/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNEW YORK, USA: McAfee has announced a network security framework which integrates advanced network intrusion prevention with essential next-generation controls.
The network security framework includes significant enhancements to the McAfee Network Security Platform, including application visibility and integrated threat-context, aligning it with Gartner’s criteria for next-generation network intrusion prevention systems (IPS) in its report, “Defining Next-Generation Network Intrusion Prevention” as published on October 7, 2011.
Cloud security: The challenges before IT managers
According to the report, “Threats are focusing on installing targeted malicious executables onto user PCs, which use advanced techniques to avoid detection and use botnet delivery mechanisms to perform multistage attacks. Simply stopping attacks that are looking for unpatched servers is no longer sufficient in this environment.”
“Gartner uses the term ‘next-generation network IPS’ to indicate the necessary evolution of network IPS to deal with changes in network communications and applications and changes in the threat landscape,” says Greg Young of Gartner Research.
Attack traffic: Top originating countries
“As a minimum, a next-gen IPS will have standard first-generation IPS capabilities plus application awareness, context awareness, content awareness especially providing full stack inspection.”
The McAfee network security framework includes the following aspects:
Advanced Network IPS: With tens of thousands of sensors deployed worldwide, McAfee Network Security Platform's protocol-based inspection provides protection against advanced malware, zero-day attacks, DDoS attacks, and botnets. The latest release includes new DoS, DDoS prevention capabilities and dozens of new botnet heuristics to more accurately and confidently identify misbehaving systems.
Application awareness and control: The McAfee Network Security Platform combines advanced threat prevention and application awareness into a single security decision engine. It includes Layer 7 visibility of over 1,100 applications and enhanced rule definition for simple application control, including the ability to correlate application activity with network attacks to intelligently affect security enforcement decisions.
Predictive threat intelligence: McAfee’s network security framework incorporates McAfee Global Threat Intelligence (GTI), providing organizations with protection against emerging threats. It is the only IPS solution that can affect inline security decisions based on the identity and reputation of hundreds of billions of file, IP, URL, protocol, and geo-location data.
Context-aware security: Separating noise from legitimate threats can take up most of a security administrator’s day. McAfee network security framework correlates data from several sources — McAfee GTI, vulnerability scans, application visibility, network behavior — to identify attacks, eliminate false positives and make dynamic enforcement recommendations. For example, a medium confidence ‘alert-only’ event can be dynamically upgraded to a high confidence ‘block’ event based on the correlation of built-in attack definitions and IP reputation intelligence.
Content analysis: Integration with advanced malware detection, network forensics and data loss prevention tools make McAfee’s network security framework strong against theft of an organization’s intellectual property.
“To fully understand and eradicate targeted attacks, you need complete visibility of all network traffic, its source and scope, and whether it occurred days, weeks, or months in the past,” said Steve Shillingford, president and CEO of Solera Networks.
“McAfee Network Security Platform’s integration with Solera’s DeepSee applications delivers a seamless workflow to security analysts taking you from an alert to irrefutable evidence of the attack, breach or threat, dramatically reducing the time it takes to pinpoint compromises.”