Mcafee ips nsp-2011
-
Upload
luluk-kristiawan -
Category
Technology
-
view
1.415 -
download
2
description
Transcript of Mcafee ips nsp-2011
Confidential McAfee Internal Use Only
9-Nov-11
Global Network Protection McAfee Network Intrusion Prevention
Luluk Kristiawan
IT Security Consultant
Confidential McAfee Internal Use Only 2/16/11 2
Agenda
►New Economy, New Challenges
►Introducing the McAfee Network Security Platform
►Protecting Every Angle
Confidential McAfee Internal Use Only
SECURITY CHALLENGE
2/16/11
Confidential McAfee Internal Use Only 2/16/11 4
Protecting Enterprise Applications
Attacks from Every Angle Web, mail, media, and direct attack vectors.
Botnets are public enemy #1.
Web 2.0 Risks Hundreds of thousands of compromised
websites & deliberate malware hosts
Productivity and Continuity Impact
Rapid expansion of new vulnerabilities forcing IT
into more out-of-cycle patches
Growth & Scalability 10Gbps requirements becoming real; Appliance
sprawl an ops issue
Global Security
Management
“Swivel Chair Integration” inadequate for global
deployments
Confidential McAfee Internal Use Only 2/16/11 5
Threat Trends Continue to Accelerate
Hundreds of Application Vulnerabilities
400,000 Web Malware Hosts
5000 DoS Targets/day
2005 2006 2007 2008 2009
Confidential McAfee Internal Use Only
“PATCH and PRAY” install the patch and pray it works.
2/16/11
Confidential McAfee Internal Use Only
MCAFEE IPS : NETWORK SECURITY PLATFORM
Market Positioning
2/16/11
McAfee Confidential—Internal Use Only
NSP is the Industry’s Leading IPS
“The M-8000 offers the highest accuracy and throughput of any product we've tested to date.”
McAfee’s Network Security
Manager (NSM) was simple to use
and flexible, allowing for rapid
deployment of devices with
effective pre-defined policy
choices. Tuning and maintenance
is simple and well-thought out.
No other vendor can show such
sustained excellence in IPS!
According to the 2010 NSS Group Summary Report:
Confidential McAfee Internal Use Only 2/16/11 9
McAfee: Uniquely Qualified to Protect Your Network
Validated 10G+ performance, 100%
accuracy Network IPS
Dedicated Security R&D
Years of Award Winning
McAfee Confidential—Internal Use Only
MCAFEE IPS : NETWORK
SECURITY PLATFORM
The Advantages of Product
Confidential McAfee Internal Use Only 2/16/11 11
Introducing the Network Security Platform
Protocol &
Application
Behavior
Attacks and
Exploit
Network
Behavior
Evasion &
Obfuscation
McAfee Global Threat Intelligence
Content, Source, and
Web Reputation
Cutting-edge Network IPS
World’s most advanced threat
protection platform
Integration with world-class
Security portfolio
Confidential McAfee Internal Use Only 2/16/11 12
Benefits of the Network Security Platform
Vulnerability-based Threat Protection Best Zero-day vulnerability coverage Best-in-class protection for all major
application vulnerabilities: Adobe, Oracle, Cisco, Microsoft, etc.
Best-in-class Protection: Bots to Datacenters
Best Denial of Service protections Real-time web-borne malware
protection Built-in anti-phishing and P2P SSL Decryption
Architected for High Performance Networks
10G Certified High density and high-availability Class-leading virtual systems
support Lifecycle protection
M-Series Network
Security Platform Family
Confidential McAfee Internal Use Only 2/16/11 13
Scalability to Protect Your Global Network
SMB and Branch Office Enterprise Perimeter Enterprise, Data Center Service Providers
Enterprise Core, Data Center
Service Providers
100 Mbps
200 Mbps
5 Gbps
10 Gbps
3 Gbps
1.5 Gbps
Beyond 10 Gigabit performance
High-reliability and Scalability
Highest port-density available
Common Management Console
600 Mbps
M-2750
M-1450
M-1250
M-6050
M-8000
M-4050
M-3050
10GE Connectivity
McAfee Confidential—Internal Use Only
How McAfee Global Threat Intelligence Works Delivering the Most Comprehensive Intelligence in the Market
McAfee Labs
Email Firewall IPS DLP Web AWL ePO AV
File Reputation
Engine
Web Reputation
Engine
Network Reputation
Engine
Email Reputation
Engine
Vulnerability Information
Threat Intelligence Feeds
Other feeds
& analysis Servers Firewalls Endpoints Appliances
Mobile
McAfee Confidential—Internal Use Only
Why McAfee is Best Positioned to Deliver GTI The Most Robust Telemetry Data in the Market
February 16, 2011 15
• 2.5B Malware Reputation Queries/Month
• 20B Email Reputation Queries/Month
• 75B Web Reputation Queries/Month
• 2B IP Reputation Queries/Month
• 300M IPS Attacks/Month
• 100M Ntwk Conn Rep Queries/Month
• 100+ BILLION QUERIES
Queries
Nodes
• Malware: 40M Endpoints
• Email: 30M Nodes
• Web: 45M Endpoint and Gateway Users
• Intrusions: 4M Nodes
• 100+ MILLION NODES, 120 COUNTRIES
Confidential McAfee Internal Use Only 2/16/11 16
World’s Most Advanced Denial of Service
Protections
Threshold-based Protection
Optimized and simplified to set and forget
Easy to set thresholds
ICMP, TCP SYN, UDP, IP fragments, and other settings
Self-learning Profiles
Patented techniques to learn your network behavior and adapt
Self-learning for entire enterprises and target environments
Fully segmented on VIPS
Confidential McAfee Internal Use Only 2/16/11 17
Simplifying Threat Management
Integration with ePO to give real-time system visibility
System-Aware
IPS with ePO Host Data Simple right-click provides real-
time details of Source or
Destination IPs
Provides hostname, user name,
OS, patch level, MAC address, last
scan date and other protection
policies Top 10 Host Intrusion
events
System-Aware IPS Benefits
Faster time-to-confidence
Visibility
Efficiency
Relevance
Leverages ePO investment
Confidential McAfee Internal Use Only 2/16/11 18
Real-Time Risk-Aware IPSFeatures
• Auto import of Vulnerability Manager scan reports
• “Scan now” provides on-demand VM relevancy on a per-host(s) basis
Real-Time Risk-Aware IPS Benefits
• Improved focus on critical events
• Automated, accurate relevance
• Real-time update of vulnerability details for specific host(s)
• Leverages Foundstone investment
Simplifying Risk Management
Integration with Vulnerability Manager gain real-time visibility into events
Confidential McAfee Internal Use Only 2/16/11 19
Optimized for Real Networks
Simplified Network Integration
Highest port density, 10GE support
Low latency, bump in the wire
High throughput across product models
Redundant pair, load sharing
Data-Center Ready
10Gbps Certified performance
Up to 1000 Virtual Systems
10GE Connectivity
Enterprise Campus
High Density Perimeter
WAN Edge
WAN Aggregation
Virtual systems per branch, internal network
Flexible 10/100/1000/10G and VLAN support
High Availability
Flexible Fail Open/Closed modes
Dual hot-swappable AC & DC power
Purpose-built HW, no removable media
M-8000
M-3050
Data Center
Branch Site
M-1250
Confidential McAfee Internal Use Only 2/16/11 20
The Result
McAfee M-Series Network IPS
Unparalleled
Protection
Operational
Excellence
Lifecycle Protection