August 16, 2020
Last Updated:
November 17, 2023
McAfee MVISION XDR enables organizations to extend EDR capabilities, providing features for adversarial research and threat intelligence information. McAfee XDR is part of the McAfee Endpoint Security Suite, which includes solutions for endpoint and mobile protection, as well as policy management via an interface called MVISION ePO.
What Is McAfee XDR?
McAfee XDR or MVISION XDR, is an XDR security solution that organizations can use to keep their endpoints and connected systems secure. It combines adversarial research and threat intelligence information with endpoint telemetry data for protection of device-to-cloud connections.
Teams can use the McAfee MVISION XDR to:
- Collect and correlate data across system components
- Detect possible threats on endpoints, networks, gateways, cloud resources, or in sandboxes
- Triage and remediate alerts with contextual insights
- Perform AI-guided investigations
- Generate and share comprehensive reports
McAfee Endpoint Security Suite Overview
McAfee’s Endpoint Security Suite is a collection of solutions, including MVISION XDR. The suite is designed to help organizations protect their mobile devices, desktop machines, and cloud native endpoints.
The following solutions are included in the Endpoint Security Suite:
- MVISION Endpoint—provides protections for cloud-native, Windows PC, and server endpoints.
- MVISION Mobile—provides protections for iOS and Android-based mobile devices.
- MVISION EDR—enables teams to monitor network perimeters and detect, investigate, and remediate possible security threats.
- MVISION ePO—offers a centralized dashboard for policy-based management of device security.
- MVISION XDR—extends the capabilities of MVISION EDR by providing real-time insights and context that goes beyond endpoint traffic.
With these products, the platform incorporates features for:
- Machine learning (ML) based behavior classification—collects information on user activity and uses that information to develop known patterns of expected behavior. New events can then be compared to known behaviors to identify suspicious patterns. This information is applied to automatically add rules to prevent malicious behavior or to repair endpoints following the detection of threats.
- McAfee protection for targeted attacks—enables teams to automate alert responses for known incidents. This helps ensure faster responses and can help security teams stop advanced persistent threats (APT) or other threats with multiple attack phases.
- Adaptive malware scanning—automatically prioritizes scanning of unknown applications or processes for faster threat detection and response.
- Proactive web security—enables endpoint traffic filtering and dynamic web protections for safer browsing.
- Dynamic application containment—enables the containment of greyware (non-malicious but annoying programs) or ransomware, to prevent the spread of threats or infections.
- Network attack protection—includes device firewalls that incorporate site and IP reputation scores sourced from the McAfee GTI framework. These scores are used to proactively identify suspicious users, direct denial of service (DDoS) attackers, or botnets.
- Threat forensics—enables security teams to track suspicious traffic or malware across an organization’s systems for forensic investigations. This information can be used to isolate attacks or to derive insights for future proactive measures.
Through these combined solutions and features, the Endpoint Security Suite can provide:
- Advanced threat protection—the suite uses ML technologies and endpoint detection and response (EDR) to detect threats that are often missed by traditional solutions. For example, fileless threats, ransomware, insider threats, or zero-day threats.
- Centralized control—integration of solutions and capabilities enables teams to monitor, manage, and respond to security issues from a unified platform. This centralization ensures more accurate detection and reporting and faster response.
- Broad endpoint support—solutions provide coverage for almost any system or component an organization is using, including Linux, Windows, and macOS machines, cloud-native endpoints and resources, and iOS and Android devices.
Different XDR security solutions offer different architectures. For information about Palo Alto XDR or Cisco XDR check out our in-depth guides.
McAfee ESM Cloud
Effective XDR solutions rely on the collection, aggregation, and processing of events from across various system components. The more sources a security team can integrate, the more comprehensive their analyses and the more accurate their conclusions are.
To ensure organizations are collecting comprehensive data, McAfee offers the McAfee Enterprise Security Manager (ESM) Cloud. ESM Cloud is a security and information event management (SIEM) solution based in the cloud. It supports XDR by ingesting event logs from an organization’s various components and correlating the data. This data collection is scalable, and results from XDR are normalized and enriched by the results of other solutions.
With ESM, organizations can monitor, manage alerts, and report findings from a single dashboard. This central dashboard enables teams to prioritize threats and reduce incident response times.
Features of the McAfee ESM Cloud include:
- Automatic installation—functionality is available out-of-the-box with no need for complex installation. This installation includes access to advanced real-time
- analytics, alert prioritization, and integration options for hundreds of data sources.
- Continuous improvement—ESM Cloud is a managed service with all updates handled by McAfee. This management ensures the latest threat intelligence and capabilities.
- Scalability—the solution is based in the cloud and can be freely scaled without having to purchase additional hardware. This scalability also helps reduce the chance of wasted or idle resources.
Want to dive deep into EDR? Here are some resources
Beyond XDR Security With Cynet’s Autonomous Breach Protection
Cynet 360 is an autonomous breach protection platform that works in three levels, providing XDR, SOAR, and 24/7 MDR in one unified solution. Cynet natively integrates these three services into an end to end, fully-automated breach protection.
Cynet’s XDR layer includes the following capabilities:
- Endpoint protection—multilayered protection against malware, ransomware, exploits and fileless attacks.
- Network protection—protecting against scanning attacks, MITM, lateral movement and data exfiltration.
- User protection—preset behavior rules coupled with dynamic behavior profiling to detect malicious anomalies.
- Deception—wide array of network, user, file decoys to lure advanced attackers into revealing their hidden presence.
Cynet 360 can be deployed across thousands of endpoints in less than two hours. It can be immediately used to uncover advanced threats and then perform automatic or manual remediation, disrupt malicious activity and minimize damage caused by attacks.
Get a free trial of Cynet 360 and experience the world’s only integrated XDR, SOAR and MDR solution.
How would you rate this article?