечены специалисты компании-интегратора ООО «Информейшн Системс Секьюрити Партнерс» (ISSP). В рамках проекта были проведены следующие этапы: Детальное исследование, анализ архитектуры и инфраструктуры заказчика Общее определение плана процесса миграции и плана резервного копирования и восстановления ПО McAfee; Проверка выбранной модели реализации в тестовой среде; Работы по переходу программного обеспечения. По окончании основной части проекта для специалистов банка компания ISSP провела двухдневное обучение по администрированию обновленной системы. В результате проекта банк получил программное обеспечение, поддерживается современными производителями ПО, а также обогатился новыми и усовершенствованными функциями управления защитой рабочих станций и серверов. В целом ОАО «Альфа-Банк» оптимизировал использование своих ресурсов, которые необходимы для обеспечения защиты конечных точек инфраструктуры банка.

Внедрение комплексной системы доступа и контроля интернет-трафика для Банка Москвы Заказчик ОАО «Банк Москвы» - один из крупнейших универсальных банков России (входит в топ-5), предоставляющий диверсифицированный спектр финансовых услуг как для юридических, так и для частных лиц. Основным акционером Банка является Группа ВТБ (95,53%). Стратегией развития Банка определено, что Банк Москвы будет развиваться как самостоятельный универсальный коммерческий банк в составе Группы ВТБ. В настоящее время Банк Москвы обслуживает более 100 тыс. корпоративных и свыше 9 млн частных клиентов. Среди клиентов-юридических лиц – крупнейшие отраслевые предприятия, предприятия среднего и малого бизнеса. Описание проекта Эксперты ведущего российского системного интегратора «Ай-Теко», получив право на выполнение работ в результате конкурса, создали информационную систему, обеспечивающую пользователям Банка Москвы безопасный доступ к сети Интернет. В ходе проекта с использованием решения McAfee Web Gateway была организована эффективная многослойная защита web-трафика: при обработке пользовательских запросов производится анализ разрешенных к просмотру web-страниц с целью проверки не только их содержимого, но и находящегося в них активного кода. Внедренный комплекс сочетает в себе локально развертываемые и облачные средства безопасности корпоративных ресурсов банка. Помимо этого, компанией «Ай-Теко» проведено обучение профильных специалистов заказчика, предоставлены техническая поддержка и сопровождение оборудования и программного обеспечения. Результат На данный момент информационная система переведена в режим промышленной эксплуатации, а пользователи Банка Москвы получили возможность посещать необходимые web-страницы без риска заражения компьютера вирусом или попадания на вредоносный сайт. Дополнительная настройка списков одобренных категорий ресурсов позволила банку значительно сократить нецелевое использование сети Интернет. Комментарии Денис Антонов, начальник отдела защиты телекоммуникационных систем Банка Москвы: «В связи с выявлением инцидентов информационной безопасности перед нами была поставлена достаточно непростая и актуальная для бизнеса задача – обеспечить защиту данных пользователей и корпоративных ресурсов банка от угроз и различных вредоносных программ во время доступа к сети Интернет. Для выполнения работ мы выбрали современное эффективное средство обеспечения безопасности McAfee Web Gateway и надежного подрядчика в лице компании «Ай-Теко», обширный опыт и квалификация специалистов которой гарантируют наивысшее качество развертываемого решения». Андрей Шамаев, директор по развитию бизнеса компании «Ай-Теко»: «Всего за два с половиной месяца проектная команда департамента информационной безопасности «Ай-Теко» при активной поддержке экспертов McAfee и участии специалистов заказчика справилась с поставленными задачами, реализовав контроль трафика при использовании «всемирной паутины» в рамках столичных подразделений и региональных филиалов Банка Москвы. Результаты совместной работы позволяют говорить о дальнейшем расширении сотрудничества с банком, включая возможности внедрения перспективных технологий от компании McAfee».

После того, как Microsoft прекратила развитие своего продукта Forefront TMG, многим пользователям этого решения пришлось начать процедуру поиска замены. Среди таких клиентов оказался и ПроКредит Банк. Перед банком встала задача интеграции нового прокси-сервера. И уже летом 2013 года специалистами ПроКредит Банка были проведены сравнительные тестирования лидирующих решений этого рынка с частичным привлечением компании ISSP - специализированного экспертного интегратора систем информационной безопасности. Результатом тестирования стал выбор в пользу McAfee Web Gateway. Для предоставления услуг внедрения и настройки работы McAfee Content Security Suite (модуля McAfee Web Gateway) также была задействована компания ISSP, которая прекрасно проявила себя во время тестирования, продемонстрировав высокие компетенции и богатый опыт работы с продуктами McAfee. Внедрение шлюза по обеспечению защиты Интернет-доступа состояло из этапа миграции существующих настроек прокси-сервера с Microsoft ISA на McAfee Web Gateway и этапа настройки новых функций. Компания ISSP совместно со специалистами департамента информационных технологий Банка по согласованной схеме установили и настроили базовые фильтры - аутентификацию, доступ сотрудников Банка к важным ресурсам, фильтрацию типов данных, а также проверили корректности выполненных изменений. Дополнительно было настроено сервер отчетности и интегрувано прокси-сервер с системой резервного копирования конфигурационных данных. Специалистам обеих компаний удалось провести интеграцию McAfee Web Gateway таким образом, чтобы минимизировать изменения в существующей инфраструктуре Банка. В результате выполнения этой части проекта, ПроКредит Банк не просто изменил систему для предоставления интернет-доступа, а получил решение высокого класса для фильтрации веб 2.0 и как результат - безопасный доступ к сети Интернет от лидера сегмента рынка - компании Intel Security (McAfee). Кроме того, с автоматической проверкой категории сайтов, отпала необходимость тратить инженерные ресурсы на ручную проверку классов веб-ресурсов, оптимизировала работу IT департамента.