McAfeeWorks.com is a McAfee SecurityAlliance Premier Partner

McAfee - Antivirus Software and Intrusion Prevention SolutionsMcAfee Risk and Compliance Manager

Automate and streamline compliance reporting and reduce costs

McAfee Risk and Compliance Manager

Formerly McAfee Preventsys

McAfee Risk and Compliance Manager Overview:

Synthesizing data from your disparate security systems for a holistic view of security risks and compliance issues is time- and labor-intensive. McAfee Risk and Compliance Manager (formerly McAfee Preventsys®) automates data gathering from your security solutions, leveraging their value while reducing the time and costs of identifying risks, addressing gaps and demonstrating compliance.

Key Advantages:
Automate security auditing and get valid information
  • Spend less time on manual processes and eliminate duplicate results by correlating data from various point products

Leverage your security investments and maximize your return on investment (ROI)

  • Easily integrate third-party security software, open-source tools, or McAfee products without ever having to change your security process or reports

Prioritize risk and exposure to close the gaps

  • Correlate data across your infrastructure for a prioritized list of top IT security risks that require remediation

Effective, comprehensive compliance reporting

  • Demonstrate compliance against regulatory policies, your own corporate security policies, and industry-established frameworks
  • Quantify security risks
  • Show management the effectiveness of their security controls with consistent risk and compliance scorecards


Description:

Your company has substantial investments in your existing proactive security systems. As you’re not likely to rip and replace these systems any time soon, you need to ensure you maximize their ROI. The trouble is, consolidating information from all these disparate sources take an inordinate amount of time and monopolizes precious human and IT resources.

Thanks to its open architecture, McAfee Risk and Compliance Manager automatically synthesizes security information from your existing security systems and serves it up in a variety of formats—from high-level dashboard views to detailed IT-focused reports. These aggregated views helps you identify and prioritize risks, address gaps, and demonstrate compliance to auditors, managers, your board of directors, shareholders, and customers.

By automating security data consolidation across your infrastructure, you can easily establish and implement effective, repeatable methodologies for your security risk management and compliance reporting processes. As a result of this automation, you reduce business risk while saving time, money, and resources.

Another advantage of Risk and Compliance Manager is the ability to audit both discrete network segments and the entire network on daily, weekly, monthly, or quarterly intervals—as well as on demand. Compare this with manual audits based on extrapolated findings, and you’ll see that you gain a much more accurate picture of actual business risk and opportunities for addressing them. You can also better prioritize your company’s security risks and exposure.

A key component of Risk and Compliance Manager is PolicyLab, our patent-pending policy development environment. PolicyLab allows you to input your corporate policies, edit pre-populated regulatory policies, and add your own administrative controls or manual audit tasks. This way, you’re better able to meet regulatory and corporate policies and save time, greatly improving overall compliance posture.

Risk and Compliance Manager dashboard view
Figure 1: The McAfee Risk and Compliance Manager dashboard view of an enterprise’s compliance with the Sarbanes-Oxley Act per business unit

Risk and Compliance Manager user view
Figure 2: The Risk and Compliance Manager user view shows policy violations, their severity level, and their priority for the enterprise or business unit.

Risk and Compliance Manager PolicyLab user view
Figure 3: The Risk and Compliance Manager PolicyLab user view shows policies on the left, the viewed policy in the middle, and the rules on the right.

Benefits and Features:

Benefits:

  • Gain a holistic, real-time view of risk and compliance
    With a click of the mouse, you can view and prioritize top IT security risks and compliance issues across the enterprise; determine status in real time using dashboards and compliance reports derived from live security system feeds that eliminate duplicate results
     
  • Save time and money by automating security auditing
    Spend less time and resources on manual processes and eliminate duplicate results by automatically correlating security data across all your various standalone point products
     
  • Leverage existing security system investments
    Easily integrate third-party security software, open-source tools, and other McAfee products without changing your security process or reports
     
  • Simplify demonstration of compliance
    Demonstrate compliance with regulatory polices and your own internally developed security policies, not just industry-established frameworks; automated compliance reporting saves time and resources in demonstrating compliance to auditors and management, eliminating the need for pre-audits
     
  • Reassure executives
    Show the effectiveness of your company's security controls by giving top-line managers risk and compliance scorecards on a regular basis

Features:

  • Risk and compliance dashboards
    Quickly identify the top two percent of risks with a customizable view of consolidated vulnerabilities, configuration errors, and threats; gain an overview of compliance with policies, controls, and standards
     
  • Flexible reporting options
    Produce high-level reports for executives and detailed analyses for IT managers; get comprehensive risk data on your entire infrastructure that includes drill downs and comparison reports by asset, policy, controls, and business unit
     
  • Compliance library
    Access a collection of pre-packaged regulations, policies, configuration standards, and industry best practices that make configuration and customization within your environment quick and easy
     
  • PolicyLab for compliance reporting
    Report compliance with established security standards like NIST, NSA, SANS and CIS benchmarks and regulatory policies like HIPAA, SOX, GLBA, and FISMA using PolicyLab™, our cost-effective custom policy-development environment
     
  • Integration with McAfee ePolicy Orchestrator® (ePO™)
    Aggregate network and asset data stored within ePO with the vulnerability data of McAfee Vulnerability Manager (formerly McAfee Foundstone®)for accurate and complete risk reporting; gain a comprehensive view of your risks to better prioritize remediation actions for your most important assets
     
  • Support for a wide range of security management solutions
    Take advantage of an array of solutions:
    • McAfee Vulnerability Manager
    • McAfee Policy Auditor
    • McAfee Remediation Manager
    • McAfee ePolicy Orchestrator
    • Open-source solutions
    • Third-party solutions


Pre-packaged templates for fast and easy customization and configuration
 

Supported Regulations Supported Standards, Frameworks, Best Practices Supported Solutions
  • HIPAA
  • GLBA
  • SOX
  • (ISO/IEC) 17799
  • NERC
  • FFIEC
  • CoBIT 4.1
  • Basel II
  • NIST/FISMA
  • NIST Guidelines
  • NIST Cryptography Policy
  • NIST Firewall
  • NIST Wireless Policy
  • NIST Security Controls
  • NSA Router
  • NSA SQL Server
  • SANS Institute Top 20 List - Unix & Windows vulnerabilities
  • McAfee Vulnerability Manager
  • McAfee Policy Auditor
  • McAfee Remediation Manager
  • McAfee ePolicy Orchestrator® (ePO™)
  • Open-source tools
  • Third-party solutions

 

System Requirements:

Note: The following are minimum system requirements only. Actual requirements vary depending on the nature of your environment.

Management Server (ESM Server) Appliance

Dell PowerEdge 1950 III 

  • Quad Core Xeon E5440, 2.83GHz, 1333MHz
  • 4GB RAM
  • 4x73 GB 10,000RPM 2.5" SAS Hard Drives in a RAID 5 configuration (3+1)
  • 1 Gigabit NIC
  • Redundant power supply with 2 cords
  • 1 CD-ROM drive
  • No operating system
  • Rack chassis with sliding rapid/versa rails and cable management arm.

Assessment Server Appliance

PowerEdge R200

  • Intel Core 2 Duo E4500, 2.2GHz, 2MB Cache,  800MHz FSB
  • 1 GB DDR2, 800MHz, 2x512MB
  • 1 80GB, Serial ATA 7,200 RPM Hard Drive
  • On-Board Dual Gigabit Network Adapter
  • 1 DVD-ROM Drive
  • No Operating System Configuration
  • Rack chassis with versarails

Documentation:

PDF File
Download the McAfee Risk and Compliance Manager Datasheet (PDF).