Solved

Mcafee vulnerability manger 7.5 logical architecture

Posted on 2014-03-12
3
921 Views
Last Modified: 2014-03-19
HI Guies,

I am new to Mcafee MVM,fomarly known as foundstone.I have gone through their Product guide nad deployment guide.I am trying to draw logical architecture diagram for my enterprise to better understand components position and connectivity I need a generic diagram/Deployment scenario diagram.Can you please help?

Regards,
Rtantra
0
Comment
Question by:Rahul Patil
  • 2
3 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39926225
hope this can help as starter, but eventuallt the MVM should be working with SIEMS capable to give the whole situational awareness of the security state of the environment monitored and goverance. MVM sensor sieve out the vulnerability (like sensor) and feeds this into its central Mvm mgr to provide the overview and the syslog or information can be further piped to SIEMS for bigger picture

https://community.mcafee.com/thread/26241?decorator=print&displayFullThread=true

And in broader sense as in this image across different locality and its intelligence feeds/signature online @ http://avaxhome.cc/pictures/145036

I see it no different from asset discovery as a whole  as it scan the network and grab the information to map the network kinda nessus deployment type ..
0
 
LVL 4

Author Comment

by:Rahul Patil
ID: 39937075
Thanks bredtan for the links.Do o you know some other architecure diagram links that will show deployment scenario diagrams like server roles installed in one or three servers?

Regards,
Rtantra
0
 
LVL 61

Expert Comment

by:btan
ID: 39937143
Not that I know it is publicly available on real deployment but the guide in page 21-23 may help.  It can be a practice is ideally the MVM should be an out of band or separate segment doing the scanning to minimise production traffic since the scanning is not a daily affair but scheduled most of the time to continuous maintain security posture up to mark. There again, key is the scan can reach the service in that targeted segment ultimately.

Different environments will differs as certain network may not be interconnected esp to consider the geographic challenges and firewalls guarding the segment targeted for scanning. We do want to plan such that scan engine is able to reach the maximum number of assets with as few firewalls or packet filtering devices as possible. Also we should consider slow network such as WAN link, whereby a scan avoid being held in an infinite waiting state.

Depending on the logistics and size of your network, you might need more than one scan engine to scan the network. E.g.

- For small networks and product evaluations: (0–2,500 IPs), single server

- For small to midsized deployments (more common one): (2,500–10,000 IPs),  Two servers: One configured as enterprise manager web portal and the other configured as a
database, API server, scan controller, and a scan engine with additional components.

- For large, distributed environments: (10,001–20,000 IPs), same as the midsized and add one more server for dedicated scan engine.

- For large, global, distributed and diverse networks: (20,001 - >100,000 IPs), 3 of the server as compared to midsized/large env, multiple secondary scan engines.

Also some extract from the guide to help

When two product servers are used, McAfee recommends that you deploy the enterprise manager on one system and the other product components on the second system. This provides more security because the enterprise manager can be placed outside your firewall, so users can access it, while the second system can be placed inside the firewall to gather accurate data from scanned systems.

However, having the scan engine and scan controller on the same system as the database can slow performance, based on the amount of data being processed. To improve performance when using two product servers, you could separate the scan engine and scan controller from the database. For example: the enterprise manager, scan engine,and scan controller on one system and the database and other MVM components on the second system.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now