How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)



Similar documents
McAfee Botnet Protection: Correlation, Context and Intelligence. REV: (July 2011)

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

McAfee Network Security Platform

SourceFireNext-Generation IPS

IBM Advanced Threat Protection Solution

Modular Network Security. Tyler Carter, McAfee Network Security

Requirements When Considering a Next- Generation Firewall

Cisco Advanced Malware Protection

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

IBM Security Intrusion Prevention Solutions

Sourcefire Next-Generation IPS

Cisco IPS Tuning Overview

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

How To Buy Nitro Security

Cisco Cloud Web Security

Devising a Server Protection Strategy with Trend Micro

Symantec Brightmail Gateway Real-time protection backed by the largest investment in security infrastructure

Devising a Server Protection Strategy with Trend Micro

Решения HP по информационной безопасности

Sourcefire Next-Generation IPS

Open Source Software for Cyber Operations:

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

QRadar SIEM and FireEye MPS Integration

Cisco Security Intelligence Operations

Concierge SIEM Reporting Overview

IBM Security IBM Corporation IBM Corporation

Cloud and Data Center Security

Intrusion Detection and Intrusion Prevention. Ed Sale VP of Security Pivot Group, LLC

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Enterprise Buyer Guide

Technology Blueprint. Defend Against Denial of Service Attacks. Protect each IT service layer against exploitation and abuse

Business Case for a DDoS Consolidated Solution

Top 10 Reasons Enterprises are Moving Security to the Cloud

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

McAfee Network Security Platform A uniquely intelligent approach to network security

IBM Internet Security Systems

Cisco Web Security: Protection, Control, and Value

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

Introducing IBM s Advanced Threat Protection Platform

Network Performance + Security Monitoring

Architecture Overview

Symantec Messaging Gateway 10.6

SANS Top 20 Critical Controls for Effective Cyber Defense

McAfee Deep Safe. Security beyond the OS. Kai-Ping Seidenschnur Senior Security Engineer. October 16, 2012

Readiness Assessments: Vital to Secure Mobility

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:

Advantages of Managed Security Services

High End Information Security Services

Technology Blueprint. Protect Your VoIP/SIP Servers. Insulating your voice network and its servers from attacks and disruption

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

RAVEN, Network Security and Health for the Enterprise

Cisco ASA 5500 Series Advanced Inspection and Prevention Security Services Module

Stop advanced targeted attacks, identify high risk users and control Insider Threats

IBM Security Network Protection

IBM QRadar Security Intelligence Platform appliances

The Hillstone and Trend Micro Joint Solution

IBM QRadar Security Intelligence April 2013

The Need for Intelligent Network Security: Adapting IPS for today s Threats

McAfee Server Security

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Content Security: Protect Your Network with Five Must-Haves

Symantec Messaging Gateway 10.5

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Customer Service Description Next Generation Network Firewall

Next Generation IPS and Reputation Services

Firewall and UTM Solutions Guide

POLIWALL: AHEAD OF THE FIREWALL

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

BlackRidge Technology Transport Access Control: Overview

QRadar SIEM and Zscaler Nanolog Streaming Service

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Virtual Patching: a Proven Cost Savings Strategy

Symantec Messaging Gateway powered by Brightmail

Non-Geeks Guide to. Network Threat Prevention

Securing the Intelligent Network

Technology Blueprint. Assess Your Vulnerabilities. Maintain a continuous understanding of assets and manage vulnerabilities in real time

Securing the Internet of Things OEM capabilities assure trust, integrity, accountability, and privacy.

Cisco and Sourcefire. AGILE SECURITY : Security for the Real World. Stefano Volpi

Adaptive Intelligent Firewall - der nächste Entwicklungssprung der NGFW. Jürgen Seitz Systems Engineering Manager

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Cisco Advanced Malware Protection for Endpoints

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

First Line of Defense to Protect Critical Infrastructure

POLIWALL: AHEAD OF THE FIREWALL

COUNTERSNIPE

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

Transcription:

McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1

Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload Aware Intrusion Detection...5 3. Next Generation Intrusion Prevention System (NGIPS)...6 3.1 Automate Security with Contextual Awareness...6 3.2 IPS and NGIPS Hardware and Technology...6 3.3 How the NGIPS Uses Contextual Awareness to Fuel Intelligent Automation...6 4. Network Intrusion Prevention...7 4.1 McAfee Network Security Manager...7 4.2 McAfee Network Security Platform...7 4.3 McAfee Network Threat Response...7 2

1. MCAFEE NETWORK SECURITY PLATFORM The McAfee Network Security Platform includes enhanced botnet control through reputation intelligence, virtual network inspection and a traffic analysis port for network monitoring, forensics and other advanced analysis engines. McAfee surpasses traditional Network Intrusion Prevention Systems (NIPS) by providing a greater level of network intelligence across both physical and virtual environments. Real time, reputation based intelligence supplied through McAfee Global Threat Intelligence provides McAfee Network Security Platform users with additional context for enforcing network security policies, not to mention faster, more accurate threat detection. McAfee Network Security Platform includes: Enhanced botnet control: File and network connection reputation feeds from cloud based McAfee Global Threat Intelligence allows Network Security Platform to perform in line botnet prevention based on over 60 million malware samples and the reputation of hundreds of millions of network connections based on over two billion IP reputation queries each month. This external intelligence provides vital context for faster, more accurate detection and prevention. Traffic analysis port: Traffic redirect capabilities allow arbitrary network traffic to be subjected to additional inspection by McAfee and third party products, including data loss prevention, network forensics and advanced malware analysis tools. Virtual network inspection: Enables the Network Security Platform sensors to examine intervirtual machine traffic on virtual environments and provide attack detection for virtual data center environments. Network Security Platform can inspect traffic both within virtual environments and between virtual and physical environments, giving organizations the same level of visibility regardless of where the traffic flows. 3

2. MCAFEE HOST INTRUSION PREVENTION FOR SERVER Your corporate servers house your organization s most valuable assets and information. They literally must be up and running to keep your business up and running. One of the major IT challenges you face is to successfully protect your servers and their hosted applications from known and unknown attacks that threaten to disrupt your business. McAfee Host Intrusion Prevention for Server delivers specialized web and database server protection to maintain system uptime and business continuity. This technology provides the industry s only dynamic and stateful firewall to shield against advanced threats and malicious traffic. In addition, it also provides signature and behavioral intrusion prevention system protection. McAfee Host Intrusion Prevention for Server reduces patching frequency and urgency, preserves business continuity and employee productivity, protects data confidentiality, and simplifies regulatory compliance. Enforce the broadest IPS and zero day threat protection coverage across all levels: network, application, and system execution. McAfee Host Intrusion Prevention for Desktops safeguards your business against complex security threats that may otherwise be unintentionally introduced or allowed by desktops and laptops. Host Intrusion Prevention for Desktops is easy to deploy, configure, and manage. 2.1 Network IPS Proactive protection for unpatched systems Proactive protection for zeroday attacks System aware IPS with epo integration Real time host IPS integration and visibility Next gen 10 Gigabit Ethernet Adaptive rate limiting Built in host quarantine 4

2.2 Workload-Aware Intrusion Detection McAfee s adaptive Intrusion Detection and Prevention System (IDS/IPS) takes a set of input signatures and network traffic characteristics and identifies intrusions by matching them with network traffic. McAfee s adaptive algorithm systematically profiles attack signatures and network traffic to generate a high performance and memory efficient packet inspection strategy. Two distinct components: a profiler that analyzes the input rules and the observed network traffic to produce a packet inspection strategy, and an evaluation engine that pre processes rules according to the strategy and evaluates incoming packets to determine the set of applicable signatures. The core component of popular IDSs (Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), like Snort [67], is a deep packet inspection engine that checks incoming packets against a database of known signatures (also called rules). 5

3. NEXT-GENERATION INTRUSION PREVENTION SYSTEM (NGIPS) 3.1 Automate Security with Contextual Awareness Today s networks are highly dynamic, where new technologies cause ever increasing complications. As the number and type of applications and systems on your network continues to grow, information security risks also develop rapidly in quantity and extent as attackers become more sophisticated and crafty. Sourcefire Next Generation IPS raises the bar for IPS technology by integrating real time contextual awareness into its inspection. The system gathers information about network and host configurations, applications and operating systems, user identity, and network behavior and traffic baselines. By having the utmost visibility into what s running on your network, NGIPS offers event impact assessment, automated IPS tuning, and user identification to significantly lower the total cost of ownership. 3.2 IPS and NGIPS Hardware and Technology Sourcefire IPS and NGIPS solutions take advantage of the best hardware technology in the industry, providing IPS inspected throughput options ranging from 20Gbps down to 5Mbps. Upgrading Sourcefire IPS to NGIPS is as easy as adding a license to your software. The new Sourcefire 3D8000 Series appliances offer interface modularity, expandability, and scalability. Modularity provides a low entry price and enables you to choose the number of ports and media type for your network and swap out interface types as needed. Expandability gives you the option to pay for network interfaces as you grow. Scalability enables you to add additional processing power through appliance stacking. 3.3 How the NGIPS Uses Contextual Awareness to Fuel Intelligent Automation 6

4. NETWORK INTRUSION PREVENTION McAfee s Network Intrusion Prevention products are designed to keep your business running and secure with industry leading defense against hackers, malware, and other exploits. With comprehensive coverage and robust protection, configuration is easy via McAfee s simplified, centralized, web based management console. 4.1 McAfee Network Security Manager With the McAfee Network Security Manager you can configure, deploy, and administer multiple McAfee intrusion prevention system (IPS) and Network Access Control appliances through a single, straightforward management console. 4.2 McAfee Network Security Platform McAfee Network Security Platform is the industry s most secure network IPS. Backed by McAfee Labs, it protects customers on average 80 days ahead of the threat. It blocks attacks in real time, before they can cause damage, and protects every network connected device. With Network Security Platform, you can automatically manage risk and enforce compliance while improving operational efficiency and reducing IT efforts. 4.3 McAfee Network Threat Response McAfee s Network Threat Response is used by top security analysts to uncover threats and perform forensic investigations that can successfully distinguish and effectively counter malware. 7

Intrusion prevention system (IPS) A preemptive approach to host and network security used to identify and quickly respond to potential threats. An IPS monitors individual host and network traffic. An attacker might carry out an attack immediately after gaining access, so an IPS can take immediate action as preset by the network administrator. Host Intrusion Prevention System (HIPS) A system that defends desktops and servers with combined signature, behavioral, and firewall protections. Network intrusion prevention system, network IPS, NIPS Software or a device that monitors network traffic and prevents attacks on a network or system. McAfee Network Security Platform is one example. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information