McAfee Advanced Threat Defense (ATD

McAfee Advanced Threat Defense (ATD VM for Microsoft Azure

McAfee Advanced Threat Defense (ATD


McAfee Advanced Threat Defense (ATD VM for Microsoft Azure

McAfee Advanced Threat Defense provides in-depth inspection to detect evasive threats. Advanced detection techniques from sandboxing and full static code analysis to deep learning pinpoint malicious behavior patterns to convict emerging, difficult-to-detect threats.

McAfee Advanced Threat Defense in Azure provides the same benefits as the on-premises solution—from advanced SOC features and customizability to data privacy and version control—but with the savings and convenience associated with your Azure service.

Unparalleled analysis produces threat intelligence insights that are easily shared across your entire environment – whether on-premise, in the cloud or a combination of both - to enhance protection and support investigations in the SOC.

Use cases:

  • Enhance detection of existing security solutions from gateway to endpoint: Regardless of deployment location on-premise or in the cloud, integrated solutions submit samples to ATD for analysis and receive analysis results for action and enhanced protection
    • Integrated solutions
      • McAfee ATD Email Connector enables integration with any email gateway
      • McAfee Network Security Platform (IPS)
      • McAfee Threat Intelligence Exchange enables integration with:
        • McAfee Application Control
        • McAfee Endpoint Protection
        • McAfee Security for Email Servers
        • McAfee Server Security
      • McAfee Web Gateway
      • REST application programming interfaces (APIs) facilitate additional integrations
  • Enable investigation with advanced features and threat intelligence sharing
    • Advanced SOC features: Analysts easily access centralized advanced analysis capabilities through Azure.
      • Validate threats with configurable analysis environments and manual sample submission
      • Interact directly with samples to best understand potential end-user experience
      • Access critical information for investigation and threat hunting: Detailed reports and IoCs from disassembly output and memory dumps to graphical function call diagrams and embedded or dropped file, user API logs, and PCAP information.
      • Bro Network Security Monitor integration: Deploy Bro sensor to a suspected network segment to monitor and capture traffic and forward files to ATD for inspection
    • Share threat intelligence: Create and support a collaborative security ecosystem with automated threat intelligence sharing.
      • Integrated solutions
      • McAfee Active Response
      • McAfee Enterprise Security Manager (SIEM)
      • McAfee ePolicy Orchestrator®
      • McAfee Data Exchange Layer (DXL) and OpenDXL: Any integrated solution
      • STIX/TAXII: Any integrated solution

    For information or to start an evaluation of McAfee Advanced Threat Defense, contact your McAfee representative or visit here