Skip to main content
McAfee Enterprise MVISION Cloud

3.9.2 Release Notes

IaaS

Vulnerable Storage 

McAfee MVISION Cloud has identified a vulnerability, called GhostWriter, in misconfigured S3 buckets that incorrectly allows public read and write access to data. If an AWS S3 bucket has inappropriate permissions and allows public write access, it can be used by a third party to inject malicious code. The Analytics > Vulnerable Storage page allows you to identify vulnerable S3 buckets and perform Closed Loop Remediation (CLR) on them to make sure they are secured. For details, see About Vulnerable Storage

Near Real Time (NRT) Security Configuration Monitoring for AWS 

MVISION Cloud allows you to configure the accounts that support real-time monitoring, and will report misconfigurations in under five minutes (if those accounts have real-time monitoring enabled).  To accomplish this, associate a Lambda-based policy to a custom AWS service.  After associating a Lambda-based policy to a specific custom service, the service can access and leverage the Near Real-Time (NTR) support to detect configuration audit violations.  On the Policy > Policy Templates > Rules for AWS Lambda page, you can select which AWS services you want to apply the custom Lambda policy to. For details, see Associate Lambda-based Policy to a Custom AWS Service

Service Governance

Compare Cloud Services Report

When you Compare Cloud Services, you can click Export PDF to export a report of your compared services as a PDF file to your account's email address. The report also becomes available in Report Manager.  For details, see Compare Cloud Services

Dashboard Scan Progress Bar

Service-specific  Dashboards now display the Scan Progress Bar at the top of the page. Here you can see the status of any scan you may have configured for your service dashboard. For details, see About the Office 365 Dashboard

NOT Operator 

In the Omnibar, the NOT operator allows you to exclude Service Names, Service Categories, Service Groups, or any other parameter from your search, in order to drill down to the specific results you need. You can use multiple NOT operators in a search query. The NOT operator is available on Shadow IT pages only. For details, see NOT operator

Policy Management 

Box Security Classifications

Box Security Classifications allow you to classify files based on their confidentiality level. Using Box Classifications with MVISION Cloud's DLP policies automates the manual task of classifying documents. When you have created your Classifications in Box, you can log into MVISION Cloud, Create or Edit a DLP Policy, then add Classification to a Rule, Exception, or a Response. For details, see Box Security Classifications

Delete Incidents

On the Incidents > Policy Incidents page, you can now select the checkbox(es) for incidents you want to delete. Then click Delete in the confirmation dialog. This action cannot be undone. Large requests may take a few moments to process. For details, see Policy Incidents Page

AWS Policy Templates

New AWS-specific Policy Templates are now available to better secure your AWS deployments. For more information, see Policy Templates for AWS

  • Unencrypted AMI
  • Nearing limits of ECS instances
  • VPC Account LimitValidate CloudTrail Log File Integrity
  • Unrestricted MSSQL Database Access (UDP)
  • Unrestricted VNC Listener Access
  • Unrestricted VNC Server Access
  • KMS Key scheduled for deletion
  • Customer Managed keys Not in Use
  • Unrestricted MSSQL Database Access (UDP)
  • Unrestricted PostgreSQL Access
  • Unrestricted VNC Listener Access
  • Unrestricted VNC Server Access
  • RDS Database not encrypted with Customer Managed KMS Key
  • RDS Last Restorable Time Check
  • Sufficient RDS backup retention period
  • RDS Cluster Snapshot with Public Permissions
  • RDS Snapshot with Public Permissions
  • Redshift Cluster Not Encrypted with Customer Managed KMS Key
  • Redshift Cluster Publicly Accessible
  • Unencrypted Redshift Cluster
  • S3 Logging Enabled
  • Unused Security Groups
  • Default VPCs are used
  • Max Subnets per VPC
  • VPC Security Group Limit
  • VPC Customer Gateway Limit
  • VPC Private Gateway Limit

Create a Policy from a Previously Imported Template

A Security Operations Admin or Policy Manager can import multiple policies from a template and edit and set different options or port numbers, for example.  In previous releases, there was a restriction that prevented you from re-importing a configuration audit policy; this restriction has been removed.  Now you can edit policy names and descriptions when configuring the imported policies.  For details, see Create a DLP Policy from a Template

Sanctioned IT

Slack Compliance Plan

The Slack Compliance Plan is useful for small organizations that may only have one team. This allows administrators to monitor all types of Slack channels.  After performing the API integration for Slack, MVISION Cloud can monitor user activities, content that is uploaded into Slack, and evaluate DLP policies.  For details, see API Integration with Slack

  • Was this article helpful?