McAfee Complete Data Protection Reviews

For any type of protection strategy, the natural use cases involve protecting sensitive data that shouldn't be public.

For instance, in financial organizations—or really any organization with sensitive data—there’s something to lose. This is the type of data that you don't want exposed to the public, something that should be classified as confidential or for internal use only.

Especially from the perspective of employee data, such as pay slips, this is critical. For example, if you and I work in the same organization, I should not be able to see your pay slip. Within the organization, there should be a classification level where data is categorized as internal, confidential, etc. My pay slip should only be viewable by me and the finance manager, not by any other employees or third parties.

You want to classify your data, which can be done with the electronic data classifier, or you could leverage a third-party classifier like Titus or Boldon James Classifier. Both integrate very well with McAfee ePO and Trellix Data Protection, whether on-premises or in the cloud. They also integrate with Kaspersky or even Microsoft ERP, allowing data classification. Additionally, the out-of-the-box classifier that comes with the product can be used.

By configuring policies, you can ensure that sensitive data is not shared with unauthorized individuals. For example, you can prevent sensitive data from being uploaded to the cloud, shared via email, sent to a printer, or copied to a USB stick. Protecting data, whether at rest, in motion, or in use, is essential.

For USB sticks, you could implement protection by encrypting them using McAfee Removable Media Protection. For data at rest, encryption can be achieved with McAfee Drive Encryption. On Mac OS systems, you might manage native encryption or leverage BitLocker for encryption, ensuring that your systems are encrypted and that encryption keys are properly managed.

These are basic use cases that any organization can leverage. It's not just for large organizations—any organization that is serious about securing its best interests should consider implementing data protection.

The DLP strategy is very, very key to the data protection strategy. You have your drive encryption and your File and Removable Media Protection, but without DLP, your data loss prevention strategy is far from complete.

DLP is actually massive because it covers everything from endpoints to the network and even to the cloud. It depends on how much visibility you're looking for. If your data is in the cloud, the huge question is: how much of that data do you have visibility of? If you have data on-prem, on mobile storage devices, or servers, do you have visibility into that data? Do you even know where your sensitive data is sitting? Can you do data discovery research?

Without DLP, you literally feel lost because you don't know where your data is. For example, I work with XYZ organization, and I have sensitive data on my system, but you don't know it's there. With a simple discovery scan, you can actually discover that there's a sensitive document sitting on my system. With a simple remediation, the user can request that all sensitive data be moved to a particular folder, probably on your file server. This way, you recover all sensitive data sitting on individuals' laptops or desktops and move it to central protection.

Once you've classified and done remediation on that data, you can say for sure that you don't have any sensitive data sitting on laptops or desktops within your organization, except in the file server that you control. You can also decide not to move those files but to restrict the user from sending the document to a competitor. Maybe you create a policy that ensures the document can only be sent to employees of the organization. You can also ensure that the user cannot send the document to OneDrive, Google Drive, or anywhere else.

Now, there's a limitation, and this is where cloud instances come into play. For example, if you're using Slack, you'd know that you have to consider API integration with Slack to extend that protection fully to the cloud. This is where the relationship with Trellix and Skyhigh comes in. What we're discussing today with the suite you're mentioning is just endpoint security; we're not looking at cloud security.

Every feature is important in its own way.  For example, if you look at encryption, McAfee Drive Encryption encrypts the hard drive. The only way you'd realize the drive is encrypted is when an authorized user logs in. You probably wouldn't even know the drive is encrypted until, for example, someone steals the laptop and tries to access the hard drive to extract information. They would find that they don’t have access because all the files are encrypted.

Now, that's great, but it stops an unauthorized user from accessing the drive and potentially sending out confidential documents or data. This is where your DLP (Data Loss Prevention) endpoint comes into play. With it, you can configure policies to prevent users from sending sensitive data via email or syncing it with their OneDrive, Google Drive, or similar services.

If you rely on just one product, like drive encryption, you might have some level of security, but you're not covering all aspects of protection. For example, drive encryption secures data at rest, ensuring that if someone steals the drive, they cannot access the data because it’s encrypted. However, if someone tries to send that data elsewhere, drive encryption alone won’t stop them.

With File and Removable Media Protection (FRP), you can secure portions of folders, ensuring that when sending an email, only the intended recipient can access the attachment. If the user already has the necessary clearance or if it's an internal document with specific access permissions, they can view it. This extends your protection from just data at rest to data in motion and data in use.

Moreover, preventing sensitive data from being sent to OneDrive, flash drives, or similar storage can only be achieved with DLP endpoints. At the end of the day, there are three major protections in this suite that are crucial. If you have one and not the others, you might protect sensitive data, but only in one aspect—whether it’s data at rest, data in motion, or data in use. You can’t achieve comprehensive protection with just one product.

The only thing that I think could be improved is the data classifier. It's not a very robust classifier, which is where its limitation lies. For example, you see a lot of higher-end solutions where people can classify data more effectively, adding labels like transcription labels and such. McAfee’s classifier doesn't handle all those tasks.

It doesn’t offer the same level of functionality as other data classification tools. You can't do things like fingerprinting and other advanced classification methods. However, if you were to make it more robust, the product could become too heavy to run effectively on endpoints and servers.

So, to be honest, I can't think of anything else off the top of my head that could be added. I think it's a great solution as it stands. If anyone wants extended data classification, they can leverage other tools like Titus, Fortra's Classifier Suite (previously known as Boldon James Classifier), or even Microsoft AIP if they have the budget. You can also leverage Trellix to enhance your data protection.

From my point of view, McAfee Complete Data Protection is one of the best solutions out there, if not the best, to be honest.

I've worked with a whole lot of McAfee products, and this is actually my tenth year working on McAfee. 

Generally, I've worked with McAfee products for about ten years now.

It’s quite stable. It might not be the best solution in that space, but it’s very stable. If we’re talking about endpoint security, the conversation might be different. But for data protection with Trellix or McAfee, it’s very stable. It’s one of the products that has been stable for a long time. 

Even when you extend it to solid core and database activity monitoring, those products have been very stable as well. All the data protection products with McAfee have been really stable for many years. 

I’ve not seen any issues. Nobody [my customers] has installed the protection and come back saying the product is not stable.

For data protection, I have never really had to leverage support.  I’ve not had to deal with support on any of the products.

I work with TriNet in Africa. We're actually a distributor, so we're partners with McAfee.

McAfee enterprise is now Trellix.

All McAfee or Trellix products are not easy to install or set up. They aren't straightforward, and that's where the competition has an edge over Trellix today. When I worked with a partner company, many of my colleagues moved to end-user environments and found Trellix—formerly McAfee—too stressful. Most of them preferred working with Microsoft because it's simpler. Setting up Trellix involves a lot of steps, like x, y, z, which can make it challenging.

From my perspective, it's not that difficult, but that's probably because I've had a lot of hands-on experience. Maybe I haven't seen how simple other solutions can be. But, there's always a vulnerability in simplicity. It's hard to create something simple without some level of vulnerability.

Personally, I think there's a balance. It's not too difficult to set up if you understand what you're trying to do. Once you get your data classification right, the data protection policies are very straightforward to set up. You just click through without doing anything too serious, provided you have your data configuration correct.

If you have the financial capacity, you can leverage a third-party classifier for active data classification. The data protection policies are very easy to set up and apply. I haven't encountered any cases where a policy fails due to a product issue. I've rarely seen any product issues with Trellix DLP.

I also like the way they handle evidence management, even in the cloud. You can integrate with AWS to keep your evidence, and you can see genuine, real evidence from your environment. This allows you to take remediation actions, like interviewing users to understand their intentions or educating them about what data is allowed to leave the environment.

If you feel that a user has had too many strikes, you have an audit trail and evidence to see exactly what they have been doing. You’re not just seeing an alert; you're seeing which email was sent or which drive was used to upload sensitive data. You have full visibility of all that.

So, overall, the product is great. The only area for improvement I can think of is support. Everyone wants better support, no matter how good it already is. That's the only place I see for potential improvement.

If a data-driven organization loses data, employee data, customer data, or customer-sensitive data, the return on investment is installing a solution that ensures customer-sensitive data stays sensitive, like stays internal. 

And we’re not breaking the CIO out of confidentiality. In fact, we’re not exposing customer-sensitive data to attackers or something. That on its own is a massive return on investment because the big question is, what’s the cost of data break? The cost of a data breach is too high. So if you can ensure that my data is safe, my customer data is safe, my employee data is safe, I’m not getting sued, I don’t have to pay massive fines. That’s the maximum return on investment on it.

The huge problem I see is pricing. We understand that DLP is not cheap anywhere in the world, but we constantly lose our protection because of pricing. 

Sometimes, this is because end users prefer to have a second level of professional service. And then, when professional services are added to the cost, the cost jumps really, really high. Besides pricing, I think we’re good. Everything on the product is cool.

I would recommend this solution because, first and foremost, if you’re looking at a data protection strategy, even for an SMB. You have employee data. You have the ins and outs data that you need to also have secured because you don’t want employees seeing each other’s pay slips or any sensitive information. And those InsideOps work makes all set to employees everywhere. Even if you’re trying to protect the sanity of your environment, you can leverage this product to actually give you that peace of mind where you understand that only the person who needs to see something sees it. 

Trends around data protection:

Data protection is shifting away from being solely an on-premises concern. It's massive in the cloud now. There's a lot of data residing in the cloud. People use SAP, which is often hosted in the cloud. They use OneDrive, Office 365, SharePoint, and countless other cloud offerings. Data is everywhere in the cloud – databases, workloads, even entire organizations operate entirely in the cloud without any on-premises presence. Believe me, data protection will continue to be a challenge indefinitely.

That's where the synergy between Trellix and Skyhigh comes in. As sister companies, there's seamless integration. If you choose to have your DLP on-premises and perform classification there, you can extend that classification to your Skyhigh instance. You can maintain the same level of protection, policies, and enforcement across your cloud offerings.

In terms of data protection, it's still very much present on-premises, but it's also heavily focused on the cloud. That's where people are facing the biggest challenges. The good news is the strong relationship between Trellix and Skyhigh. People can leverage that partnership to ensure data protection, whether it's on-premises or in the cloud. It's all McAfee, no matter where the data resides.

Overall, I would rate it an eight out of ten.