[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Mcafee vulnerability manger 7.5 logical architecture

Posted on 2014-03-12
3
Medium Priority
?
995 Views
Last Modified: 2014-03-19
HI Guies,

I am new to Mcafee MVM,fomarly known as foundstone.I have gone through their Product guide nad deployment guide.I am trying to draw logical architecture diagram for my enterprise to better understand components position and connectivity I need a generic diagram/Deployment scenario diagram.Can you please help?

Regards,
Rtantra
0
Comment
Question by:Rahul Patil
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 39926225
hope this can help as starter, but eventuallt the MVM should be working with SIEMS capable to give the whole situational awareness of the security state of the environment monitored and goverance. MVM sensor sieve out the vulnerability (like sensor) and feeds this into its central Mvm mgr to provide the overview and the syslog or information can be further piped to SIEMS for bigger picture

https://community.mcafee.com/thread/26241?decorator=print&displayFullThread=true

And in broader sense as in this image across different locality and its intelligence feeds/signature online @ http://avaxhome.cc/pictures/145036

I see it no different from asset discovery as a whole  as it scan the network and grab the information to map the network kinda nessus deployment type ..
0
 
LVL 4

Author Comment

by:Rahul Patil
ID: 39937075
Thanks bredtan for the links.Do o you know some other architecure diagram links that will show deployment scenario diagrams like server roles installed in one or three servers?

Regards,
Rtantra
0
 
LVL 65

Expert Comment

by:btan
ID: 39937143
Not that I know it is publicly available on real deployment but the guide in page 21-23 may help.  It can be a practice is ideally the MVM should be an out of band or separate segment doing the scanning to minimise production traffic since the scanning is not a daily affair but scheduled most of the time to continuous maintain security posture up to mark. There again, key is the scan can reach the service in that targeted segment ultimately.

Different environments will differs as certain network may not be interconnected esp to consider the geographic challenges and firewalls guarding the segment targeted for scanning. We do want to plan such that scan engine is able to reach the maximum number of assets with as few firewalls or packet filtering devices as possible. Also we should consider slow network such as WAN link, whereby a scan avoid being held in an infinite waiting state.

Depending on the logistics and size of your network, you might need more than one scan engine to scan the network. E.g.

- For small networks and product evaluations: (0–2,500 IPs), single server

- For small to midsized deployments (more common one): (2,500–10,000 IPs),  Two servers: One configured as enterprise manager web portal and the other configured as a
database, API server, scan controller, and a scan engine with additional components.

- For large, distributed environments: (10,001–20,000 IPs), same as the midsized and add one more server for dedicated scan engine.

- For large, global, distributed and diverse networks: (20,001 - >100,000 IPs), 3 of the server as compared to midsized/large env, multiple secondary scan engines.

Also some extract from the guide to help

When two product servers are used, McAfee recommends that you deploy the enterprise manager on one system and the other product components on the second system. This provides more security because the enterprise manager can be placed outside your firewall, so users can access it, while the second system can be placed inside the firewall to gather accurate data from scanned systems.

However, having the scan engine and scan controller on the same system as the database can slow performance, based on the amount of data being processed. To improve performance when using two product servers, you could separate the scan engine and scan controller from the database. For example: the enterprise manager, scan engine,and scan controller on one system and the database and other MVM components on the second system.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question