Tenable SecurityCenter and McAfee ePolicy Orchestrator Integration

McAfee ePolicy Orchestrator (ePO) is security management software for enterprise systems, providing agent-based accounting of managed networked assets. With automated policy management, you can centrally control the security processes of your organization and make faster, fact-based decisions to ensure the optimal protection of your critical assets and data. Currently, endpoint protection platforms like McAfee ePO lack vulnerability context (MVM was discontinued in January 2016). However, by having access to vulnerability data, McAfee ePO customers can achieve the following benefits:

• Accurate and complete inventory of vulnerable assets, devices and systems
• Visibility and confidence in your organization’s security posture
• Data-based context for effective decision-making on action and remediation

How Tenable can help

With our recently released Tenable Connector for ePO, SecurityCenter® customers are now able to import market-leading vulnerability data into McAfee ePO. This rich and comprehensive vulnerability data includes security threats for managed hosts and rogue devices that SecurityCenter detects on a network. As a result, McAfee ePO customers now have critical visibility and context on systems, assets and data needed for an effective security program.

Connecting the two systems is easy. First, download the connector. Then follow the instructions below.

Installing the Tenable Connector for ePO

1. Log on to McAfee ePO. From the drop-down Menu, click Extensions.

2. Click Install Extension at the top of the page.

3. Click Choose File.

4. Select the file that you have downloaded from the portal and Open it.

5. Click OK.

6. Review the information to be sure that it is the correct extension and click OK.

7. From the extension tree on the left, find the Tenable Security Connector under Third Party. Verify that everything was installed correctly by clicking on it. The connector will display a Running status.

Configuring the registered server

1. Log on to ePO. From the Menu, click Registered Servers.

2. Click New Server at the top of the page.

3. Give the SecurityCenter server a meaningful name, and click Next.

4. Enter the configuration for your SecurityCenter installation: IP Address, Port Number, User Name and Password.

5. Click the Test Connection button. This will check the credentials to make sure everything works. Click Save.

6. The new server will be listed in the Registered Servers list with the name from step 3.

Configuring the connector

1. Log on to ePO. From the Menu, click Server Tasks.

2. In the Quick find search box, enter Tenable and click Apply.

3. You should see a Tenable SecurityCenter Collect Task. Click Edit.

4. Change the schedule status to Enabled, and click Next.

5. From the drop-down list, select the Registered Server you created previously.
6. Select the schedule that works best for your environment to collect data from SecurityCenter. NOTE: You should only have one task configured at any given time; during the import process, all old data is purged. Click Next.

7. You should now see a summary of your configuration. If everything looks correct, click Save.

Running the connector

At this point, the connector will run on your configured schedule. Alternatively, follow these steps to run the connector on-demand:

1. Click Run in the Server Tasks list.

2. This will pull the Server Task Log for the extension and display the current status of the import. Any errors or status updates will be in this log. The time to display the log depends on the amount of vulnerability data in SecurityCenter for the specified time frame.

Viewing the data from the connector

Tenable provides an ePO Dashboard with some basic charts and graphs of the imported data:

The data can also be viewed on each host by using the system tree:

With the Tenable-built, McAfee-certified connector, SecurityCenter data is automatically sent to the McAfee ePO console. Having this rich vulnerability assessment data enables ePO security professionals to make better informed decisions about action and remediation in their environment. The integration also enables McAfee ePO customers to maintain a complete and accurate inventory of all systems, whether managed by ePO or not.

For more information

See the McAfee Integration page for more information.