McAfee Network Security Platform

In recent years all of us face absolutely new, very difficult attacks on our corporate resources thicket and more often. The cause is including there was consolidation of hackers in very serious organizations. Here the Anonymous group can be an excellent example. These guys terrorize the world, and almost each their attack becomes a global problem for the attacked organization. Networks of public institutions and the plants are hacked, national security of the whole states is threatened. It would be time to integrate also security in your network!

Reactive approach to security does not bring desirable result — today it is impossible to solve a problem, trying to detect sources of threats and to prohibit access to them. Permanent total blocking of sources of infection will lead to the fact that quite often you should block access to quite legitimate resources, and it will serve bad service to business of your company. Elimination of effects of any serious incident in the field of security should begin with determination of a root of emergence of the problem which led to an incident. In the separated security systems it is impossible to make it as you do not know and you do not see all picture of the events in your networks. Time to refuse slow, old, not ready to integration with other elements of security of intrusion detection systems came. They should be sent for deserved rest. We in McAfee (100% subsidiary company Intel) suggest to solve a security concern using essentially new approach. Our main philosophy — consolidation of all modules of security in a uniform ecosystem. Without such consolidation it is impossible to speak about full protection of corporate resources. McAfee Network Security Platform is the key product allowing to integrate separate security systems in a uniform ecosystem. Eventually, imagine trade organization in which 100 or 200 employees work, and these employees never communicate among themselves, nobody sets to anybody any tasks, nobody on anybody consults at adoption of these or those solutions. Whether such organization will work effectively? The same happens also to security. Singles do not cope. Is not present and there will never be ideal systems capable to solve any problem. If the separate solutions involved in a security system do not communicate about threats of any activity of users, databases, mail and Web servers, a billing system and applications used in network, then it is impossible to construct really effective security system!

In the market there is a huge set of solutions, and all only and speak about that how many new ticks and functions appeared in the new version of this or that product what is reached performance, etc.! At the same time nobody speaks how to integrate all those 10 or 20 solutions on security in something uniform, fast, intellectual, capable to foresee a situation and ready to reflection of the most sophisticated attacks.

The new version of solution IPS/IDS of McAfee Network Security Platform which since 2003 is in group of leaders in a magic quadrant of Gartner has extensive base of signatures for the most different attacks, including on SCADA system. This solution allows to visualize all traffic in corporate network up to the application, a user name, a risk source. It is capable to protect your resources from DOS/DDOS attacks, from attacks from outside a bot networks, from the viruses trying to get into your infrastructure. At the same time thanks to integration with vCenter of VMware company it provides protection of both physical, and virtual devices. The confirmed performance of McAfee Network Security Platform is up to 10 Gbps on one device with all included rules (including at inclusion of check of SSL).

But all this not the main thing. The main thing the fact that McAfee Network Security Platform can act as the center for decision making for incidents in a security system. In this case we understand the whole platform, but not just separate product as IPS.

The most important is a support of external contexts today. It is not just about capability of a product to be integrated into third-party consoles for issue of notifications about incidents in a security system, and about its full embedding in other solutions thanks to what it is possible to build the full-fledged platform consisting of cross-functional products.

McAfee Network Security Platform is native supports the GTI technology allowing to define reputation of the file, network, the domain, the IP address, URL, vulnerability. GTI is the largest base of reputations in the world. Support of this technology also allows McAfee IPS to change dynamically the actions applied to communication with a certain resource. For example, McAfee IPS can block connections with the resources having bad reputation and to send to a quarantine of connection with the resources having average reputation. At the same time change of rating of a resource in GTI base will lead to automatic change of action from McAfee IPS. Among other things GTI helps with identification of the unknown attacks. The research center McAfee Labs studies the known and possible unknown threats, existence in GTI base of unique comprehensive information on security (so-called security by 360 degrees) becomes result of what. This technology justifies the use for many years. The fact that GTI helped our clients to be protected from such attacks as Aurora, Staksnet, Red October and others in due time is an excellent example. You for certain read every day about new and new clones of the most different threats, since viruses and finishing with exploits. GTI knows about the most important! GTI studies attack vectors, GTI knows how the basis of the attack looks, GTI knows about an entity of the attack, GTI knows how to protect your infrastructure even without updating of any signatures.

McAfee Network Security Platform supports native integration into the analyzer of vulnerabilities McAfee Vulnerability Manager that allows to change dynamically rules of protection for certain assets. For example, McAfee IPS can independently define what rules of protection will work for hosts based on Windows and what will work for servers running Linux. At the same time change of the version or the OS type on a host will lead to automatic change of the rule applied to this host. Besides you can perform scanning of any hosts on existence at them of vulnerabilities, without leaving the management console of IPS.

McAfee Network Security Platform supports native integration from McAfee Host IPS allowing products to share information on the threats recorded at the level of network and host level. At this McAfee IPS can dynamically influence the rules of protection applied on Host IPS.

McAfee Network Security Platform supports integration with McAfee SIEM. Having ample opportunities on consolidation of all sources of events of corporate network, whether it be the switch, the router, the database or the cash register, McAfee SIEM allows McAfee Network Security Platform to receive a comprehensive picture of the events in network, thereby giving an opportunity to influence rules of protection for any participant of your infrastructure in the automatic mode.

Let's remember time when in our companies there were no ERP systems. Human resource management existed separately, management of finance — separately, asset management — separately. At some point all understood that without consolidation of all controls by the enterprise in a single system there will be no development, there will be no opportunity to be ahead of the rival in competitive struggle. The same occurs in security market today. Turn the infrastructure of security into a convenient ecosystem in which the solution of the most difficult questions, for protection of your business will require seconds, but not hours, and even days.

The McAfee company brings the new integrating platform capable to resist to the most difficult attacks to the market. In the current year the McAfee Network Security Platform platform will receive the FSTEC certificate on the 5th level of protection.

McAfee Network Security Platform 6

McAfee Network Security Platform 6 for the first time received tools for the analysis of the packets transferred on internal corporate network, – it helps to reveal signs of invasions at the earliest stages. Besides, the packet of McAfee Network Security Platform 6 has the developed potential of detection of work of botnets now, revealing the behavior characteristic of "zombie" machines.

The new version of a packet of Network Security Platform 6 gives to administrators a real opportunity for the analysis of network traffic in virtual environments, in physical network infrastructure and also in channels between the virtual machine and the equipment servicing it. In particular, supervision of traffic of virtual networks is implemented for Wednesdays on the VMware platform. Support of virtual environments based on technologies of Microsoft and Citrix is still unavailable, but developers consider the possibility of its implementation in the near future.

The intrusion prevention system of Network Security Platform 6 uses the system of agency modules which the McAfee company licensed at the OEM partner – Reflex Systems company. The agency module works under control of a hypervisor of VMware, duplicating and collecting information on traffic, and collected data are transferred out of limits of the virtual machine to a physical medium. As the analysis of traffic is made by the physical machine, the capacity of each separate virtual machine does not suffer.

McAfee Network Security Platform серии NS

McAfee Network Security Platform of the NS series is a new intrusion prevention system (IPS) in network on the basis of technology of Intel. The McAfee platform of the NS series having the maximum capacity up to 40 Gbps increased by scalability and additional computing power for start of services IPS of the next generation sets the new standard of high-speed performance of the high-speed IPS systems.

The McAfee platform of the NS series is the first hardware platform of IPS created on the basis of technology of Intel, and, unlike devices of the previous series, having more compact construction. Intel developed by engineers and McAfee a new hardware platform allows to maximize efficiency and to increase high-speed performance level. Besides, the platform of a new series has one of the indicators of density of ports, best in the industry, that gives to clients additional freedom of choice at deployment of the platform. Differing in the increased level of scalability, McAfee Network Security Platform simplifies to clients a problem of deployment and gives them the chance with bigger ease to satisfy the growing requirements of network.

"Though capability of the McAfee platform of the new NS series to pass the raw data impresses in itself, the most interesting are the full-function services IPS of the next generation which are engaged in processing of these data — Pat Calhoun, the senior vice president and the general manager of division of network security of McAfee noted. — The IPS functions of the next generation are discussed in the industry of IPS several years, but when carrying out tests for scalability these services almost always disconnect, sacrificing security to capacity. Services IPS of the next generation, such as collection of information about applications, situation analysis and the analysis of behavior, are necessary for fight against modern threats to the increased complexity".

Presence at the McAfee platform of the NS series of additional computing power not only allows to lift the general standard of capacity of the IPS systems which are available in the market, but also promotes more realistic understanding the principles of truly scalable IPS system to which the McAfee company adhered from the very beginning. High-speed performance of the McAfee platform of the NS series makes 40 Gbps with all started services NGIPS. Demand for additional capacity does not decrease, a 10-gigabit and 40 gigabit Ethernet extend in high gear therefore the IPS systems with the increased scalability level are necessary for data processing centers.

Certification on compliance to requirements of FSTEC

Within certification of a set of McAfee Network Security Platform were tested the following products:

• McAfee Network Security M-4050 Sensor Appliance with the software of version 7.1
• Management console: McAfee Network Security Manager of version 7.1

As a result of tests it was proved that characteristics of the certified solution McAfee Network Security Platform conform to requirements of a task for security and "Requirements to intrusion detection systems" (FSTEC of Russia, 2011) on the fifth class of protection for intrusion detection systems of level of network.

Certificate of conformity No. 2907 was issued by the Federal Service for Technical and Export Control on June 21, 2013. Certification of life is carried out for the scheme of production.