CASE STUDY
absolutely fantastic in helping us eradicate
the virus,” recalled McGivern. “After that,
the Trust switched back to McAfee endpoint
protection and has been a very happy
customer ever since.”
After assessing the ever-morphing, always-
challenging global threat landscape, the
Trust decided to invest further in McAfee
solutions and take advantage of the McAfee-
integrated security ecosystem, the McAfee
ePolicy Orchestrator® (McAfee ePO™)
central console and the open source Open
Data Exchange Layer (OpenDXL), which
connects security components to automate
integration and enable real-time data
exchange. “An ecosystem in which security
systems share threat information in real time
and learn and adapt in the process, improves
our defences tremendously,” said McGivern.
“And the McAfee ePO central console makes
it possible for minimal human resources to
manage the entire security environment.”
WannaCry ransomware thwarted by
new defences
To strengthen endpoint protection, the Trust
enhanced its existing McAfee Complete
Endpoint Threat Protection suite by
upgrading approximately 6,000 endpoints
to McAfee Endpoint Security, migrating all
rules for the McAfee VirusScan® Enterprise
software to the McAfee Endpoint Security
Threat Prevention module and rules for
McAfee SiteAdvisor® to the McAfee
Endpoint Security Web Content module.
“McAfee Endpoint Security gave us a greater
level of protection and flexibility and in
a smaller package,” notes McGivern. “We
have a lot more confidence in our endpoint
protection now.”
McGivern had already been testing McAfee
Endpoint Security on a few hundred nodes
when the WannaCry ransomware hit.
Urgency to block the ransomware fast
tracked approvals, enabling McGivern’s
team to immediately deploy McAfee
Endpoint Security across the enterprise.
Within a week, all nodes were protected by
McAfee Endpoint Security and were sharing
information across the DXL with other
McAfee solutions in the Trust’s environment.
While the WannaCry malware created chaos
at many other organisations or caused
them to disconnect internal and external
services out of fear, the County Durham
www.intelligentcio.com
and Darlington NHS Foundation Trust kept
up and running, business as usual, with no
interruption in patient services.
Fortifying web protection and
reducing help desk calls by 80%
mentions that as patient records become
completely digital, he expects that McAfee
Web Gateway, along with McAfee Network
Data Loss Prevention, will yield significant
return on investment.
To improve web protection, including more
flexible filtering and stronger website
categorisation capabilities, the Trust
replaced its existing web gateway
appliance with McAfee Web Gateway,
one of McGivern’s favourite
investments. According to McGivern,
a vulnerability assessment of web
traffic found that during the two
weeks prior to installation of McAfee
Web Gateway, 2,500 outbound
connections to known indicators
of compromise (IoCs) occurred,
compared to zero in the two weeks
following implementation. The McAfee
appliance was also cost-effective
compared to the solution it replaced.
The security team has also benefited greatly
from more granular controls within McAfee
Web Gateway, including the ability to
customise the message that is displayed
when a web page is prevented from loading.
Before implementing McAfee Web Gateway,
the user would see the same generic
message when a web page was blocked,
regardless of whether it was blocked because
the site was not safe, against corporate
policy, or for some other reason.
Now the user sees a message explaining why
that page is blocked. If necessary, users can
request a site re-categorisation. McGivern
estimated that this feature alone has
reduced calls to the help desk by 80%.
“Although we can’t point to specific metrics,
I feel like McAfee Web Gateway pays
for itself tenfold,” said McGivern. He also
Widespread
visibility across the enterprise with
McAfee SIEM
According to McGivern, the Trust added
McAfee Enterprise Security Manager and
other components of the McAfee SIEM
solution primarily to expand visibility
across the enterprise, enabling better
control and increased ability to meet
future compliance requirements.
“We wanted to be able to tie everything
we could into a SIEM – firewalls, gateways,
IPS and so on, as well as physical security
such as video cameras and door access
devices – so we could monitor everything in
one place,” he said. “We did just that with
THE MCAFEE EPO CENTRAL CONSOLE
MAKES IT POSSIBLE FOR MINIMAL
HUMAN RESOURCES TO MANAGE THE
ENTIRE SECURITY ENVIRONMENT.
INTELLIGENTCIO
65