McAfee HBSS

I was told yesterday I need to come up to speed on McAfee's HBSS. In trying to locate some info on it, I found there is a certification for it. Anyone familiar with it? Thanks.

Comments

  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    I have to roll it out over the next few months. I thought about doing the EPO cert and the HIPS cert. Not very many Mcafee certified pros around here.
  • brownwrapbrownwrap Member Posts: 549
    I have to roll it out over the next few months. I thought about doing the EPO cert and the HIPS cert. Not very many Mcafee certified pros around here.


    How difficult is this software? A few week ago,someone installed the client. It didn't seem to take him long. Its monitored elsewhere, so we don't see anything.
  • wastedtimewastedtime Member Posts: 586
    You can try vte.cert.org has some training on it. If you have a .gov or .mil account you can get the training free.
  • brownwrapbrownwrap Member Posts: 549
    I have to roll it out over the next few months. I thought about doing the EPO cert and the HIPS cert. Not very many Mcafee certified pros around here.

    Have you looked into the installation yet? I'm on Solaris 10. I thought it was one package, but I searched for the HBSS download, grabbed the zip file, and it looks like it was the HIP only
  • brownwrapbrownwrap Member Posts: 549
    wastedtime wrote: »
    You can try vte.cert.org has some training on it. If you have a .gov or .mil account you can get the training free.


    I do have an account, I checked out the site, it asked for a sponsor, so I will have to wait until tomorrow for that. Thanks.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    brownwrap wrote: »
    Have you looked into the installation yet? I'm on Solaris 10. I thought it was one package, but I searched for the HBSS download, grabbed the zip file, and it looks like it was the HIP only

    The install isn't so bad. I am going to start with the site advisor this week.
  • brownwrapbrownwrap Member Posts: 549
    The install isn't so bad. I am going to start with the site advisor this week.


    So much is geared towards Windows, but I am not using Windows.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    brownwrap wrote: »
    So much is geared towards Windows, but I am not using Windows.

    That install didn't look so bad either
  • brownwrapbrownwrap Member Posts: 549
    That install didn't look so bad either


    So far I have downloaded McAfee Agent (MFE) and McAfee HIP. Anything else I need?
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    brownwrap wrote: »
    So far I have downloaded McAfee Agent (MFE) and McAfee HIP. Anything else I need?

    You can't really run it as a local install. You need EPO. I know because I tried to run it that way.
  • brownwrapbrownwrap Member Posts: 549
    You can't really run it as a local install. You need EPO. I know because I tried to run it that way.
    OK, I went back tothe downloads and found EPO on the 2nd page. Is it only windows?
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    brownwrap wrote: »
    OK, I went back tothe downloads and found EPO on the 2nd page. Is it only windows?

    I am not 100% sure. I know the HIPS isn't. You might be able to run it on linux.


    EDIT: Guess not


    http://www.mcafee.com/us/products/epolicy-orchestrator.aspx
  • HBSS_StuffHBSS_Stuff Registered Users Posts: 1 ■□□□□□□□□□
    HBSS is a security suite consisting of 7 modules, independently deployed to implement a robust defense-in-depth host based security model. The modules in no particular order are: Host Based Intrusion Prevention (HIPs), Data Loss Program (DLP), VirusScan Enterprise (VSE), McAfee Agent (MA), Asset Baseline Monitor (ABM), McAfee Policy Auditor Content Update and McAfee Policy Monitor. Additional modules include Rogue Sensor Detection (RSD)

    Quick facts:

    - The ePO server, usually in the DMZ, but not always, responds to queries and requests from the McAfee agent

    - You can't have a working HBSS Enterprise solution without an ePO server and one or more clients with a McAfee agent installed and communicating

    - An ePO console, a dedicated client that uses web based access to the ePO server to configure tasks, run queries, update clients and other administrative duties. Typically, the ePO console is 1-2 workstations responsible for 10,000 clients.

    - HBSS can be deployed stand alone and responses can be configured for specific incidents
  • vsdavidvsdavid Security+, CySA+, SSCP, ENSA Member Posts: 2 ■■□□□□□□□□
    I’m trying to find some information regarding HBSS certification and since FedVTE removed all the HBSS certification study materials and I cannot find any resources anywhere else in the web... I was wondering if any one can help me with regards to HBSS study materials and McAfee HBSS certification roadmap. I don’t have a CAC so accessing DISA website it’s not possible for me. Thanks for the assistance.
  • yoba222yoba222 Senior Member Member Posts: 1,127 ■■■■■■■■□□
    That's because it's a DoD thing. There are plenty of other things out there to study and I wouldn't recommend going anywhere near DoD stuff unless you've been granted access. I did some HBSS training years ago and honestly it wasn't all that good.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • vsdavidvsdavid Security+, CySA+, SSCP, ENSA Member Posts: 2 ■■□□□□□□□□
    Locating those information is the challenging part. I’ve done some google search but I wasn’t successful.

    Response that you gave me about training you’ve done in the past, doesn’t look promising to me.
  • Z0sickxZ0sickx Security+|CASP+|CISM|CISSP Member Posts: 173 ■■■□□□□□□□
    HBSS SMES is small market...if you know how to engineer the tool you're valuable in your own right. your value is defined by when **** hits the fan (and it will a lot) your able to resolve the issue timely. but this also depends on the modules being deployed/used usually teams have guys explicitly dedicated to one module and an overarching architect/lead engineer to oversee things, if they have the funds to find one
Sign In or Register to comment.