Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Introducing <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> is a host-based intrusion detection and prevention system<br />
that protects system resources and applications from external and internal attacks. It delivers<br />
a manageable and scalable intrusion prevention solution <strong>for</strong> workstations, notebooks, and critical<br />
servers, including web and database servers. It proactively blocks zero-day and known attacks<br />
with patented technology.<br />
<strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> protects against unauthorized viewing, copying, modifying, and<br />
deleting of in<strong>for</strong>mation and the compromising of system and network resources and applications<br />
that store and deliver in<strong>for</strong>mation. It accomplishes this through a combination of behavioral<br />
rules, host and network signatures, and a system firewall to block attacks and reduce the<br />
urgency of patches <strong>for</strong> new threats.<br />
As soon as <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> is installed, you are protected. The default settings allow<br />
<strong>for</strong> a rapid, large-scale deployment. For greater protection, you can apply stricter preset or<br />
custom policies.<br />
<strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> is fully integrated with ePolicy Orchestrator and uses the ePolicy<br />
Orchestrator framework <strong>for</strong> delivering and en<strong>for</strong>cing policies. This approach provides a single<br />
management solution that allows <strong>for</strong> mass deployment — up to 100,000 systems — in multiple<br />
languages across an entire enterprise <strong>for</strong> true global coverage.<br />
<strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> functionality is divided into IPS, Firewall, Application Blocking, and<br />
General features to provide greater control in delivering protection to users.<br />
Contents<br />
<strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> protection<br />
Types of <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> policies<br />
Policy management<br />
Policy tracking and tuning<br />
<strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> protection<br />
As soon as the <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> client is installed, intrusion prevention protection is<br />
in effect. Communication with the <strong>ePO</strong> server is required <strong>for</strong> monitoring and policy and content<br />
updates.<br />
ePolicy Orchestrator communicates policy in<strong>for</strong>mation to <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> clients on<br />
a regular interval through the ePolicy Orchestrator agent. <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> clients<br />
en<strong>for</strong>ce the policies, collect event in<strong>for</strong>mation, and transmit the in<strong>for</strong>mation back to ePolicy<br />
Orchestrator. Client-side management is available through a client console <strong>for</strong> Windows clients<br />
and a troubleshooting utility <strong>for</strong> non-Windows clients, where you monitor and change protection,<br />
including turning features on and off, manually creating client rules, and viewing logs.<br />
<strong>McAfee</strong> <strong>Host</strong> <strong>Intrusion</strong> <strong>Prevention</strong> 7.0 <strong>Product</strong> <strong>Guide</strong> <strong>for</strong> use with ePolicy Orchestrator <strong>4.0</strong><br />
7