?
Solved

Mcafee vulnerability manger 7.5 logical architecture

Posted on 2014-03-12
3
Medium Priority
?
988 Views
Last Modified: 2014-03-19
HI Guies,

I am new to Mcafee MVM,fomarly known as foundstone.I have gone through their Product guide nad deployment guide.I am trying to draw logical architecture diagram for my enterprise to better understand components position and connectivity I need a generic diagram/Deployment scenario diagram.Can you please help?

Regards,
Rtantra
0
Comment
Question by:Rahul Patil
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Accepted Solution

by:
btan earned 1500 total points
ID: 39926225
hope this can help as starter, but eventuallt the MVM should be working with SIEMS capable to give the whole situational awareness of the security state of the environment monitored and goverance. MVM sensor sieve out the vulnerability (like sensor) and feeds this into its central Mvm mgr to provide the overview and the syslog or information can be further piped to SIEMS for bigger picture

https://community.mcafee.com/thread/26241?decorator=print&displayFullThread=true

And in broader sense as in this image across different locality and its intelligence feeds/signature online @ http://avaxhome.cc/pictures/145036

I see it no different from asset discovery as a whole  as it scan the network and grab the information to map the network kinda nessus deployment type ..
0
 
LVL 4

Author Comment

by:Rahul Patil
ID: 39937075
Thanks bredtan for the links.Do o you know some other architecure diagram links that will show deployment scenario diagrams like server roles installed in one or three servers?

Regards,
Rtantra
0
 
LVL 64

Expert Comment

by:btan
ID: 39937143
Not that I know it is publicly available on real deployment but the guide in page 21-23 may help.  It can be a practice is ideally the MVM should be an out of band or separate segment doing the scanning to minimise production traffic since the scanning is not a daily affair but scheduled most of the time to continuous maintain security posture up to mark. There again, key is the scan can reach the service in that targeted segment ultimately.

Different environments will differs as certain network may not be interconnected esp to consider the geographic challenges and firewalls guarding the segment targeted for scanning. We do want to plan such that scan engine is able to reach the maximum number of assets with as few firewalls or packet filtering devices as possible. Also we should consider slow network such as WAN link, whereby a scan avoid being held in an infinite waiting state.

Depending on the logistics and size of your network, you might need more than one scan engine to scan the network. E.g.

- For small networks and product evaluations: (0–2,500 IPs), single server

- For small to midsized deployments (more common one): (2,500–10,000 IPs),  Two servers: One configured as enterprise manager web portal and the other configured as a
database, API server, scan controller, and a scan engine with additional components.

- For large, distributed environments: (10,001–20,000 IPs), same as the midsized and add one more server for dedicated scan engine.

- For large, global, distributed and diverse networks: (20,001 - >100,000 IPs), 3 of the server as compared to midsized/large env, multiple secondary scan engines.

Also some extract from the guide to help

When two product servers are used, McAfee recommends that you deploy the enterprise manager on one system and the other product components on the second system. This provides more security because the enterprise manager can be placed outside your firewall, so users can access it, while the second system can be placed inside the firewall to gather accurate data from scanned systems.

However, having the scan engine and scan controller on the same system as the database can slow performance, based on the amount of data being processed. To improve performance when using two product servers, you could separate the scan engine and scan controller from the database. For example: the enterprise manager, scan engine,and scan controller on one system and the database and other MVM components on the second system.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Read about achieving the basic levels of HRIS security in the workplace.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question