McAfee HBSS

brownwrap

I was told yesterday I need to come up to speed on McAfee's HBSS. In trying to locate some info on it, I found there is a certification for it. Anyone familiar with it? Thanks.

Bl8ckr0uter

I have to roll it out over the next few months. I thought about doing the EPO cert and the HIPS cert. Not very many Mcafee certified pros around here.

brownwrap

Bl8ckr0uter wrote: »

I have to roll it out over the next few months. I thought about doing the EPO cert and the HIPS cert. Not very many Mcafee certified pros around here.

How difficult is this software? A few week ago,someone installed the client. It didn't seem to take him long. Its monitored elsewhere, so we don't see anything.

wastedtime

You can try vte.cert.org has some training on it. If you have a .gov or .mil account you can get the training free.

brownwrap

Bl8ckr0uter wrote: »

I have to roll it out over the next few months. I thought about doing the EPO cert and the HIPS cert. Not very many Mcafee certified pros around here.

Have you looked into the installation yet? I'm on Solaris 10. I thought it was one package, but I searched for the HBSS download, grabbed the zip file, and it looks like it was the HIP only

brownwrap

wastedtime wrote: »

You can try vte.cert.org has some training on it. If you have a .gov or .mil account you can get the training free.

I do have an account, I checked out the site, it asked for a sponsor, so I will have to wait until tomorrow for that. Thanks.

Bl8ckr0uter

brownwrap wrote: »

Have you looked into the installation yet? I'm on Solaris 10. I thought it was one package, but I searched for the HBSS download, grabbed the zip file, and it looks like it was the HIP only

The install isn't so bad. I am going to start with the site advisor this week.

brownwrap

Bl8ckr0uter wrote: »

The install isn't so bad. I am going to start with the site advisor this week.

So much is geared towards Windows, but I am not using Windows.

Bl8ckr0uter

brownwrap wrote: »

So much is geared towards Windows, but I am not using Windows.

That install didn't look so bad either

brownwrap

Bl8ckr0uter wrote: »

That install didn't look so bad either

So far I have downloaded McAfee Agent (MFE) and McAfee HIP. Anything else I need?

Bl8ckr0uter

brownwrap wrote: »

So far I have downloaded McAfee Agent (MFE) and McAfee HIP. Anything else I need?

You can't really run it as a local install. You need EPO. I know because I tried to run it that way.

brownwrap

Bl8ckr0uter wrote: »

You can't really run it as a local install. You need EPO. I know because I tried to run it that way.

OK, I went back tothe downloads and found EPO on the 2nd page. Is it only windows?

Bl8ckr0uter

brownwrap wrote: »

OK, I went back tothe downloads and found EPO on the 2nd page. Is it only windows?

I am not 100% sure. I know the HIPS isn't. You might be able to run it on linux.


EDIT: Guess not


http://www.mcafee.com/us/products/epolicy-orchestrator.aspx

HBSS_Stuff

HBSS is a security suite consisting of 7 modules, independently deployed to implement a robust defense-in-depth host based security model. The modules in no particular order are: Host Based Intrusion Prevention (HIPs), Data Loss Program (DLP), VirusScan Enterprise (VSE), McAfee Agent (MA), Asset Baseline Monitor (ABM), McAfee Policy Auditor Content Update and McAfee Policy Monitor. Additional modules include Rogue Sensor Detection (RSD)

Quick facts:

- The ePO server, usually in the DMZ, but not always, responds to queries and requests from the McAfee agent

- You can't have a working HBSS Enterprise solution without an ePO server and one or more clients with a McAfee agent installed and communicating

- An ePO console, a dedicated client that uses web based access to the ePO server to configure tasks, run queries, update clients and other administrative duties. Typically, the ePO console is 1-2 workstations responsible for 10,000 clients.

- HBSS can be deployed stand alone and responses can be configured for specific incidents

vsdavid

I’m trying to find some information regarding HBSS certification and since FedVTE removed all the HBSS certification study materials and I cannot find any resources anywhere else in the web... I was wondering if any one can help me with regards to HBSS study materials and McAfee HBSS certification roadmap. I don’t have a CAC so accessing DISA website it’s not possible for me. Thanks for the assistance.

yoba222

That's because it's a DoD thing. There are plenty of other things out there to study and I wouldn't recommend going anywhere near DoD stuff unless you've been granted access. I did some HBSS training years ago and honestly it wasn't all that good.

vsdavid

Locating those information is the challenging part. I’ve done some google search but I wasn’t successful.

Response that you gave me about training you’ve done in the past, doesn’t look promising to me.

Z0sickx

HBSS SMES is small market...if you know how to engineer the tool you're valuable in your own right. your value is defined by when **** hits the fan (and it will a lot) your able to resolve the issue timely. but this also depends on the modules being deployed/used usually teams have guys explicitly dedicated to one module and an overarching architect/lead engineer to oversee things, if they have the funds to find one