Skip to main content
McAfee MVISION Cloud

What's New in 3.4

Cloud Governance

EU General Data Protection Regulation (GDPR) Business Risk Tools

MVISION Cloud has created a toolset to help your organization prepare for the impending European Union General Data Protection Regulations. The EU GDPR Business Risk attribute identifies and lists this risk for all cloud services in the registry. You can leverage this attribute to create reports and searches to identify any CSPs your organization uses to gauge their readiness for GDPR. To learn more about how MVISION Cloud can help you prepare for GDPR, download The GDPR: An Action Guide for IT

Enhanced Metadata for Anomalies and Threats 

Following new Enhanced Metadata in v3.3, we've added ASN Name, Region, Proxy Type, and Network Type to the Activity Monitoring page.
 

Usage Analytics

One Click Search

On the Incident Management pages, when you hover over an item in a table and see the filter (funnel) icon, you can add that attribute to your search in the Omnibar with one click. For details, see One Click Search. 

Policy Incident Summary

The Policy Incidents Summary page provides one location to view information on all DLP policy incidents. To view the page, go to Incident Management > Policy Incidents. For details, see Policy Incidents Summary

 

Sanctioned Apps

Structured Data Fingerprints

Structured Data Fingerprints allow you to monitor your organization's data, build indices of hashes of that data on premise, and prevent sensitive or confidential information from leaving the organization. You can create and use fingerprints for structured data in row and column format, typically extracted from a database, or for unstructured data. Once your data is fingerprinted, you can add a new DLP Policy rule to leverage that indexed data. 

IMPORTANT: Before you can use the fingerprint feature, you must download and install the DLP Integrator. 

Malware Scan Support

Every enterprise faces the risk of Malware in their data. Malware can be of various forms, such adware, spyware, viruses, trojans, and others. Ransomware has become more prevalent as well. MVISION Cloud has a new way to address these attack vectors using specific Malware On-Demand Scanning. When you scan for malware in data-stores on Box and OneDrive, MVISION Cloud sends files that match your selections (such as file types, sizes, extensions, etc.) to Cyphort. When there is a Malware match, MVISION Cloud presents a score (1-100) to customers indicative of the match and the severity/behavior of the Malware found. 

API Access Workflow Changes

Currently in Beta, the new Cloud Service API Configuration page guides admins through the process of enabling ODS, Near Real-time DLP, and Activity Monitoring for OneDrive, SharePoint, and Exchange Online. It displays available functionality and associated information for OneDrive and SharePoint in API access screen. 

Skyhigh for Salesforce Rolodex Encryption Scheme

The Rolodex Encryption Scheme was created specifically for use with the Salesforce Rolodex sorting feature, which display records based on the first letter of the first and last name. This scheme preserves the first letter, then encrypts the rest of the first and last name. Even though this scheme reduces encryption strength, it allows records to be sorted alphabetically, even after encryption. 

Skyhigh for Salesforce Smart Search App

Organizations with on-prem proxy can now use the Salesforce Smart Search App (Beta) to configure searchable objects, allowing users to run longer search queries.

Keyword Searches in DLP Policies

Keyword searches in DLP policies now include new match criteria, including case sensitivity and the ability to match special characters. For details, see Using Keywords in DLP Policies

 

IaaS Platform

Security Configuration Audit

The Security Configuration Audit page displays a summary of all AWS configuration audit policies running on a tenant, giving new insight on cloud compliance issues and allowing you to find areas of improvement in your organization's security audit policies. For example, MVISION Cloud looks for inactive user accounts and former employees who retain access to AWS so their accounts can be deleted to reduce latent risk. Privileged User Analytics identify excessive user permissions, inactive administrator accounts, inappropriate access to data, and unwarranted escalation of privileges/user provisioning. You'll also discover brute-force attacks, and untrusted locations indicative of compromised accounts.

Activity Monitoring

Leveraging AWS CloudTrail, MVISION Cloud captures activities to give new insight into activities, and to support post-incident investigations and forensics across your AWS stack, streamlining internal and external audits. IaaS Platform Activity Monitoring means you'll be viewing activities within 10 minutes of an activity occurring (after being logged by CloudTrail). Activities are categorized into commonly understood categories, meaning your information security team doesn't need to worry about each activity name. 

Skyhigh and Single Sign-On (SSO) 

When SAML is configured for your MVISION Cloud tenant, when a user enters their username in the MVISION Cloud login screen (for example, at https://shnpoc.myshn.net) MVISION Cloud will redirect the user to the SSO provider as part of an SP-initiated workflow automatically. You may determine whether only SAML-based logins will be allowed, or choose a mix of SAML and password-based authentication. For more information see Integrate MVISION Cloud with Other SSO Providers and Okta and MVISION Cloud SAML Integration

Custom Apps

Learning Mode

The Learning Mode page gives you an overview of the traffic and actions going through an application, allowing you to easily identify interesting and popular unmapped actions to add to the app's mapping. You can deploy an app with little to no mapping, and then let end users interact with the application beore returning to a Custom App and having Learning Mode tell me what actions are interesting and what I should go map. Learning Mode also identifies unpopular or orphaned mappings that can occur when an application has changed (if a certain part of the app is deprecated, it may not hit any mapping rules).

Proxy Federation via AMI

If your organization uses an AMI or Dockerized proxy, you'll need to federate them with the MVISION Cloud cloud, in the same way that the on-prem proxy is federated. This is a three-step process that includes using a MVISION Cloud AMI in AWS, plus integrating a new proxy and IP.

Domain Management

The Domain Management page centralizes the control of all domains assigned to a Custom App, across all environments. You can filter domains, add, or delete domains as well.

Custom Apps Monitoring

With Custom Apps Monitoring, you can create monitors that keep a close eye on an app's availability and latency. You can create more than one Monitor for each app, building both uptime or downtime data points.

Known Issues

For details, see MVISION Cloud Known Issues

  • Was this article helpful?