McAfee ATD 3.4.8

McAfee ATD 3.4.8

donderdag 30 juli 2015

advanced-threat-defenseMcAfee heeft versie 3.4.8 beschikbaar gesteld van Advanced Threat Defense (ATD). Het installeren van deze versie wordt aangeraden om zo gebruik te kunnen maken van de laatste features.

Deze versie beschikt nu onder andere over ondersteuning voor LDAP, betere integratie met McAfee ePO (met name Threat Event Publisher integratie), integratie met McAfee TIE (Threat Intelligent Exchange) en verbeteringen aan TIE-DXL.

New Features McAfee ATD 3.4.8

LDAP support
With this release, Lightweight Directory Access Protocol (LDAP) feature enables Advanced Threat Defense to configure a dedicated LDAP server for user authentication. Having a separate server for user authentication facilitates a secured and centralized authentication system. It provides a robust and secure credential authentication and management system for various types of Advanced Threat Defense users. Also, configuring a dedicated LDAP server helps in avoiding data replication (at multiple hosts) and thus increases data consistency. LDAP authentication is applicable only to users with Administrator role enabled in Advanced Threat Defense. For non-administrative users like nsp, mwg, atdadmin etc., authentication using LDAP server is not supported. These users use Advanced Threat Defense database for authentication.

Threat Event Publisher integration support with McAfee ePO
Threat Event Publisher integration with McAfee ePO enables Advanced Threat Defense to send relevant data about submitted samples to McAfee ePO. Users can select in the Advanced Threat Defense user interface the severity level of files for which the data needs to be captured. The two severity levels of samples as listed in the Advanced Threat Defense user interface are All and Malicious (Medium to very high). This storage of information in McAfee ePO in-turn facilitates debugging and support activities. Following data are sent to McAfee ePO from Advanced Threat Defense upon configuration.

  • MIS Version
  • Timestamp
  • IOC File
  • ATD IP
  • Job ID
  • Size
  • MD5 value
  • Severity
  • Task ID

Collection of Telemetry data
Telemetry feature allows Advanced Threat Defense to collect data about malwares and subsequently send their respective reports to GTI server. These data are then sent to labs to update their database, which in turn helps Advanced Threat Defense in early detection when GTI scan is enabled. Broadly, the data captured by Advanced Threat Defense can be classified under the following two categories.

  • Telemetry data for GTI/McAfee Labs – McAfee Labs require analysis results from Advanced Threat Defense, as telemetry, to update their databases in order to categorize the samples/malwares which were analyzed by Advanced Threat Defense. This telemetry data contain various information related to the samples analyzed by the Advanced Threat Defense.
  • Telemetry data for Advanced Threat Defense Appliance to be used by Advanced Threat Defense – Telemetry data related to Advanced Threat Defense Appliance are collected. This help us improve Advanced Threat Defense and also helps us understand how customers use Advanced Threat Defense Appliance. Following is the list of system data which we collect for Advanced Threat Defense. Data is uploaded on labs server using REST secure channel.

TIE Enterprise Reputation
With this release, integration of Advanced Threat Defense with McAfee Threat Intelligent Event (TIE) is introduced. The integration helps Advanced Threat Defense to get the TIE Enterprise file reputation and GTI reputation from TIE server through DXL broker for the samples submitted to Advanced Threat Defense. If DXL channel is enabled and GTI reputation is configured in Analyzer Profile, then, Advanced Threat Defense does a file reputation lookup (GTI/TIE enterprise) for submitted samples through DXL broker. Threat Analysis Report shows the TIE Enterprise file reputation severity score, if configured by the Administrator. If TIE enterprise file reputation is not set by the administrator, then only GTI file reputation fetched from the TIE server is displayed in the Threat Analysis Report.

Release Notes & Download

Meer informatie over McAfee ATD 3.4.8 kunt u vinden in de release notes.

U kunt McAfee ATD 3.4.8, na aanmelden met een geldig grantnumber, downloaden via de McAfee downloads site.