Solution Brief
the massive amount of data to analyze, correlate, and prioritize threat intelligence and determine
what’s relevant for their industry, their geography, and their company. And they need to be able to
gain insights on unique attacks that may be occurring in the present, as well as insights on trends
based on historical security event data. As Forrester points out, operationalizing threat intelligence
is critical, as 75% of attacks spread from one victim to the next within 24 hours. Enterprises need to
close the gap between “sharing speed and attack speed.”5
Leverage Intel Security’s Integrated Architecture
Intel Security provides a unified, collaborative platform with all the components for operationalizing
threat intelligence, including global threat intelligence feeds, local intelligence creation, realtime sharing of threat information across the IT infrastructure, security information and event
management, and delivery of automated, adaptive protection.
Threat Intelligence McAfee® Threat
requirements
Intelligence Exchange
McAfee Advanced
Threat Defense
McAfee Enterprise
Security Manager
McAfee Global Threat
Intelligence
McAfee GTI, TAXII/STIX
import, and HTTP threat
feeds via the McAfee
Enterprise Security
Manager cyberthreat
manager
McAfee GTI aggregates
threat intelligence
from multiple Cyber
Threat Alliance partners
and public sources.
McAfee GTI extracts
threat intelligence from
millions of sensors on
customer-deployed
Intel Security products
such as endpoint, web,
mail, network intrusion
prevention systems (IPS),
and firewall devices.
Collects threat
intelligence from
external sources
McAfee GTI Import
STIX, McAfee Global
Threat Intelligence
(McAfee GTi) import, and
VirusTotal
Collects internal
threat intelligence
Collects samples from
McAfee VirusScan®,
McAfee Application
Control, McAfee Web
Gateway, McAfee
Advanced Threat
Defense, McAfee
Enterprise Security
Manager, and from thirdparty vendor products
sending information
over McAfee Data
Exchange Layer
Consumes sample
files for detonation
from McAfee Threat
Intelligence Exchange or
via the network
Via STIX/TAXII and
McAfee Data Exchange
Layer
Produces local
threat intelligence
Records incidents of
suspicious files and
creates a local database
that records first contact
and the trajectory of
threats
Dissects and convicts
malware, generates local
threat intelligence, and
distributes over McAfee
Data Exchange Layer or
as a STIX-formatted API
Creates threat
intelligence watchlists,
reports, and views
based on correlated
events
Distributes threat
intelligence across
security controls
Via McAfee Data
Exchange Layer
Via McAfee Data
Exchange Layer and
product API
Via McAfee Data
Exchange Layer,
product API and script
integration
McAfee GTI is integrated
with numerous Intel
Security products, such
as McAfee Web Gateway,
McAfee Enterprise
Security Manager,
and McAfee endpoint
solutions
Via reports
Via dashboards, views,
and reports provided
in content packs or
customer-generated
Via McAfee Threat
Center and quarterly
McAfee Threats Report
Offers visibility into Via McAfee Threat
Intelligence Exchange
collected threat
dashboards
intelligence
Table 1. Intel Security’s integrated threat intelligence platform
Operationalizing Threat Intelligence
3
Solution Brief
Ingest, Analyze, and Propagate
McAfee Global Threat Intelligence
A good place to start building your integrated threat intelligence platform is McAfee Global Threat
Intelligence (McAfee GTI), a comprehensive, real-time, cloud-based reputation service that is fully
integrated into Intel Security products and enables them to better block cyberthreats across all
vectors—file, web, message, and network—swiftly. McAfee GTI provides reputation scores for billions
of files, URLs, domains, and IP addresses based on threat data gathered from multiple sources:
millions of global sensors monitored and analyzed by McAfee Labs, threat feeds from research
partners and via the Cyber Threat Alliance, and cross-vector intelligence from web, email, and network
threat data. Backed by high-quality, relevant threat feeds, McAfee GTI provides accurate risk advice
that fosters informed policy decision-making and enables controls to block, clean, or allow, as required.
McAfee Enterprise Security Manager
McAfee Enterprise Security Manager (SIEM) takes threat intelligence ingestion and analysis to the
next level, providing a consolidation, analysis, and action hub for every type of threat intelligence.
This 360-degree view allows full visibility and situational awareness to speed detection and
response to targeted attacks. Its advanced data management system is purpose-built to store and
assimilate high volumes of contextual data in real time.
McAfee Enterprise Security Manager collects activity and event data from all your systems, databases,
networks, and applications. It also imports global threat feeds and consumes threat intelligence in
standard formats and transports, such as Structured Threat Information eXpression (STIX)/Trusted
Automated eXchange of Indicator Information (TAXII) and Cybox, typically published by community
or industry groups like the Financial Services Information Sharing and Analysis Center (FS-ISAC).
Through advanced analytics, it translates the gathered information into understandable, actionable
security intelligence. More significantly, it provides deeper visibility to emerging threats via real-time
views and access to historical security information. This allows you to investigate backwards in time
to understand the prevalence and patterns of an attack and also to create automated watchlists to
detect occurrence or re-occurrence of events in the future. By enriching your system’s sensitivity to
events known to be malicious, you increase your ability to detect suspicious activities and patterns of
activity at various phases of the attack chain and then prioritize response.
What Is the Cyber Threat
Alliance?
The Cyber Threat Alliance
is a group of security
practitioners from
organizations that work
together to share threat
information and help
improve defenses against
adversaries across member
organizations and their
customers. Intel Security
is among the founding
members who have
dedicated their resources to
determine the most effective
ways to share threat data,
foster collaboration among
members, and make united
progress in the fight against
sophisticated cybercriminals.
Figure 2. McAfee GTI view.
Operationalizing Threat Intelligence
4
Please complete the form to gain access to this content
