The network security framework includes the new McAfee Network Security Platform 7 which features application visibility and integrated threat-context, aligning it with Gartner’s criteria for next-generation network IPS.
“Gartner uses the term ‘next-generation network IPS’ to indicate the necessary evolution of network IPS to deal with changes in network communications and applications and changes in the threat landscape,” says Greg Young, Gartner Research. “As a minimum, a next-gen IPS will have standard first-generation IPS capabilities plus application awareness, context awareness, content awareness especially providing full stack inspection.”
The McAfee network security framework includes the following aspects:
- Advanced Network IPS: With tens of thousands of sensors deployed worldwide, McAfee Network Security Platform protects more enterprises worldwide than any other vendor. Its protocol-based inspection provides protection against advanced malware, zero-day attacks, DDoS attacks, and botnets. The latest release includes new DoS, DDoS prevention capabilities and dozens of new botnet heuristics to more accurately and confidently identify misbehaving systems.
- Application awareness and control: The Platform combines advanced threat prevention and application awareness into a single security decision engine. It includes Layer 7 visibility of over 1,100 applications and enhanced rule definition for simple application control, including the ability to correlate application activity with network attacks to intelligently affect security enforcement decisions.
- Predictive threat intelligence: McAfee’s network security framework incorporates McAfee Global Threat Intelligence (GTI), providing organizations with protection against emerging threats. It is the only IPS solution that can affect inline security decisions based on the identity and reputation of hundreds of billions of file, IP, URL, protocol, and geo-location data.
- Context-aware security: Separating noise from legitimate threats can take up most of a security administrator’s day, McAfee network security framework correlates data from several sources – McAfee GTI, vulnerability scans, application visibility, network behavior – to identify attacks, eliminate false positives and make dynamic enforcement recommendations. For example, a medium confidence ‘alert-only’ event can be dynamically upgraded to a high confidence ‘block’ event based on the correlation of built-in attack definitions and IP reputation intelligence.
- Content analysis: Targeted attacks using advance malware techniques are becoming increasingly common, and cybercriminals are finding ways around traditional black-list based security systems. Integration with advanced malware detection, network forensics and data loss prevention tools make McAfee’s network security framework an ideal tool against theft of an organization’s intellectual property.