Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Â
Mcafee ips nsp-2011
1. Global Network Protection
McAfee Network Intrusion Prevention
Luluk Kristiawan
IT Security Consultant
9-Nov-11
Confidential McAfee Internal Use Only
2. Agenda
âşNew Economy, New Challenges
âşIntroducing the McAfee Network Security Platform
âşProtecting Every Angle
2 2/16/11 Confidential McAfee Internal Use Only
4. Protecting Enterprise Applications
ď§ Attacks from Every Angle ď§ Web, mail, media, and direct attack vectors.
Botnets are public enemy #1.
ď§ Web 2.0 Risks ď§ Hundreds of thousands of compromised
websites & deliberate malware hosts
ď§ Productivity and Continuity ď§ Rapid expansion of new vulnerabilities forcing IT
Impact into more out-of-cycle patches
ď§ Growth & Scalability ď§ 10Gbps requirements becoming real; Appliance
sprawl an ops issue
ď§ Global Security ď§ âSwivel Chair Integrationâ inadequate for global
Management deployments
4 2/16/11 Confidential McAfee Internal Use Only
5. Threat Trends Continue to Accelerate
ďˇ Hundreds of Application Vulnerabilities
2005 2006 2007 2008 2009
ďˇ 5000 DoS Targets/day
ďˇ 400,000 Web Malware Hosts
5 2/16/11 Confidential McAfee Internal Use Only
8. NSP is the Industryâs Leading IPS
âThe M-8000 offers the highest accuracy and throughput of any product we've tested to date.â
McAfeeâs Network Security
Manager (NSM) was simple to use
and flexible, allowing for rapid
deployment of devices with
effective pre-defined policy
choices. Tuning and maintenance
is simple and well-thought out.
No other vendor can show such
sustained excellence in IPS!
According to the 2010 NSS Group Summary Report:
McAfee ConfidentialâInternal Use Only
9. McAfee: Uniquely Qualified to Protect Your Network
ďˇ Validated 10G+ performance, 100%
accuracy Network IPS
ďˇ Dedicated Security R&D
ďˇ Years of Award Winning
9 2/16/11 Confidential McAfee Internal Use Only
10. The Advantages of Product
MCAFEE IPS : NETWORK
SECURITY PLATFORM
McAfee ConfidentialâInternal Use Only
11. Introducing the Network Security Platform
McAfee Global Threat Intelligence
ďˇ Cutting-edge Network IPS
ďˇ Worldâs most advanced threat
Protocol & Network
Application Behavior protection platform
Behavior
ďˇ Integration with world-class
Security portfolio
Evasion & Attacks and
Obfuscation Exploit
Content, Source, and
Web Reputation
11 2/16/11 Confidential McAfee Internal Use Only
12. Benefits of the Network Security Platform
ď§ Vulnerability-based Threat Protection
ď§ Best Zero-day vulnerability coverage
ď§ Best-in-class protection for all major
application vulnerabilities: Adobe,
Oracle, Cisco, Microsoft, etc.
ď§ Best-in-class Protection: Bots to
Datacenters
ď§ Best Denial of Service protections
ď§ Real-time web-borne malware
protection
ď§ Built-in anti-phishing and P2P
ď§ SSL Decryption
ď§ Architected for High Performance
Networks
ď§ 10G Certified
ď§ High density and high-availability M-Series Network
ď§ Class-leading virtual systems Security Platform Family
support
ď§ Lifecycle protection
12 2/16/11 Confidential McAfee Internal Use Only
13. Scalability to Protect Your Global Network
M-8000
10 Gbps
M-6050
5 Gbps
M-4050
3 Gbps
M-3050
10GE Connectivity
1.5 Gbps
M-2750
600 Mbps
M-1450 ďˇ Beyond 10 Gigabit performance
200 Mbps ďˇ High-reliability and Scalability
M-1250 ďˇ Highest port-density available
100 Mbps ďˇ Common Management Console
SMB and Branch Office Enterprise Perimeter Enterprise, Data Center Enterprise Core,
Service Providers Data Center
Service Providers
13 2/16/11 Confidential McAfee Internal Use Only
14. How McAfee Global Threat Intelligence Works
Delivering the Most Comprehensive Intelligence in the Market
Threat Intelligence Feeds
Other feeds
Endpoints Appliances Servers Firewalls
& analysis
McAfee Labs
File Reputation Email Reputation
Engine Engine
Web Reputation Network Reputation
Engine Engine
Vulnerability Information
ePO IPS Firewall Email Web AV AWL DLP Mobile
McAfee ConfidentialâInternal Use Only
15. Why McAfee is Best Positioned to Deliver GTI
The Most Robust Telemetry Data in the Market
⢠2.5B Malware Reputation Queries/Month
⢠20B Email Reputation Queries/Month
⢠75B Web Reputation Queries/Month
Queries ⢠2B IP Reputation Queries/Month
⢠300M IPS Attacks/Month
⢠100M Ntwk Conn Rep Queries/Month
⢠100+ BILLION QUERIES
⢠Malware: 40M Endpoints
⢠Email: 30M Nodes
Nodes ⢠Web: 45M Endpoint and Gateway Users
⢠Intrusions: 4M Nodes
⢠100+ MILLION NODES, 120 COUNTRIES
15 February McAfee ConfidentialâInternal Use Only
16, 2011
16. Worldâs Most Advanced Denial of Service
Protections
ďˇ Threshold-based Protection
ď Optimized and simplified to set and forget
ď Easy to set thresholds
ď ICMP, TCP SYN, UDP, IP fragments, and other settings
ďˇ Self-learning Profiles
ď Patented techniques to learn your network behavior and adapt
ď Self-learning for entire enterprises and target environments
ď Fully segmented on VIPS
16 2/16/11 Confidential McAfee Internal Use Only
17. Simplifying Threat Management
Integration with ePO to give real-time system visibility
System-Aware
IPS with ePO Host Data
ďˇ Simple right-click provides real-
time details of Source or
Destination IPs
ďˇ Provides hostname, user name,
OS, patch level, MAC address, last
scan date and other protection
policies Top 10 Host Intrusion
events
System-Aware IPS Benefits
ďˇ Faster time-to-confidence
ďˇ Visibility
ďˇ Efficiency
ďˇ Relevance
ďˇ Leverages ePO investment
17 2/16/11 Confidential McAfee Internal Use Only
18. Simplifying Risk Management
Integration with Vulnerability Manager gain real-time visibility into events
Real-Time Risk-Aware IPSFeatures
⢠Auto import of Vulnerability
Manager scan reports
⢠âScan nowâ provides on-demand
VM relevancy on a per-host(s) basis
Real-Time Risk-Aware IPS Benefits
⢠Improved focus on critical events
⢠Automated, accurate relevance
⢠Real-time update of vulnerability
details for specific host(s)
⢠Leverages Foundstone investment
18 2/16/11 Confidential McAfee Internal Use Only
19. Optimized for Real Networks
ď§ Simplified Network Integration ď§ High Density Perimeter
ď Highest port density, 10GE support ď WAN Edge
ď Low latency, bump in the wire ď WAN Aggregation
ď High throughput across product models ď Virtual systems per branch, internal network
ď Redundant pair, load sharing ď Flexible 10/100/1000/10G and VLAN support
ď§ Data-Center Ready ď§ High Availability
ď 10Gbps Certified performance ď Flexible Fail Open/Closed modes
ď Up to 1000 Virtual Systems ď Dual hot-swappable AC & DC power
ď 10GE Connectivity ď Purpose-built HW, no removable media
Data Center
Branch Site Enterprise Campus M-8000
M-1250 M-3050
19 2/16/11 Confidential McAfee Internal Use Only