Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Mcafee vulnerability manger 7.5 logical architecture

Posted on 2014-03-12
3
Medium Priority
?
1,015 Views
Last Modified: 2014-03-19
HI Guies,

I am new to Mcafee MVM,fomarly known as foundstone.I have gone through their Product guide nad deployment guide.I am trying to draw logical architecture diagram for my enterprise to better understand components position and connectivity I need a generic diagram/Deployment scenario diagram.Can you please help?

Regards,
Rtantra
0
Comment
Question by:Rahul Patil
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 39926225
hope this can help as starter, but eventuallt the MVM should be working with SIEMS capable to give the whole situational awareness of the security state of the environment monitored and goverance. MVM sensor sieve out the vulnerability (like sensor) and feeds this into its central Mvm mgr to provide the overview and the syslog or information can be further piped to SIEMS for bigger picture

https://community.mcafee.com/thread/26241?decorator=print&displayFullThread=true

And in broader sense as in this image across different locality and its intelligence feeds/signature online @ http://avaxhome.cc/pictures/145036

I see it no different from asset discovery as a whole  as it scan the network and grab the information to map the network kinda nessus deployment type ..
0
 
LVL 4

Author Comment

by:Rahul Patil
ID: 39937075
Thanks bredtan for the links.Do o you know some other architecure diagram links that will show deployment scenario diagrams like server roles installed in one or three servers?

Regards,
Rtantra
0
 
LVL 65

Expert Comment

by:btan
ID: 39937143
Not that I know it is publicly available on real deployment but the guide in page 21-23 may help.  It can be a practice is ideally the MVM should be an out of band or separate segment doing the scanning to minimise production traffic since the scanning is not a daily affair but scheduled most of the time to continuous maintain security posture up to mark. There again, key is the scan can reach the service in that targeted segment ultimately.

Different environments will differs as certain network may not be interconnected esp to consider the geographic challenges and firewalls guarding the segment targeted for scanning. We do want to plan such that scan engine is able to reach the maximum number of assets with as few firewalls or packet filtering devices as possible. Also we should consider slow network such as WAN link, whereby a scan avoid being held in an infinite waiting state.

Depending on the logistics and size of your network, you might need more than one scan engine to scan the network. E.g.

- For small networks and product evaluations: (0–2,500 IPs), single server

- For small to midsized deployments (more common one): (2,500–10,000 IPs),  Two servers: One configured as enterprise manager web portal and the other configured as a
database, API server, scan controller, and a scan engine with additional components.

- For large, distributed environments: (10,001–20,000 IPs), same as the midsized and add one more server for dedicated scan engine.

- For large, global, distributed and diverse networks: (20,001 - >100,000 IPs), 3 of the server as compared to midsized/large env, multiple secondary scan engines.

Also some extract from the guide to help

When two product servers are used, McAfee recommends that you deploy the enterprise manager on one system and the other product components on the second system. This provides more security because the enterprise manager can be placed outside your firewall, so users can access it, while the second system can be placed inside the firewall to gather accurate data from scanned systems.

However, having the scan engine and scan controller on the same system as the database can slow performance, based on the amount of data being processed. To improve performance when using two product servers, you could separate the scan engine and scan controller from the database. For example: the enterprise manager, scan engine,and scan controller on one system and the database and other MVM components on the second system.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question