McAfee Application Control

Today’s IT departments face tremendous pressure to ensure that their endpoints comply with many different security policies, operating procedures, corporate IT standards, and regulations. Extending the viability of fixed function devices such as point-of-sale (POS) terminals, customer service terminals, and legacy NT platforms has become critical.

Application Control uses dynamic whitelisting to ensure that only trusted applications run on devices, servers, and desktops. This provides IT with the greatest degree of visibility and control over clients, and helps enforce software license compliance

McAfee Application Control software provides an effective way to block unauthorized applications and code on servers, corporate desktops, and fixed-function devices. This centrally managed whitelisting solution uses a dynamic trust model and innovative security features that thwart advanced persistent threats — without requiring signature updates or labor-intensive list management.

Complete protection from unwanted applications

Application Control extends coverage to executable files, libraries, drivers, Java apps, ActiveX controls, scripts, and specialty code for greater control over application components.

Flexibility for desktop users and server admins

IT can empower select desktop and server users to approve new apps instantly, and IT can choose to approve or reject these new apps during their routine audit.

Viable security for fixed-function and legacy systems

Application Control has a small footprint and low performance overhead, making it the perfect solution for protecting fixed-function devices, such as kiosks and point-of-sale (POS) terminals. 

 

It also extends protection to your legacy Windows NT and Windows 2000 systems.

Minimize patching while protecting memory

Allows you to delay patch deployment until your regular patch cycle. In addition, it prevents whitelisted applications from being exploited via memory buffer overflow attacks on Windows 32- and 64-bit systems.

 

Secure Your ATMs (Protect automated teller machines against attacks and noncompliance)

ATMs process both financial and personally identifiable data, they attract both criminals and regulators. Criminals attack vulnerabilities in the ATM software, and regulators (both industry and government) layer restrictions and audit requirements on the ATM supply chain. ATMs are vulnerable because they are both high-tech and low-tech. Sophisticated ATM systems handle deposits, withdrawals, account services, cash advances, and payment processing. 

ATM vulnerabilities must be addressed in system design and implementation to ensure that your customer data and your ability to service their needs are not affected. Effective ATM security must compensate for:

  • Limited CPU and memory resources.
  • Targeted attack vectors
  • Gold image or baseline configuration drift
  • Operating system security patch updates.
  • Poor accountability and compliance
  • Management complexity

 

Solution Description

To address the unique challenges of the ATM environment, the heavy footprint of traditional security solutions must be replaced by an approach that operates within the limited resources of an ATM system and service model. McAfee recommends a whitelisting model to proactively restrict the software on the device to the baseline functions that you have tested and approved, preventing malware and unapproved software from executing.

CPU and memory resource utilization

A whitelisting approach can drastically reduce the security software footprint on an ATM system. The reason for this is a complete shift in how the technologies work. In a standard AV environment, one must be concerned about the infinite and ever-evolving threats in the wild. As threats are discovered and protection mechanisms developed, a new signature needs to be added to the ever-increasing library on every system. This process repeats every day until it becomes unsustainable for ATM systems. A whitelisting approach, however, is only concerned about what is truly allowed to run for the device to function. This list is finite and does not need to be updated unless new functionality is required, providing greater protection at a fraction of the system resources

Attack vectors 

A whitelisting approach will only allow code that has been designated as trusted to run. New malware or executables that have not been granted rights cannot execute

Gold image or baseline drift 

Whitelisting should protect systems from unintentional changes in code or configuration, as well as updates that could cause the system to drift from a known good or gold image. This predictability is imperative to ensure expected operation as well as enable auditing and compliance reporting.

Operating system security patch updates 

A whitelisting approach will allow your organization to patch on your schedule and not that of the vendor. Since whitelisting prevents new malware from running, it provides a window of protection. Administrators have time to test new patch sets thoroughly before applying them.

Clear accountability and compliance 

The system should only permit updates by approved users. It should also maintain precise, detailed audit trails of changes and change attempts. Reports should make it easy to track down the root cause of issues and be specific enough—users, times, activity sequence— to be actionable in educating users on policy or providing evidence in the case of wrongdoing.

Management complexity

A security solution for ATM devices must be integrated into the broader security and compliance management platform and existing processes. This consistency facilitates policy management, continuous compliance, incident response, auditing, and reporting for PCI. Integrated reports and dashboards improve monitoring and reduce the cost of operations.

 

Technologies Used in the McAfee Solution 

McAfee has integrated application whitelisting with other important controls—file integrity monitoring and change management—into a single “deploy and forget” solution optimized for ATM devices. 

McAfee Change Control provides tight control over attempted changes as well as broad visibility into changes to ensure that ATM devices remain up and running and free of malware. It is a low footprint, low overhead software solution that runs transparently, without the heavy resource utilization, disruption, and constant updates of traditional file system scanning. 

McAfee Integrity Control which combines McAfee change Control and the McAfee ePolicy Orchestrator management console—provides integrated audit and compliance reports to help you satisfy PCI and other compliance regulations. This environment connects your ATM security into your broader security management infrastructure, eliminating duplication and reducing management complexity. 

 

A centrally managed whitelisting approach can reduce the attack surface of ATM systems. 

 

The visibility into the ATM environment is delivered through the McAfee ePO platform and enables you to continuously verify the security of ATM systems, validate compliance to auditors, and document evidence and an audit trail in the event of a breach.

 

Features & Benefits

Reduce risks from unauthorized applications and code

Allow only trusted applications to run on your endpoints, fixed-function devices, and servers. McAfee Application Control also stops malware — whether binaries, kernel components, DLLs, ActiveX controls, scripts, or Java components — from executing.

Save time and lower costs with dynamic whitelisting

Maximize administrator efficiency with a dynamic trust model that does not require signature updates or labor-intensive list management.

Reduce patch cycles and protect memory

Eliminate “patch panic” using a validated countermeasure that maintains your regular patch cycles and prevents whitelisted applications from being exploited via memory buffer overflow attacks on Windows 32- and 64-bit systems.

Inform and empower users with user-friendly notifications (optional)

Educate desktop users about disallowed applications with informative pop-up messages that can prompt them to seek approvals via email or helpdesk requests.

Extend the lifespan of legacy systems

Protect older systems that OS and security vendors no longer support, such as Windows NT and Windows 2000, while alleviating the need to patch these systems.

Safeguard field units and fixed-function devices

Take advantage of our transparent model that requires negligible CPU and memory usage.

Thwart advanced persistent threats with Global Threat Intelligence

Know the reputation of every file and application in your environment with real-time Global Threat Intelligence that automatically categorizes them as good, bad, and unknown.

Use central management to increase efficiency

Optimize and simplify management with the McAfee ePolicy Orchestrator (McAfee ePO) platform. Oversee and administer all your security protections from a single, centralized console that spans McAfee products, Security Innovation Alliance Partner products, and homegrown applications.

Technical Services

A fiercely professional team of security specialists that can assist to establish and maintain a robust and secure computing environment. Read more...

Procedural Services

PCI DSS, ISO 27001, Risk Assessment and development, customization, or re-engineering of policies, processes, procedures and work instructions. Read more...

Product & Solutions

State-of-the-art technology backed by a qualified professional team at your door-step to secure the IT infrastructure from malicious threats. Read more...

Fraud Management

Protecting the organization's reputation and customers against possible online attacks as a result of e-commerce activities. Read more...