What is the McAfee Network Security Platform?
The McAfee Network Security Platform is a combination of network appliances and software that combines high performance with comprehensive threat detection. In recent years, cyberattacks threaten businesses and organizations with sophisticated tricks and new techniques that are created every day. With the expanded introduction of telework and increased network access from outside companies, it is essential to strengthen the information security of corporate organizations. For that purpose, it is essential to construct a secure environment that supports the public cloud through a threat detection function that does not rely solely on signatures. In addition to conventional public server defense, there is also a need for functions to detect and protect against targeted attacks and other cyberattacks, and to detect and protect against attacks targeting the cloud environment being used. The McAfee Network Security Platform provides flexible configuration for the customer’s environment.
Features
Combines threat detection performance with specially designed hardware
- IPS appliance with both high performance and detection capability
Multiple detection engines that do not rely solely on signatures and can be used for various purposes
- Virtual patches
- Visualization of communications
- Countermeasures against targeted attacks
Easy introduction even for large-scale environments
- Easy installation even in large-scale environments by utilizing manager software
- By searching past history information, it is possible to ascertain what happened before and after the malware infection
Flexible support depending on introduction environment
- Flexible support for network configuration of each customer
Share threat information by linking products
- Improved detection performance and sharing of threat information by linking with related products
Also supports cloud environments
- Also supports cloud environments in virtual appliances
The service will solve problems such as the following:
- Do not want to slow down performance due to installing a security appliance
- Want to constantly protect the organization through the latest security
- Want to take countermeasures against targeted attacks, which are increasing in recent years
- Want to use the cloud safely
Main Functions
- Supports IDS in SPAN/TAP connections
- Supports IDS/IPS in inline connections
- Redundancy is possible through failover configurations
- Possible to construct a ring aggregation environment
- Possible to construct an asymmetric routing environment
- Fail open at the time of device failure
- Position NSP sensor at the front of the server farm
- Install server farms in rooms isolated from threats
- Possible to take both entrance and exit countermeasures
- Possible to operate policies for each server farm
- Also supports virtual environments
Detection engine for targeted attack countermeasures (exit countermeasures)
| Detection engine | Detection method | Contents |
|---|---|---|
| Infected terminal detection signature | Signature | Signature-based detection of characteristic communication patterns generated by terminals infected with malware or taken over with bots |
| Advanced Botnet Detection | Behavior (Signatureless) |
Detects bot activity by correlating suspicious external communication events |
| Callback Detector Database | Database | Detects bot activity by using a DB containing local botnet information
|
| DNS Heuristic Botnet Detection | Behavior (Signature-less) |
Analysis/detection of behavior for DNS queries used by bots |