1. Global Network Protection
McAfee Network Intrusion Prevention
Luluk Kristiawan
IT Security Consultant
9-Nov-11
Confidential McAfee Internal Use Only
2. Agenda
►New Economy, New Challenges
►Introducing the McAfee Network Security Platform
►Protecting Every Angle
2 2/16/11 Confidential McAfee Internal Use Only
4. Protecting Enterprise Applications
Attacks from Every Angle Web, mail, media, and direct attack vectors.
Botnets are public enemy #1.
Web 2.0 Risks Hundreds of thousands of compromised
websites & deliberate malware hosts
Productivity and Continuity Rapid expansion of new vulnerabilities forcing IT
Impact into more out-of-cycle patches
Growth & Scalability 10Gbps requirements becoming real; Appliance
sprawl an ops issue
Global Security “Swivel Chair Integration” inadequate for global
Management deployments
4 2/16/11 Confidential McAfee Internal Use Only
5. Threat Trends Continue to Accelerate
Hundreds of Application Vulnerabilities
2005 2006 2007 2008 2009
5000 DoS Targets/day
400,000 Web Malware Hosts
5 2/16/11 Confidential McAfee Internal Use Only
6. “PATCH and PRAY”
install the patch and pray it works.
2/16/11 Confidential McAfee Internal Use Only
8. NSP is the Industry’s Leading IPS
“The M-8000 offers the highest accuracy and throughput of any product we've tested to date.”
McAfee’s Network Security
Manager (NSM) was simple to use
and flexible, allowing for rapid
deployment of devices with
effective pre-defined policy
choices. Tuning and maintenance
is simple and well-thought out.
No other vendor can show such
sustained excellence in IPS!
According to the 2010 NSS Group Summary Report:
McAfee Confidential—Internal Use Only
9. McAfee: Uniquely Qualified to Protect Your Network
Validated 10G+ performance, 100%
accuracy Network IPS
Dedicated Security R&D
Years of Award Winning
9 2/16/11 Confidential McAfee Internal Use Only
10. The Advantages of Product
MCAFEE IPS : NETWORK
SECURITY PLATFORM
McAfee Confidential—Internal Use Only
11. Introducing the Network Security Platform
McAfee Global Threat Intelligence
Cutting-edge Network IPS
World’s most advanced threat
Protocol & Network
Application Behavior protection platform
Behavior
Integration with world-class
Security portfolio
Evasion & Attacks and
Obfuscation Exploit
Content, Source, and
Web Reputation
11 2/16/11 Confidential McAfee Internal Use Only
12. Benefits of the Network Security Platform
Vulnerability-based Threat Protection
Best Zero-day vulnerability coverage
Best-in-class protection for all major
application vulnerabilities: Adobe,
Oracle, Cisco, Microsoft, etc.
Best-in-class Protection: Bots to
Datacenters
Best Denial of Service protections
Real-time web-borne malware
protection
Built-in anti-phishing and P2P
SSL Decryption
Architected for High Performance
Networks
10G Certified
High density and high-availability M-Series Network
Class-leading virtual systems Security Platform Family
support
Lifecycle protection
12 2/16/11 Confidential McAfee Internal Use Only
13. Scalability to Protect Your Global Network
M-8000
10 Gbps
M-6050
5 Gbps
M-4050
3 Gbps
M-3050
10GE Connectivity
1.5 Gbps
M-2750
600 Mbps
M-1450 Beyond 10 Gigabit performance
200 Mbps High-reliability and Scalability
M-1250 Highest port-density available
100 Mbps Common Management Console
SMB and Branch Office Enterprise Perimeter Enterprise, Data Center Enterprise Core,
Service Providers Data Center
Service Providers
13 2/16/11 Confidential McAfee Internal Use Only
14. How McAfee Global Threat Intelligence Works
Delivering the Most Comprehensive Intelligence in the Market
Threat Intelligence Feeds
Other feeds
Endpoints Appliances Servers Firewalls
& analysis
McAfee Labs
File Reputation Email Reputation
Engine Engine
Web Reputation Network Reputation
Engine Engine
Vulnerability Information
ePO IPS Firewall Email Web AV AWL DLP Mobile
McAfee Confidential—Internal Use Only
15. Why McAfee is Best Positioned to Deliver GTI
The Most Robust Telemetry Data in the Market
• 2.5B Malware Reputation Queries/Month
• 20B Email Reputation Queries/Month
• 75B Web Reputation Queries/Month
Queries • 2B IP Reputation Queries/Month
• 300M IPS Attacks/Month
• 100M Ntwk Conn Rep Queries/Month
• 100+ BILLION QUERIES
• Malware: 40M Endpoints
• Email: 30M Nodes
Nodes • Web: 45M Endpoint and Gateway Users
• Intrusions: 4M Nodes
• 100+ MILLION NODES, 120 COUNTRIES
15 February McAfee Confidential—Internal Use Only
16, 2011
16. World’s Most Advanced Denial of Service
Protections
Threshold-based Protection
Optimized and simplified to set and forget
Easy to set thresholds
ICMP, TCP SYN, UDP, IP fragments, and other settings
Self-learning Profiles
Patented techniques to learn your network behavior and adapt
Self-learning for entire enterprises and target environments
Fully segmented on VIPS
16 2/16/11 Confidential McAfee Internal Use Only
17. Simplifying Threat Management
Integration with ePO to give real-time system visibility
System-Aware
IPS with ePO Host Data
Simple right-click provides real-
time details of Source or
Destination IPs
Provides hostname, user name,
OS, patch level, MAC address, last
scan date and other protection
policies Top 10 Host Intrusion
events
System-Aware IPS Benefits
Faster time-to-confidence
Visibility
Efficiency
Relevance
Leverages ePO investment
17 2/16/11 Confidential McAfee Internal Use Only
18. Simplifying Risk Management
Integration with Vulnerability Manager gain real-time visibility into events
Real-Time Risk-Aware IPSFeatures
• Auto import of Vulnerability
Manager scan reports
• “Scan now” provides on-demand
VM relevancy on a per-host(s) basis
Real-Time Risk-Aware IPS Benefits
• Improved focus on critical events
• Automated, accurate relevance
• Real-time update of vulnerability
details for specific host(s)
• Leverages Foundstone investment
18 2/16/11 Confidential McAfee Internal Use Only
19. Optimized for Real Networks
Simplified Network Integration High Density Perimeter
Highest port density, 10GE support WAN Edge
Low latency, bump in the wire WAN Aggregation
High throughput across product models Virtual systems per branch, internal network
Redundant pair, load sharing Flexible 10/100/1000/10G and VLAN support
Data-Center Ready High Availability
10Gbps Certified performance Flexible Fail Open/Closed modes
Up to 1000 Virtual Systems Dual hot-swappable AC & DC power
10GE Connectivity Purpose-built HW, no removable media
Data Center
Branch Site Enterprise Campus M-8000
M-1250 M-3050
19 2/16/11 Confidential McAfee Internal Use Only