Title

The McAfee Advanced Threat Defense (ATD) server list must be populated with IP address/Fully Qualified Domain Name (FQDN) and port of the Cloud Threat Detection (CTD) server. (Cat II impact)

Discussion

McAfee ATD is a separate McAfee product which enables organizations to detect advanced, evasive malware and convert threat information into action and protection. It includes additional inspection capabilities that broaden detection and expose evasive threats. It integrates with other McAfee security solutions, one of which is the McAfee TIE server. This requirement is to be configured if the organization has the McAfee ATD solution implemented as part of their security infrastructure.

Check Content

NOTE: If the organization has not implemented the McAfee ATD as part of their security infrastructure, this is Not Applicable. This check needs to be completed for the active McAfee TIE Server Management policy that manages the site McAfee TIE. From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site McAfee TIE. Select the "Sandboxing" tab. Under McAfee Advanced Threat Defense, in the Server list, verify the IP address or the FQDN and the port of the CTD server is populated. If the IP address/FQDN and port of the CTD being used is not populated, this is a finding.

Fix Text

From the ePO server console, select the Policy Catalog tab. From the Policy Catalog, select the McAfee TIE Server Management from Products. Under "Actions", select Edit for the policy that manages the site McAfee TIE. Select the "Sandboxing" tab. Under McAfee Advanced Threat Defense, in the Server list, populate the IP address/FQDN and port of the CTD being used.

Additional Identifiers

Rule ID: SV-222003r685224_rule

Vulnerability ID: V-222003

Group Title: SRG-APP-000516

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.