Solution Brief
McAfee Solutions for Computer
Emergency Response Teams
Tools for improved incident analysis and response
Typical CERT Requirements
•Trained investigators
•Malware reverse engineering
•Data reconstruction
•System log analysis
•Network packet analysis
•Information sharing
•Incident tracking and reporting
•Vulnerability analysis and
reporting
Malware Intelligence System
Appliance
•Stand-alone 2-U appliance
•48 GB RAM
•1 TB HD
•2 Gbps net cards
•6 analyzers running in parallel
•Process up to 10,000 files/day
Malware Intelligence System Book
•4 core
•16 GB RAM HP EliteBook 8560W
•2-core for user partition
guaranteed separation and
process up to 1,000 files/day
•Analyzes malware along with
regular user computing
•Easy to carry along for field
investigations
The international Computer Emergency Response Team (CERT) is a key national
resource for many governments. CERT organizations perform critical incident
analysis and handling and information dissemination in support of government,
law enforcement, critical infrastructure, and other public sector customers. McAfee
understands this mission and offers a number of products and services that enable
the core missions of international CERT groups.
McAfee Malware Forensics and Incident Response Training
McAfee® Foundstone® Consulting’s Malware Forensics and Incident Response Education (MFIRE) course is
a comprehensive technically oriented course that enables you to respond to malware incidents successfully
and reinforce your security posture. IT professionals charged with protecting the environment can be
overwhelmed, ignoring malware attacks or mistakenly diagnosing them as system or network problems.
In this course, you’ll learn techniques to identify, respond to, and recover from malware incidents.
ValidEdge Malware Forensic Solutions
ValidEdge Malware Intelligence System (MIS) is a fully automated malware analysis tool that reverseengineers malware to assembly code. With patent-pending technology, ValidEdge offers the world’s
first series of appliances with separation-kernel technology for very fast and secure malware analysis.
With several malware-profiling engines, the ValidEdge appliances accurately analyze malware even if it
is designed to evade detection with packers and encryption. The ValidEdge solution delivers actionable
insight with malware family classification, behavior reports, and information about hidden payloads.
Designed for incident investigators, ValidEdge purpose-built appliances and laptops support both largescale malware sample analysis and remote field investigations. ValidEdge is a McAfee Security Innovation
Alliance technical partner.
Solera Network Forensic Solutions
Solera DS Appliances capture and classify everything that crosses your network (packet header and payload—
layers 2 through 7), giving you a complete and forensically sound record of network activity. Having a copy
of all the traffic on a network provides complete and accurate reconstruction of the incident, allowing
incident responders and investigators to definitively answer the questions of “what happened?” and “what
was lost?” Only Solera DS Appliances meet the grueling demands of investigators to swiftly reconstruct and
deliver real files from within terabytes of raw packet data. Solera is a McAfee Security Innovation Alliance
technology partner.
• Solera
DS Appliance Network Forensics Appliances—Full network capture, up to 10 Gbps with onboard
storage, up to 16 TB, expandable for extended storage
• Solera
DS Virtual Appliance—The only virtual security appliance on the market that provides complete
visibility into all virtual traffic
• Solera
DeepSee Analytics—Real-time, active reports provide visualization and web-like searching of
network traffic for instant artifact reconstruction and replay of network events
Malware Analysis as a Service
Online subscription service is
available for malware analysis.
McAfee Threat Intelligence Grid
In the ongoing fight against Internet-spawned malware, McAfee is building a threat intelligence grid to
collect malware strains early in their release, decreasing their spread and financial impact. Malware strain
variants typically have signatures characteristic of their regional origination, thus necessitating a distributed,
worldwide collection system. McAfee is proposing a partnership with CERTs, computer security incident
response teams (CSIRTs), and universities over a geographically dispersed area to participate in this project.
These selected entities would install a McAfee® Network Threat Response sensor on a switch span port
within their IT infrastructure. This sensor would down-select HTTP network objects deemed suspicious
either because of behavioral characteristics, signature, or reputation. These network objects would be sent
to the McAfee Cloud Analysis Service via SSL for automated deconstruction and analysis. Objects identified
as malicious would be kept and logged. All other data objects would be deleted. All collected data would
be shared with designated customer and McAfee researchers. This service requires a signed statement of
work for the service and software.
McAfee Online Threat Briefings
McAfee Labs and our partner companies produce periodic research reports on threat statistics and
trends, attack methods, or major cyberincidents. Members of the CERT community can contact the
McAfee Global Public Sector team at MB_GPS@mcafee.com for a briefing on the published reports.
2821 Mission College Boulevard
Santa Clara, CA 95054
888 847 8766
www.mcafee.com
McAfee, the McAfee logo, and Foundstone are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and
other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein
are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied.
Copyright © 2012 McAfee, Inc.
49002brf_cert_0812_fnl_ASD