Mcafee ips nsp-2011

Confidential McAfee Internal Use Only

9-Nov-11

Global Network Protection McAfee Network Intrusion Prevention

Luluk Kristiawan

IT Security Consultant

Confidential McAfee Internal Use Only 2/16/11 2

Agenda

►New Economy, New Challenges

►Introducing the McAfee Network Security Platform

►Protecting Every Angle


SECURITY CHALLENGE

2/16/11


Protecting Enterprise Applications

Attacks from Every Angle Web, mail, media, and direct attack vectors.

Botnets are public enemy #1.

Web 2.0 Risks Hundreds of thousands of compromised

websites & deliberate malware hosts

Productivity and Continuity Impact

Rapid expansion of new vulnerabilities forcing IT

into more out-of-cycle patches

Growth & Scalability 10Gbps requirements becoming real; Appliance

sprawl an ops issue

Global Security

Management

“Swivel Chair Integration” inadequate for global

deployments


Threat Trends Continue to Accelerate

Hundreds of Application Vulnerabilities

400,000 Web Malware Hosts

5000 DoS Targets/day

2005 2006 2007 2008 2009


“PATCH and PRAY” install the patch and pray it works.

2/16/11


MCAFEE IPS : NETWORK SECURITY PLATFORM

Market Positioning

2/16/11

McAfee Confidential—Internal Use Only

NSP is the Industry’s Leading IPS

“The M-8000 offers the highest accuracy and throughput of any product we've tested to date.”

McAfee’s Network Security

Manager (NSM) was simple to use

and flexible, allowing for rapid

deployment of devices with

effective pre-defined policy

choices. Tuning and maintenance

is simple and well-thought out.

No other vendor can show such

sustained excellence in IPS!

According to the 2010 NSS Group Summary Report:


McAfee: Uniquely Qualified to Protect Your Network

Validated 10G+ performance, 100%

accuracy Network IPS

Dedicated Security R&D

Years of Award Winning


MCAFEE IPS : NETWORK

SECURITY PLATFORM

The Advantages of Product


Introducing the Network Security Platform

Protocol &

Application

Behavior

Attacks and

Exploit

Network

Behavior

Evasion &

Obfuscation

McAfee Global Threat Intelligence

Content, Source, and

Web Reputation

Cutting-edge Network IPS

World’s most advanced threat

protection platform

Integration with world-class

Security portfolio


Benefits of the Network Security Platform

Vulnerability-based Threat Protection Best Zero-day vulnerability coverage Best-in-class protection for all major

application vulnerabilities: Adobe, Oracle, Cisco, Microsoft, etc.

Best-in-class Protection: Bots to Datacenters

Best Denial of Service protections Real-time web-borne malware

protection Built-in anti-phishing and P2P SSL Decryption

Architected for High Performance Networks

10G Certified High density and high-availability Class-leading virtual systems

support Lifecycle protection

M-Series Network

Security Platform Family


Scalability to Protect Your Global Network

SMB and Branch Office Enterprise Perimeter Enterprise, Data Center Service Providers

Enterprise Core, Data Center

Service Providers

100 Mbps

200 Mbps

5 Gbps

10 Gbps

3 Gbps

1.5 Gbps

Beyond 10 Gigabit performance

High-reliability and Scalability

Highest port-density available

Common Management Console

600 Mbps

M-2750

M-1450

M-1250

M-6050

M-8000

M-4050

M-3050

10GE Connectivity


How McAfee Global Threat Intelligence Works Delivering the Most Comprehensive Intelligence in the Market

McAfee Labs

Email Firewall IPS DLP Web AWL ePO AV

File Reputation

Engine

Web Reputation

Engine

Network Reputation

Engine

Email Reputation

Engine

Vulnerability Information

Threat Intelligence Feeds

Other feeds

& analysis Servers Firewalls Endpoints Appliances

Mobile


Why McAfee is Best Positioned to Deliver GTI The Most Robust Telemetry Data in the Market

February 16, 2011 15

• 2.5B Malware Reputation Queries/Month

• 20B Email Reputation Queries/Month

• 75B Web Reputation Queries/Month

• 2B IP Reputation Queries/Month

• 300M IPS Attacks/Month

• 100M Ntwk Conn Rep Queries/Month

• 100+ BILLION QUERIES

Queries

Nodes

• Malware: 40M Endpoints

• Email: 30M Nodes

• Web: 45M Endpoint and Gateway Users

• Intrusions: 4M Nodes

• 100+ MILLION NODES, 120 COUNTRIES


World’s Most Advanced Denial of Service

Protections

Threshold-based Protection

Optimized and simplified to set and forget

Easy to set thresholds

ICMP, TCP SYN, UDP, IP fragments, and other settings

Self-learning Profiles

Patented techniques to learn your network behavior and adapt

Self-learning for entire enterprises and target environments

Fully segmented on VIPS


Simplifying Threat Management

Integration with ePO to give real-time system visibility

System-Aware

IPS with ePO Host Data Simple right-click provides real-

time details of Source or

Destination IPs

Provides hostname, user name,

OS, patch level, MAC address, last

scan date and other protection

policies Top 10 Host Intrusion

events

System-Aware IPS Benefits

Faster time-to-confidence

Visibility

Efficiency

Relevance

Leverages ePO investment


Real-Time Risk-Aware IPSFeatures

• Auto import of Vulnerability Manager scan reports

• “Scan now” provides on-demand VM relevancy on a per-host(s) basis

Real-Time Risk-Aware IPS Benefits

• Improved focus on critical events

• Automated, accurate relevance

• Real-time update of vulnerability details for specific host(s)

• Leverages Foundstone investment

Simplifying Risk Management

Integration with Vulnerability Manager gain real-time visibility into events


Optimized for Real Networks

Simplified Network Integration

Highest port density, 10GE support

Low latency, bump in the wire

High throughput across product models

Redundant pair, load sharing

Data-Center Ready

10Gbps Certified performance

Up to 1000 Virtual Systems

10GE Connectivity

Enterprise Campus

High Density Perimeter

WAN Edge

WAN Aggregation

Virtual systems per branch, internal network

Flexible 10/100/1000/10G and VLAN support

High Availability

Flexible Fail Open/Closed modes

Dual hot-swappable AC & DC power

Purpose-built HW, no removable media

M-8000

M-3050

Data Center

Branch Site

M-1250


The Result

McAfee M-Series Network IPS

Unparalleled

Protection

Operational

Excellence

Lifecycle Protection

Mcafee ips nsp-2011

Technology