McAfee Endpoint Security Review

McAfee is one of the biggest brands in the cybersecurity industry with more than 50,000 enterprise customers in 182 countries. The company made its mark in antivirus products, having started in that space back in the 1980s.

Since then, the internet made infecting endpoints easy, ushering in an era of cyberattacks. With the rapid growth and sophistication of malware, McAfee evolved to deliver comprehensive endpoint security software. Its endpoint solutions range from McAfee for business malware protection to email server security.

McAfee’s Endpoint Protection suite includes its McAfee Endpoint Security platform. This solution encompasses the company’s foundational McAfee antivirus features, along with other protection capabilities. Let’s take a detailed look at what McAfee offers.

Who is McAfee Endpoint Protection for?

McAfee’s vast security solutions address the needs of small businesses and enterprise clients alike. Its products protect Windows, Macs, and Linux machines.

This extends to McAfee server protection for Windows servers, as well as virtual environments. McAfee Endpoint Protection options support businesses requiring deployment as an on-premises solution, in the cloud, or as a hybrid of the two.

Although McAfee tailors its endpoint protection solutions to different types of organizations, small businesses should have an IT department to adopt even the most basic McAfee Endpoint Security package. Deep technical knowledge is necessary to deploy and manage McAfee products.

Companies with a security operations center (SOC) are particularly well-equipped to use McAfee Endpoint Protection. A SOC team can also look to McAfee’s more advanced security solutions, such as threat-hunting services and endpoint detection and response (EDR).

McAfee provides mobile device protection options, but mobile devices aren’t included in the base McAfee Endpoint Security offerings. McAfee also integrates with more than 100 third-party software vendors to extend its protection to other business platforms you may be using, such as data analytics platform Splunk.

If your organization must meet specific regulatory requirements — for example, HIPAA compliance — McAfee has you covered there, too. Features such as McAfee endpoint encryption allow you to comply with these legal and industry regulations.

McAfee Endpoint’s features

McAfee Endpoint Protection technology comprises multiple components to deploy to your IT network.

  • ePO: The McAfee ePolicy Orchestrator (ePO) serves as your IT team’s central security management console.
  • Scan engine and content files: McAfee’s protection software includes its scan engine and content files, which contain malware signatures employed in looking for and identifying threats.
  • Security agent: The McAfee security agent is software you install on endpoints. It’s used to communicate endpoint data to McAfee ePO.
  • McAfee Endpoint Security: The McAfee Endpoint Security platform consists of a software client installed on endpoints. It comes with a user interface (UI) to show users the security status of their computer and the threats found, and it performs manual scans.

Unlike McAfee’s original antivirus products, the McAfee Endpoint Security platform brings together several product capabilities under a united architecture. This integrated approach provides better protection since the different security components work together to deliver a multi-layered defense.

Threat prevention

McAfee Endpoint Security’s threat-prevention process uses multiple tactics to keep your organization safe. It blocks cyberattacks from breaching your systems, automatically inspects accessed files for threats, and runs targeted scans to quickly identify suspicious activity.

Some of the key technologies used to deliver a multi-layered defense include the following:

  • Machine learning and behavioral monitoring: McAfee Endpoint Security uses machine learning to analyze the behavior of computer processes. Even malware attempting to look harmless shows its true colors once it executes its programmed objectives. McAfee Endpoint Security identifies these attack techniques and takes the appropriate action in real time.
  • Advanced remediation: The software recognizes ransomware attacks and can roll back the encryption of your files performed by ransomware.
  • McAfee Global Threat Intelligence (GTI): McAfee GTI is the company’s proprietary threat intelligence repository. It combines data from millions of endpoint sensors around the world with research from McAfee’s security experts to provide timely insight into emerging threats.

These features work well. Independent testing firm AV-Test Institute subjected McAfee Endpoint Security to thousands of malware samples, and McAfee stopped 100% of them.

Against the more challenging zero-day threats, which target software vulnerabilities, McAfee Endpoint Security again stopped 100% of the hundreds of samples used in testing. This performance exceeded the industry average of 98.9%.

Another important ability of the best endpoint security software is minimizing false alarms. Too many false positives add to your IT team’s workload. In this respect, McAfee Endpoint Security again exceeded industry averages. It correctly identified more than 1 million legitimate software samples with no false positives. The industry average was 27 false detections.

If McAfee Endpoint Security has a weak spot, AV-Test Institute measured a slight decline in computer performance against industry averages. This occurred in the areas of app installs and launching apps. In other computer performance areas, such as copying files locally onto your endpoint and over a network, McAfee Endpoint Security performed better than industry averages.

McAfee Endpoint Security’s locally installed application shows the security status of a user’s computer.

McAfee Endpoint Security includes a local application for users’ workstations. Source: McAfee software.

Additional security

The McAfee Endpoint Security platform isn’t just malware defense. Its components encompass other protections, including a firewall. The firewall scans all incoming and outgoing network traffic, analyzing every unit of data to determine if each of these packets meets criteria to block or allow it. You use ePO to set firewall rules, monitor detection events, and adjust settings to reduce false positives.

McAfee Endpoint Security also comes with Web Control. This component monitors the web activity of your users to protect against threats on websites and in file downloads. Web Control prevents users from browsing malicious websites or sites not authorized by your company.

Another feature, McAfee Endpoint Security Adaptive Threat Protection (ATP), injects a degree of EDR into your protection suite by flagging compromised endpoints and providing insight into how the threat spread through your environment. ATP decides what to do based on factors such as file reputation thresholds.

ATP can recognize fileless attack methods and other sophisticated types of malware. It immediately contains threats and automatically remediates changes to your IT system, including cleaning specific files based on their threat reputation and your risk criteria.

McAfee Endpoint Security’s locally installed application shows a list of security events.

Your users can view security events through the McAfee Endpoint Security client. Source: McAfee software.

Central console

Organizations with many endpoints require a central console to efficiently manage them all. McAfee provides this through its McAfee ePolicy Orchestrator (ePO).

The ePO tool is the web-based UI enabling your IT team to quickly address security issues, oversee policy management, view the status of endpoints, and assess the overall health of your IT network. Although you can install the McAfee Endpoint Security client directly onto workstations and manage the endpoint locally, it’s a no-brainer for IT teams to use McAfee ePO.

It’s particularly useful if your organization chooses to adopt other McAfee solutions. The company offers so many products that ePO has a special software catalog section for your IT team to keep track of them.

A nice feature SOC teams will appreciate is ePO’s Story Graph. This feature maps out a cyberattack’s entire attack chain in a diagram. You click components in the diagram to view details, such as whether McAfee Endpoint Security deemed the behavior a security threat.

The McAfee ePO tool shows information and charts about security threats.

The McAfee ePO console delivers detailed security insights. Source: McAfee software.

McAfee Endpoint’s ease of use

McAfee Endpoint Protection encompasses a lot of functionality. This approach means McAfee can provide you with a solution to meet any business security need. But when it comes to ease of use, McAfee’s sprawling platform can prove complex, and some tasks are time-consuming, particularly for small IT teams.

An example is installation. In addition to installing the necessary components from ePO to the McAfee Endpoint Security client, McAfee suggests you install and run its GetClean tool on endpoints. This tool minimizes false-positive detections. McAfee also recommends running the McAfee SysPrep utility to make sure trusted third-party software will work with McAfee Endpoint Security.

By contrast, other endpoint security software simply asks you to install endpoint agents and configure your policies, and you’re done.

Fortunately, McAfee Endpoint Protection is less onerous in other areas. The McAfee ePO console is straightforward and intuitive enough to pick up and start using with minimal training for veteran IT staff.

McAfee Endpoint Security and ePO come with plenty of configuration options, making it flexible enough to meet your security criteria. With a few mouse clicks, you can quickly change settings.

McAfee Endpoint Security also handles many threats automatically, making it unnecessary for your IT department to spend time taking action. Features such as Story Graph also enable your IT team to perform threat analysis efficiently.

McAfee ePO displays a visual representation of an attack chain.

McAfee ePO’s Story Graph makes it easy to analyze an attack chain. Source: McAfee software.

McAfee Endpoint’s pricing

McAfee bundles its security products into different packages based on an organization’s level of security sophistication and needs. The McAfee price for its endpoint security starts at $31.06 per license for a one-year subscription. This is for the McAfee Endpoint Protection Essential for SMB package.

This package delivers McAfee Endpoint Security protection for workstations and servers. If you order more than 50 licenses, McAfee provides a discount. Additional McAfee server antivirus options, such as virtual and email server protection, are available at an extra cost.

McAfee also offers a free trial of its endpoint security software for Windows, Mac, or Linux operating systems. You can try various McAfee products, such as McAfee Endpoint Security and ePO, although you’ll have to download and install them separately.

McAfee Endpoint Security comes in two packages for SMBs.

McAfee packages its products into different bundles. Source: McAfee software.

McAfee Endpoint’s support

McAfee provides several support options. The company offers an online self-service portal filled with how-to articles, documentation, and training and informational videos.

The challenge with the self-help option is understanding McAfee’s nomenclature. The online content is replete with acronyms and company terminology, such as ENS (endpoint security) and MVISION (McAfee’s newest advanced security suite). It’s confusing to the uninitiated.

I also stumbled onto broken links or links that led to 404 (content not found) errors. McAfee’s self-help isn’t as tightly maintained and clean as competing online support systems.

These minor issues aside, McAfee’s support overall is robust. Other support channels include a community forum, chat, an IT ticketing system to submit your specific issues, and phone help. Phone support is available 24 hours, including weekends and holidays.

McAfee also offers premium support plans for a higher level of service. These give you direct access to technical experts, prioritized service, and assigned points of contact for questions and additional help.

Benefits of McAfee Endpoint

McAfee Endpoint Security offers several advantages, and as one of the largest cybersecurity companies, the McAfee organization can deliver additional benefits as well. Here are just a few:

  • McAfee Endpoint Security is an effective threat-prevention platform. It’s so powerful that a small business can opt for the starter package and still enjoy strong protection.
  • Along with its strong protection, McAfee Endpoint Security sports little features helpful to an IT team. For example, you can use your computer’s command-line interface to run scans or update security content as part of a batch file.
  • The McAfee ePO console is intuitively laid out, making adoption and use fairly straightforward.
  • McAfee offers a wide selection of security products, so you’re bound to find a solution for your specific security needs.
  • You can evolve your security capabilities as your business grows, adding more advanced security solutions or adopting McAfee’s managed services to allow its team of security experts to help monitor and address threats.
McAfee ePO’s Policy Catalog screen shows current security policies and provides policy control tools.

McAfee ePO includes security policy management. Source: McAfee software.

A potent, complex solution

McAfee Endpoint Protection’s security products pack a potent punch. Its McAfee Endpoint Security’s threat-prevention performance is stellar against the varied cyber threats lurking online, and McAfee continues to evolve its solutions, as its MVISION suite illustrates.

Yet that same evolution adds to McAfee Endpoint Protection’s complexity. The options are already vast, and individual products house deep feature sets. It can become overwhelming or too complex for smaller IT teams.

That said, the most important aspect of any endpoint protection system is its ability to identify and stop threats. In this area, McAfee Endpoint Security excels, making it a platform that deserves serious consideration.

Frequently Asked Questions for McAfee Endpoint

What’s the difference between McAfee Endpoint Security and MVISION Endpoint Security?

McAfee Endpoint Security is the company’s core protection technology used to secure endpoints. McAfee MVISION builds on this foundation by working alongside Microsoft’s built-in security technology for Windows machines and adds cloud-based capabilities, such as support for Amazon Web Services deployments.

Can McAfee Endpoint Protection defend endpoints when not online?

McAfee Endpoint Security uses GTI’s repository in the cloud to get the latest security intelligence, and it leverages cloud-based technology to make decisions about the intent of suspicious behavior. As a result, McAfee recommends an internet connection to minimize false positives and effectively stop emerging threats.

Does McAfee offer a free version?

McAfee does not have a free business version, but it offers free trials of many products, including its Endpoint Security and ePO platforms. The company also provides several free tools, such as its McAfee Ransomware Recover framework for decrypting files encrypted by ransomware.