The Target of Evaluation (TOE) is the Intel Corporation McAfee Advanced Threat Defense models 3000 and 6000 running software version 3.4.6 products.
\r\nMcAfee Advanced Threat Defense (MATD detects today’s stealthy, zero-day malware with layered approach. It combines low-touch antivirus signatures, reputation, and real-time emulation defenses with in-depth static code and dynamic analysis (sandboxing) to analyze actual behavior.
\r\nThe MATD processes the files through the down selectors for statistical analysis and provides a sandbox test environment which includes virtual machines running customer environments, anti-virus, anti-malware, local blacklist and whitelists. Files are executed within virtual machine environments that are monitored by the log file. The log file is then used to generate a security report of the potential malware.
\r\nFor the purpose of evaluation, MATD was treated as a network device offering CAVP certified cryptographic algorithms, security auditing, secure administration, trusted updates, self-tests, and secure connections to other servers (e.g., to transmit audit records).
\r\nMATD is provided as a hardware network appliance. The product provides a web interface over TLS and a console connection.
\r\nThere are two versions of the MATD product (6000 and 3000). While there are different models in the TOE, they differ primarily in physical form factor, number and types of connections and slots, and relative performance. There are some performance differences among the models, but they each provide the same security characteristics.
","evaluation_configuration":"The evaluated configuration of consists of McAfee Advanced Threat Defense with software version 3.4.6 running on one of the following modules:
\r\nThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the McAfee Advanced Threat Defense models 3000 and 6000 running software version 3.4.6 products was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. Gossamer Security Solutions determined that the evaluation assurance level (EAL) for the product is EAL 1. The product, when delivered and configured as identified in the NDPP Admin Guide v3.4.6, 5/20/15 document, satisfies all of the security functional requirements stated in the Intel Corporation McAfee Advanced Threat Defense (NDPP11e3) Security Target, Version 0.5, May 22, 2015. The project underwent CCEVS Validator review. The evaluation was completed in May 2015. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10622-2015) prepared by CCEVS.
","environmental_strengths":"The logical boundaries of the McAfee Advanced Threat Defense models 3000 and 6000 running software version 3.4.6 TOE are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\nSecurity Audit - The TOE generates audit events associated with identification and authentication, management, updates, and user sessions. The TOE can store the events in a local log or export them to a syslog server using a TLS protected channel.
\r\nCryptographic Support - The TOE provides CAVP certified cryptography in support of its TLS implementation. Cryptographic services include key management, random bit generation, encryption/decryption, digital signature and secure hashing.
\r\nUser Data Protection - The TOE ensures that residual information is protected from potential reuse in accessible objects such as network packets.
\r\nIdentification and Authentication - The TOE requires users to be identified and authenticated before they can use functions mediated by the TOE, with the exception of reading the login banner. It provides the ability to both assign attributes (user names, passwords and roles) and to authenticate users against these attributes.
\r\nSecurity Management - The TOE provides a command line (CLI) management interface as well as a graphical user interface (GUI) accessed via the web. The web interface is protected with TLS. The management interface is limited to the authorized administrator (as defined by a role).
\r\nTSF Protection - The TOE provides a variety of means of protecting itself. The TOE performs self-tests that cover the correct operation of the TOE. It provides functions necessary to securely update the TOE. It provides a hardware clock to ensure reliable timestamps. It protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an authorized administrator.
\r\nTOE Access - The TOE can be configured to display a logon banner before a user session is established. The TOE also enforces inactivity timeouts for local and remote sessions.
\r\nTrusted Path/Channels - The TOE provides a local console which is subject to physical protection. For remote access, the web GUI is protected by TLS thus ensuring protection against modification and disclosure.
\r\nThe TOE also protects its audit records from modification and disclosure by using TLS to communicate with the syslog server.
","features":[]}