Networking

08:00 AM
Connect Directly
RSS
E-Mail
50%
50%

McAfee IPS Beefs Up Reputation-Based Detection, Adds Virtualization Traffic Visibility

The latest version of McAfee's Network Security Platform intrusion prevention system (IPS) features enhanced reputation-based threat detection and the ability to analyze traffic between virtual machines. The new virtualization capability is enabled through a partnership with Reflex Systems, which provides products for traffic monitoring, policy enforcement and configuration management within virtual environments.

The latest version of McAfee's Network Security Platform intrusion prevention system (IPS) features enhanced reputation-based threat detection and the ability to analyze traffic between virtual machines. The new virtualization capability is enabled through a partnership with Reflex Systems, which provides products for traffic monitoring, policy enforcement and configuration management within virtual environments.

The improved reputation capability is particularly valuable for botnet detection, McAfee says, and incorporates IP address assessment based on more than 2 billion monthly queries. In the face of the explosive growth in unique malware, reputation evaluation based on Websites, files and IP addresses helps security vendors keep pace across their product lines, including anti-virus, e-mail, Web security gateway appliances, and services and intrusion prevention.

Perhaps even more important, reputation filtering reduces performance issues by offloading traffic that would otherwise undergo deep packet inspection on the IPS appliance. "The challenge of IPS is to do reputation-based detection before deep inspection to get its full benefit," says Gartner analyst Greg Young. "Ask your vendor if they are using reputation so it unloads IPS in addition to finding threats."

This approach is particularly valuable for companies with older IPS hardware that can't meet the performance requirements of inspecting heavy traffic loads, he says. In addition, larger security vendors have the advantage over smaller competitors because they can draw intelligence from a huge user base and have the resources to rapidly evaluate threats and provide up-to-date information on the current state of compromised Websites.

The new version also allows a port to be dedicated to redirect traffic for inspection and analysis by McAfee and third-party products, including data loss prevention, network forensics and advanced malware analysis tools. The partnership with Reflex Systems gives Network Security Platform access to virtual machines and the traffic between them while retaining the performance advantages of a hardware-based appliance. The new release uses a Reflex agent on the hypervisor to monitor VMs and feed traffic information to the McAfee appliance.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Twitter Feed