legacy systems, such as Microsoft Windows XP, Windows NT and Windows 2000 Protect Windows XP by combining whitelisting, blacklisting and Real- Time technologies No longer rely on signatures as the sole means of protection Use Whitelisting to solidify and freeze systems in a known good state Improve zero-day protection by combining Behavioral and Whitelisting technologies McAfee Real-Time will identify and remediate attacks attempting to exploit MS vulnerabilities
Author Thomas Maxeiner, Team Lead Solution Architects EMEA
( Why dont customers just migrate all their Endpoints to Windows 7 or 8? The majority of endpoints will be migrated to the most current and supported OSs, however there are systems which cannot be migrated for various reasons: Purpose build systems running legacy applications which only run on Windows XP Legacy hardware which cannot run Windows 8, e.g. PoS Systems, Process Control, etc. High migration costs of new hardware and software that produce no additional business value
How can McAfee protect Windows XP Systems? McAfee will support McAfee VirusScan Enterprise and McAfee Host Intrusion Prevention for Desktop on Windows XP until December 2015 so customers can continue to use these products and be fully supported by McAfee.
However if we look at the current threat landscape, security risk increases substantially with unsupported operating systems such as XP, combined with unwanted applications installed by end-users or 3 rd parties.
For this reason McAfee recommends customers consider advanced and optimized protection technologies such as whitelisting and real-time visibility and reporting.
4 Security Steps to enhance your protection on Windows XP systems Until customers are ready to upgrade their desktop environment to Windows 7 or Windows 8, McAfee suggests the following 4 security tips to reduce the risk introduced though unpatched XP Systems: 1. Remove admin privileges from standard users 2. Enable memory and buffer overflow protection 3. Deploy dynamic whitelisting 4. Use Real-Time visibility to quickly identify and remediate attacks
You can substantially mitigate potential security issues by normalizing user privileges to be aligned with their roles and responsibilities for example, users should not have admin rights unless they are part of your IT organization.
Unsupported operating systems such as XP become a greater risk to zero-day threats. Customers should continue to leverage the McAfee Host IPS (HIPS) for memory and buffer overflow protection.
To better control unauthorized software from being installed and executing on your legacy systems, deploy dynamic whitelisting. Rather than trying to detect the unknown bad, McAfee Application Control uses whitelisting techniques to protect an endpoint from zero-day attacks by only allowing known good applications to execute. The approach of whitelisting reduces the need to constantly chase software updates and patches (including MS Patches and security updates), to keep up with the ever increasing tide of malicious software. Application Control does not need to know, or even care about malicious software if an application is not on the whitelist for whatever reason, it is prevented from executing, is reported and the endpoint remains safe.
Application Control is a complementary technology that provides visibility and reputation for installed applications across the entire customer environment. Crucially, it provides enhanced memory protection How to protect Microsoft Windows XP Systems beyond April 2014
Microsoft Windows XP is scheduled for an official End of Support (EOS) in April 2014, but at the same time approximately 40% of worldwide enterprise systems still run XP. The consequence for customers is that Microsoft will not only discontinue technical support but also security patches. This will lead to a huge security risk and exposure for organizations when vulnerabilities are made public but patches are no longer provided. . Solution Brief
2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo [Insert <Relevant McAfee marks>] are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2013 McAfee, Inc. project code
with almost no noticeable performance impact, extending the useful life of legacy platforms.
What makes McAfee Application Whitelisting enterprise-ready? One of the key design objectives for McAfees Application Whitelisting technology was to ensure it would operate successfully within complex enterprise environments. This required not only that the management technology would scale, but also allow for easy whitelist creation, combined with flexible, transparent and automated whitelist management. Automatic whitelist creation. The product can create a whitelist based on the existing application set installed on each system. The filename, path and fingerprint may be different across systems, so this approach eliminates the false positives found in centralized whitelisting solutions. Flexible change mechanisms. Trusted process, location, certificate, user and time-window can all be used to define how and when changes may occur. In addition the administrator can override the automated whitelist. Assisted rule-set generation. A rule set can be established to allow dynamic changes to the whitelist. The solution monitors behavior in the background and suggests rules required to allow dynamic changes to occur. Dynamic whitelist management. The existing whitelist is adjusted automatically without the need for any user or administrator intervention, based on a defined flexible rule set. Global Threat Intelligence (GTI) integration. Cloud-based knowledge is used to determine the reputation of applications across the enterprise.
Whitelisting Best Practice Guide McAfee Application Control can be deployed in various configurations to suit your specific needs.
The following highlights best practice approaches to Basic, Medium and High levels of protection and the benefits for each.
BASIC This allows for changes to take place without impacting the user, whilst providing memory protection. The administrator has visibility of which applications are being used where within the environment (and can assist with license management controls).
MEDIUM Application Control is run in protected mode with self-approval enabled. This provides greater control of change management and memory protection, but allows flexibility for the user to self-authorize changes, whilst being audited.
HIGH Fully locked down system with centralised change control to authorize changes.
McAfee Real-Time to provide real-time situational awareness around potential vulnerabilities McAfee Real-Time collects endpoint security status instantly. This real-time visibility enables you to act on current intelligence, not historical data, helping you to immediately identify and remediate attacks which are attempting to exploit Microsoft vulnerabilities on an unpatched system. Now you can enhance situational awareness and incident response for frontline endpoint administrators using an approach that scales to the largest organizations.
SUMMARY 1. Remove admin privileges from standard users to reduce the risk of unwanted applications on unsupported legacy systems, like XP; 2. Enable McAfee Host IPS for behavioral, memory and buffer overflow protection on XP systems; 3. Deploy McAfee Application Control to greatly enhance zero-day protection and longevity of XP systems; 4. Use McAfee Real-Time to immediately identify and remediate attacks on vulnerable systems like XP