Enforce data loss prevention policies across Cisco Spark
McAfee enforces DLP policies for files and messages across Cisco Spark workspaces to ensure compliance with regulations and internal policies. McAfee supports DLP rules based on keywords, data identifiers, user groups, regex, and structured or unstructured fingerprints. Enforcement actions include coach users, notify administrator, block, quarantine, and tombstone. Leverage pre-built DLP templates, create custom policies in McAfee, or leverage policies in an existing on-premises DLP solution.
Unified DLP reporting and remediation
McAfee reports on DLP violations in Cisco Spark and other cloud services in a unified interface with highlighted excerpts revealing the exact content that triggered the DLP policy. During review, if a file does not violate a policy, the reviewer can rollback the remediation action to restore the file and/or its sharing permissions. Quarantined files are stored in a secure account within Cisco Spark, not in McAfee’s platform, for added security.
Deep integration with on-premises DLP solutions
With McAfee you have the option of leveraging our best-in-class DLP engine or the policies in your existing on-premises solution such as Symantec DLP, Intel McAfee DLP, Forcepoint DLP, and more. McAfee optionally performs a first-pass content inspection, brokers inspection by the on-premises solution, acts as an enforcement point to apply policies to data in the cloud, and registers enforcement in the on-premises solution that maintains the policy.
Detect internal and external threats
McAfee captures a complete record of all user activity in Cisco Spark and leverages machine learning to analyze activity across multiple heuristics and accurately detect threats. As a comprehensive cloud security platform, McAfee can detect cross-cloud threats that involve usage across Cisco Spark and other cloud services. As threats are resolved, McAfee automatically incorporates this data into its behavioral models to improve detection accuracy.
McAfee automatically constructs a behavior model with dynamic and continuously updated thresholds for each user and team to identify activity indicative of insider threat, whether the threat is accidental or malicious. Using Guided Learning, you can fine tune the detection of cloud-based threats by providing feedback to the system that is incorporated into models of user behavior to more accurately detect future threats.
McAfee detects compromised account activity in Cisco Spark based on brute-force login attempts, logins from new and untrusted locations for a specific user, and consecutive login attempts from two locations in a time period that implies impossible travel, even if the two logins occur across two cloud services. Darknet Intelligence reveals user accounts for sale online that are at risk of compromise.
“McAfee allows us to extend DLP outside the perimeter and into the cloud, and the user experience is seamless.”
“Our users never see McAfee even though it is a key part of our IT security strategy, allowing us to keep our users and data safe so they can have global access from any device.”
“McAfee helps us understand how employees use Salesforce to identify insider threats, compromised credentials, and excessive privileged user access.”
Make Cisco Spark your corporate standard
McAfee identifies collaboration solutions that employees use in place of the corporate standard, Cisco Spark, and provides a risk rating for each service. Using McAfee, you can enforce risk-based governance controls and coach users to Cisco Spark to improve collaboration while also reducing cost and risk.