McAfee

Overview

McAfee Global Threat Intelligence Technology
McAfee Labs is one of the world's leading sources for threat research, threat intelligence, and cybersecurity thought leadership. The McAfee Labs team of more than 400 threat researchers correlates real-world data collected from millions of sensors across key threat vectors — file, web, message, and network—and delivers threat intelligence in real-time to increase protection and reduce risk. McAfee Global Threat Intelligence (GTI) notices the anomalous behavior and predictively adjusts the website's reputation so McAfee web security products can block access and protect customers. Then McAfee GTI looks out across its broad network of sensors and connects the dots between the website and associated malware, email messages, IP addresses, and other associations, adjusting the reputation of each related entity so McAfee's security products — from endpoint to network to gateway — can protect users from cyberthreats at every angle. McAfee GTI offers the most comprehensive threat intelligence in the market. With visibility across all threat vectors — file, web, message, and network — and a view into the latest vulnerabilities across the IT industry, McAfee correlates real-world data collected from millions of sensors around the globe and delivers real-time, and often predictive, protection via its security products.


McAfee GTI includes the following cloud-based services:
  • McAfee GTI file reputation
  • McAfee GTI web reputation
  • McAfee GTI web categorization
  • McAfee GTI message reputation
  • McAfee GTI network connection reputation
McAfee Global Threat Intelligence — The Right Way
We at McAfee believe there are six principles that make Global Threat Intelligence effective, and are committed to delivering on each of them.
  • Maintain a footprint that spans the Internet, including millions of sensors gathering real-world threat information.
  • Gather and correlate data from and across all threat vectors, including file, web, message, and network.
  • Ensure that data collection and threat intelligence distribution are cloud-based and performed in real time.
  • Deliver reputation-based threat intelligence.
  • Integrate threat intelligence into a complete suite of security products.
  • Support the entire process with a global research team dedicated solely to threat intelligence.

McAfee GTI Reputation & Categorization Services

McAfee Global Threat Intelligence file reputation is McAfee's comprehensive, real-time, cloud-based file reputation service that enables McAfee products to protect customers against both known and emerging malware-based threats. McAfee's cloud-based system receives billions of file reputation queries each month and responds with a score that reflects the likelihood that the file in question is malware. The score is based not only on the collective intelligence from sensors querying the McAfee cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from web, email, and network threat data. The McAfee anti-malware engine — whether deployed as part of an endpoint anti-malware, gateway, or other solution — uses the score to determine action (such as block or quarantine) based on local policy.

Key benefits:
  • Compresses the threat protection time period from days to milliseconds
  • Increases malware detection rates
  • Reduces downtime and remediation costs associated with malware attacks

McAfee Global Threat Intelligence web reputation is McAfee's comprehensive, real-time, cloud-based URL and web domain reputation service that enables McAfee products to protect customers against both known and emerging web-based threats. McAfee's cloud-based system receives billions of web reputation queries daily and responds with a score that reflects the likelihood that the URL, web domain, or DNS server in question is a phishing site, infected with malware, or otherwise malicious. The score is based not only on the collective intelligence from sensors querying the McAfee cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, email, and network threat data. McAfee products, such as McAfee Web Gateway, use the score in combination with product intelligence to determine action based on local policy. McAfee not only calculates reputations for URLs, but also for domains, their associated IP addresses, and DNS servers.

Key benefits:
  • Protects users from Web 2.0 threats, social engineering, and drive-by malware downloads
  • Increases end-user awareness of online dangers
  • Reduces system and network burden by blocking threats at the network edge

McAfee Global Threat Intelligence web categorization is McAfee's comprehensive, real-time, cloud-based URL and web domain categorization service that enables McAfee products to take policy-based action on user web activity as well as protect customers against both known and emerging web-based threats. McAfee's cloud-based system has granular categorizations for millions of websites across more than 90 categories. The information is based on the collective intelligence from sensors providing information to the McAfee cloud as well as analysis performed by McAfee researchers and automated tools created by McAfee Labs. McAfee products, including McAfee Web Gateway, use the score in combination with product intelligence to determine action based on local policy. McAfee not only calculates reputations for URLs, but also for domains, their associated IP addresses, and DNS servers.

  • Protects users from Web 2.0 threats, social engineering, and drive-by malware downloads
  • Safeguards organizations from legal liabilities by blocking inappropriate online content
  • Increases organizations' employee productivity by blocking unauthorized websites

McAfee Global Threat Intelligence message reputation is McAfee's comprehensive, real-time, cloud-based message and sender reputation service that enables McAfee products to protect customers against both known and emerging message-based threats such as spam. McAfee receives hundreds of millions of email queries daily, takes a fingerprint of the message content (versus the content itself, for privacy reasons), and analyzes it along many dimensions. Message reputation combines with factors such as spam-sending patterns and IP behavior to determine the likelihood that the message in question is malicious. The score is based not only on the collective intelligence from sensors querying the McAfee cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, web, and network threat data. McAfee products, such as McAfee Email Gateway, use the score to determine action based on local policy.

  • Protects users from social engineering messages and other message-borne threats
  • Reduces system and network burden by blocking threats at the network edge
  • Safeguards organizations from legal liabilities by blocking messages containing inappropriate online content

McAfee Global Threat Intelligence network connection reputation is McAfee's comprehensive, real-time, cloud-based service that combines IP address, network port, and communications protocol to determine granular reputation intelligence, enabling McAfee products to protect customers against both known and emerging network threats. McAfee collects data from billions of IP addresses and network ports, providing hundreds of trillions of unique views, and calculates a reputation score based on network traffic, including port, destination, protocol, and inbound and outbound connection requests. The score reflects the likelihood that a network connection poses a threat, such as a connection associated with botnet control. The score is based not only on the collective intelligence from sensors querying the McAfee cloud and the analysis performed by McAfee Labs researchers and automated tools, but also on the correlation of cross-vector intelligence from file, web, and network threat data. McAfee products, including McAfee Firewall Enterprise and McAfee Network Security Platform, use the score to determine action based on local policy.

  • Protects endpoints from botnets, distributed denial-of-service (DDoS) attacks, command and control activity, advanced persistent threats, and risky web connections
  • Reduces system and network burden by blocking threats at the network edge
  • Decreases downtime and remediation costs associated with network-based attacks
McAfee Labs Threats Report
Download Threat Report
top