McAfee GTI (Global Threat Intelligence) is known as McAfee’s cloud-based threat intelligence service. The cloud-based threat intelligence service provides threat identification and contextual reputation metrics, providing accurate protection against known and rapidly emerging threats. McAfee GTI(Global Threat Intelligence) integrates directly with our security products and provides instant protection against emerging threats to reduce operational effort and the time between detection and containment. Based on activity from millions of sensors worldwide and an extensive research team, McAfee Labs publishes timely and relevant threat activity through McAfee GTI(Global Threat Intelligence). IP reputations gathered from more than 100 million global threat sensors by McAfee Labs can be used for a security information and event management (SIEM) solution.
How Does the McAfee GTI Work?
McAfee GTI(Global Threat Intelligence) uses heuristics or file reputation to check for suspicious files through on-access and on-demand scanning. The scanner sends fingerprints of samples or hashes to a central database server hosted by McAfee Labs to determine if they are malware. By sending the hash, detection can be made available sooner than when McAfee Labs releases the next content file update. You can see the GTI settings on McAfee EPO on the screen below.
You can configure the sensitivity level that McAfee GTI uses when determining whether a detected instance is malware. The higher the sensitivity level, the higher the number of malware detections. Within the GTI cloud, the static and dynamic properties of the file are compared with known pests.
McAfee GTI provides the following cloud-based reputation services. These;
- McAfee GTI file reputation
- McAfee GTI web reputation
- McAfee GTI web classification
- McAfee GTI network connection reputation
- McAfee GTI certification reputation