McAfee ePolicy Orchestrator (ePO)

Main articles:

• Antiviruses
• Technology antispam
• Firewall
• DLP - Data Loss/Leak Prevention - Technologies of privileged information loss prevention

McAfee ePolicy Orchestrator is a basis for the McAfee Security Management Platform platform, it allows to integrate the solutions of security, best in the industry, with infrastructure of the enterprises to improve collection of information, to increase efficiency and to strengthen protection level.

McAfee ePO provides:

• End-to-end visibility. Overall picture of a system status of security. Dashboards with a possibility of drag and drop and detailing spread the information of protection among endpoints, data, mobile devices and networks, providing immediate idea of a system and reducing reaction time.
• The simplified operations on security.
• The opened, expanded architecture. The maximum use of opportunities of the existing infrastructure. The software of ePO allows to integrate management of solutions of McAfee and third-party suppliers with the network protocol LDAP, IT processes and management tools of a configuration.

2020: Elimination of the vulnerability allowing the malefactor to perform operations on behalf of the administrator

The expert of Positive Technologies revealed vulnerability in a management system for McAfee ePO security aids. The company reported about it on November 6, 2020.

The error was able to allow the malefactor to perform operations on behalf of the system administrator, for example, to turn off protection for development of the attack to network.

The McAfee company noted the help of the expert of Positive Technologies Mikhail Klyuchnikov in elimination of vulnerability in McAfee ePolicy Orchestrator (McAfee ePO) — the console for control of security of the enterprise which gives the chance to manage protection of endpoints, networks, data and compliance to regulations. The product is used for November, 2020 by over 36,000 companies and the organizations.

Vulnerability of CVE-2020-7318 got ID CVE-2020-7318 and assessment 4.6 on CVSS v3.1 scale.

Vulnerability arises due to the lack of due filtering of user data — Mikhail Klyuchnikov tells. — It is classical vulnerability of cross-site scripting. The malefactor can provoke the operator of a system to follow the malicious URL and from his name to make illegitimate actions in an administration panel, operating regular functionality of a panel, or to try to detect additional vulnerabilities for penetration into other network segments. Attacking can be both internal, and external.

For elimination of vulnerability it is necessary to update a system to the version of ePO 5.10.0 of Update 9.

Earlier experts of Positive Technologies found dangerous vulnerability in protection of McAfee for ATMs.

2013

Advantages

• Speed and ease of deployment

Ensuring joint work of universal solutions for security management and reduction of risk for the purpose of reduction of gaps in protection and decrease in level of complexity. Standard deployment with one agent and forced implementation individually configured the politician quickly is provided and support protection of your environment.

• The accelerated response time

Receiving immediate, necessary for taking measures, idea of threats, vulnerabilities and systems for the purpose of diagnosing of events of security and response to them in process of approach. Distinguish risks and define their priority for read seconds, update thousands of systems in several minutes.

• Increase in efficiency

Business process optimization of protection and compliance to regulations using automation and existence of the personalized work area. The architecture of McAfee ePolicy Orchestrator (ePO) of a corporate class can be used in the organizations of any scale, considerably reducing number of required servers.

• Preparation of the infrastructure of security for requirements of tomorrow

Protection of IT structure both from today's, and from tomorrow's threats. The data on threats in real time received from McAfee Labs provide anticipatory protection of infrastructure. The open platform facilitates a possibility of rapid implementation of new products of security in process of emergence of new categories of threats.

Supported platforms

OS of the server: 32-bit versions

• Windows Server 2008 with service pack 2 (SP2) Standard, Enterprise or Datacenter
• Windows Server 2003 с SP2 Standard, Enterprise или Datacenter

OS of the server: 64-bit versions

• Windows Server 2008 с SP2 Standard, Enterprise или Datacenter
• Windows Server 2008 R2 Standard, Enterprise или Datacenter
• Windows Server 2008 for Small Business Premium
• Windows Server 2003 с SP2 Standard, Enterprise или Datacenter

Browser

• Firefox 3.5
• Firefox 3.6
• Internet Explorer 7.0
• Internet Explorer 8.0

Support of network

• IPv4
• IPv6

Virtual server

• VMware ESX 3.5.x Update 4
• VMware ESX 4.0 Update 1
• Citrix XenServer 5.5 Update 2
• Windows Server 2008 R2 Hyper-V

Database (32-and 64-bit)

• SQL Server 2008 с SP1/SP2/R2 Standard, Enterprise, Workgroup, Express
• SQL Server 2005 с SP3 Standard, Enterprise, Workgroup, Express

Additional requirements

The volume of an empty seat on a disk: 1.5 GB (2 GB are recommended) RAM: 1 GB (2 — 4 GB are recommended) Processor: Intel Premium 4 or above, 1.3 GHz or above Monitor: 1024x768, 256 flowers, VGA NIC: 100 MB or above File system: NTFS is recommended If more than 250 systems are subject to management, then it is recommended to use for this purpose the separate server. IP address: McAfee recommends to use the static IP address.