Telecom Company Shrinks Time To Detect . - Sales.mcafee

CASE STUDYTelecom Company Shrinks Time toDetect and Respond to CyberthreatsCloud-based EDR and a McAfee integrated security platform streamlineinvestigations and enable proactive threat huntingEuropean TelecomCompanyCustomer ProfileLarge European mobile andfixed telephony providerIndustryTelecommunicationsIT Environment8,000 endpointsTo bolster its security posture and reduce the gap from detection to remediation, this largeEuropean mobile and fixed telephony company added McAfee MVISION Endpoint ThreatDetection and Response along with McAfee Advanced Threat Defense sandboxing andother solutions to its integrated security infrastructure. As a result, the security operationsteam caught more malware, improved workflows, shaved days off incident investigations,and became proactive threat hunters without needing additional headcount or expertise.1Telecom Company Shrinks Time to Detect and Respond to CyberthreatsConnect With Us

CASE STUDYThis large telecom provider, which provides millions ofphone lines to customers in Eastern Europe, has reliedon McAfee solutions for many years to protect its 8,000endpoints. Despite several strong competitors, it hasgrown rapidly and become a major mobile operatorbrand. With such a competitive environment, thecompany continually faces pressure to keep prices—andtherefore costs—low and cybercriminals at bay in orderto protect customers’ personally identifiable information(PII) as well as the company’s reputation.A Smarter, More Efficient Security EcosystemThe telecom company’s information security architectjoined the company several years ago—in large partbecause the company relied on McAfee as a foundationfor its security infrastructure. “I had worked previouslywith McAfee solutions and experienced how well theyworked together,” says the security architect. “I like theMcAfee strategy of creating a security ecosystem inwhich systems share relevant threat information amongthemselves, making every tool smarter and the wholeenvironment more secure.”An integrated security system with a centralmanagement console also helps streamline operations,reducing the security operations team’s burden. Thesecurity architect and other administrators use McAfee ePolicy Orchestrator (McAfee ePO ) software as asingle pane of glass to manage not only a wide rangeof McAfee endpoint and data protection solutions butMicrosoft Defender as well.2Telecom Company Shrinks Time to Detect and Respond to CyberthreatsConcerned about ransomware and other advancedthreats, the company decided to enhance its existingMcAfee infrastructure by upgrading its on-premisesendpoint protection to cloud-based McAfee EndpointSecurity, adding McAfee MVISION Endpoint ThreatDetection and Response (MVISION EDR), andimplementing two McAfee Advanced Threat Defenseappliances for dynamic and static sandboxing. As withthe company’s other McAfee solutions, the companydeployed them and manages them using McAfee ePOsoftware.Simplifying Endpoint Protection and ImprovingThreat Detection and PreventionBy implementing McAfee Endpoint Security, the securityoperations team simplified endpoint protection,reducing multiple technologies—including ThreatProtection, Firewall, Web Control, and Adaptive ThreatPrevention—to a single agent. Unlike traditional antivirussoftware, McAfee Endpoint Security also leveragesconnections between local endpoints and McAfee Global Threat Intelligence in the cloud to detect zero-daythreats in near real time. As soon as a threat has beenidentified on any endpoint, that information is sharedwith all the other endpoints. And if one of the company’sendpoints encounters an unknown or suspicious file, thefile is dynamically quarantined until it can be analyzed,whether via MVISION EDR or by a McAfee AdvancedThreat Defense sandbox.Challenges Provide a more robust,proactive defense tosafeguard customers’personal information Accelerate time to detect,investigate, and remediatecyberthreatsReduce operational burden ofthe security operations teamMcAfee Solution McAfee Advanced ThreatDefense McAfee Endpoint Data LossPreventionMcAfee Endpoint SecurityMcAfee ePolicyOrchestrator (McAfee ePO )McAfee File and RemovableMedia ProtectionMcAfee MVISION EndpointThreat Detection andResponseMcAfee Native EncryptionMcAfee Network Data LossPrevention

CASE STUDY“The volume of malware we have to deal with has definitely shrunk since implementingMcAfee Endpoint Security. But adding MVISION EDR as well has made an even biggerimpact on security posture. When our endpoints do encounter malware, we can nowrespond many times faster and more effectively than ever before.”—Information Security Architect, Large European Telecom Company“The volume of malware we have to deal with hasdefinitely shrunk since implementing McAfee EndpointSecurity,” notes the security architect. “But the additionof MVISION EDR has made an even bigger impact onsecurity posture. When our endpoints do encountermalware, we can now respond many times faster andmore effectively than ever before.”Faster, Easier Investigation and Time toRemediationBefore implementing MVISION EDR, the operationsteam had only tedious, manual methods to try toinvestigate suspicious files or incidents. “A typical threatinvestigation used to take multiple days or a week or waseven ignored because we just didn’t have that amountof time to spend,” explains the security architect.“Now there is no reason to ignore anything. From firstdetection of a malicious file to the start of remediation istypically 10 to 15 minutes, rather than days.”Since the McAfee Advanced Threat Defense appliancesand MVISION EDR are integrated with the company’sMcAfee SIEM solutions and McAfee ePO software,when a suspicious file or behavior is detected at theendpoint, the company’s SIEM automatically triggers3Telecom Company Shrinks Time to Detect and Respond to Cyberthreatsan investigation in MVISION EDR. McAfee ePO softwarealerts can also trigger an investigation. Within MVISIONEDR, advanced analytics and artificial intelligence(AI) help administrators understand the alert, fullyinvestigate, and quickly respond.“MVISION EDR does all the investigative preparation forus, collecting all the relevant details automatically—IPaddresses, device information, users, and so on—andreducing thousands of artifacts to the 100 or so that arerelevant,” continues the security analyst. “Then graphicvisualizations show how the various artifacts relate toone another, and AI-guided investigations help us quicklyunderstand what’s happening. Best of all, we don’thave to be experts to use it, so more staff can performinvestigations.”In addition, the security operations team uses MVISIONEDR to run real-time queries to determine if anythingsimilar has occurred anywhere else in the environment.They also conduct historical searches. MVISION EDRtakes a snapshot of a device or devices at a given pointin time, allowing the security team to investigate anincident later in greater depth.McAfee Solutions (continued) McAfee SIEM solutions:McAfee Enterprise SystemManager, McAfee LogManager, McAfee EventReceiver, McAfee AdvancedCorrelation Engine, McAfee Global Threat Intelligence forMcAfee Enterprise SecurityManager McAfee Threat IntelligenceExchangeResults Time to investigate threatsslashed from days to minutes Ability to investigate real-timeand historic incidents withexisting staff and skill setsSimpler but more effectiveendpoint protectionMore proactive defense fromthreat information sharingand automatic actionsMore efficient securityoperations and easieradministration thanks tocentral console and integratedsecurity platformReduced hassle and expensedue to a single-vendorapproach

CASE STUDYA More Proactive Security PostureDMZAgent Handler DXL BrokerLANInternetMcAfee Endpoint Security MVISION EDRMcAfee Endpoint Security MVISION EDRAgent HandlerMcAfee ePO DatabaseMcAfee ePO IDSMcAfee EnterpriseSecurity ManagerGatewaySecurityMcAfee MVISION EDRDXL BrokerMcAfee ThreatIntelligenceExchangeMcAfee GlobalThreat IntelligenceMcAfee AdvancedThreat Defense4Telecom Company Shrinks Time to Detect and Respond to CyberthreatsNow that McAfee MVISION EDR is continuouslymonitoring and gathering data to provide the visibilityand context needed to detect and respond tothreats, the company can also maintain a much moreproactive defense than ever before. “Proactive threathunting is one of the biggest benefits for us,” claimsthe information security architect, who also praisesthe solution’s detailed reporting functionality andcustomization capabilities.The company also improved its proactive stance byimplementing an integrated security infrastructure thatshares threat information bidirectionally throughoutthe enterprise via the Data Exchange Layer (DXL). Forinstance, when a malicious file has been detected at anendpoint, whether blocked by McAfee Endpoint Securityimmediately or quarantined and determined maliciousby investigation or sandbox analysis, that information isautomatically added to the McAfee Threat IntelligenceExchange threat reputation database and shared withall DXL-connected systems connected—which todayincludes all the company’s endpoints, its McAfee SIEM,McAfee Advanced Threat Defense sandboxes, andMVISION EDR software, as well as its Cisco pxGridinfrastructure. The company plans to integrate morethird-party tools with the DXL in the future.

CASE STUDYPreparing for the FutureLike many organizations, this telecom company isbeginning its move to the cloud, starting with MicrosoftOffice 365 and Microsoft Azure. In the near term, itplans to keep the McAfee ePO management console onpremises but intends to soon transition management ofendpoint protection for Internet-only users to the cloudbased McAfee MVISION ePO .“Taking measured steps to augment our securityinfrastructure has helped us succeed at keepingour company and customers secure,” concludes thecompany’s security architect. “It’s nice to know thatMcAfee can support us wherever we are in our journeyand can extend our integrated security infrastructurefrom device to cloud when we’re ready.”“A typical threatinvestigation used totake multiple days ora week, or was evenignored Now thereis no reason to ignoreanything. From firstdetection of a maliciousfile to the start ofremediation is typically10 to 15 minutes, ratherthan days.”—Information Security Architect,Large European Telecom Company6220 America Center DriveSan Jose, CA 95002888.847.8766www.mcafee.com5Telecom Company Shrinks Time to Detect and Respond to CyberthreatsMcAfee, the McAfee logo, MVISION, ePolicy Orchestrator, and McAfee ePO are trademarks or registered trademarks of McAfee, LLC or itssubsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2021McAfee, LLC. 4781 0921SEPTEMBER 2021

McAfee Native Encryption McAfee . plans to keep the McAfee ePO management console on premises but intends to soon transition management of