McAfee’s Network Security Framework provides intelligence, risk management, and data analysis
McAfee announced a network security framework designed to provide network administrators with intrusion prevention systems that provide context, content and application awareness.
The new network security framework integrates intrusion prevention systems with advanced features such as application visibility and integrated threat context, McAfee said on 11 October. The framework is based on Network Security Platform 7 for network intrusion prevention system and is focused on helping enterprises prevent increasingly sophisticated attacks on their networks, according to the company.
The McAfee framework also includes application awareness and control, predictive threat intelligence, context-aware security and content analysis. Network Security Platform integrates with other McAfee products and third-party technologies, according to Tyler Carter, senior group manager at McAfee. The combined tools give administrators complete visibility over what is happening on the network, McAfee said.
Network Security Platform provides the core-IPS capabilities in the framework, including advanced intrusion prevention system, application visibility and control, up-to-date threat information from McAfee Global Threat Intelligence, heuristics to detect botnet behavior and traffic, and threat correlation, according to Carter. Protocol-based inspection tools protect users from advanced malware, exploits targeting zero-day vulnerabilities, distributed denial-of-service attacks, and botnets. The platform can also be extended to included advanced network and data forensics as well as data leak prevention capabilities.
Application visibility and control includes Layer 7 visibility over 1,100 applications and an enhanced rules engine that can correlate application activity with network attacks. The framework provides insight into system and user behavior as well as network activity in both the physical and virtual environment. Vulnerability scans also proactively uncover problems before they are exploited.
Data collected and analysed by McAfee Labs for the McAfee Global Threat Intelligence cloud service provide detailed threats information. The data provides administrators the ability to make security decisions based on the identity and reputation of hundreds of billions of file, IP addresses, URLs, protocols and geo-locations data, McAfee said.
Next-generation network IPS
The centralised security and risk management tools for compliance reporting and defining corporate policies integrate with the platform, according to McAfee. “Network Security Platform integrates host vulnerability assessments provided by McAfee Vulnerability Manager and incorporates flow-based network behavior analysis provided by McAfee Network Threat Behavior Analysis to provide rich context on host-based risk factors and network threat activity,” Carter said.
McAfee said the new framework aligns the Network Security Platform as a “next-generation network IPS” as recently defined by market research firm Gartner. Analysts defined the next-generation platform as one that provides administrators with application, context and content awareness to offer a complete view of what is happening in the network and application, or the “full stack.” Threats use advanced techniques to avoid detection and rely on botnets to launch multi-stage attacks, and organisations have to defend accordingly, Gartner said.
“Simply stopping attacks that are looking for unpatched servers is no longer sufficient in this environment,” Gartner analysts wrote in the report, “Defining Next-Generation Network Intrusion Prevention,” released on 7 October.