McAfee has updated its intrusion prevention system to add network
analysis capabilities to virtual machines and to improve its botnet detection
capabilities. With the latest version of the Network Security Platform,
administrators can use a single platform to monitor network traffic, regardless
of the environment.
The latest Network Security Platform, at version 6, allows
administrators to inspect network traffic within the virtual environment,
physical network infrastructure and the traffic between the virtual machine and
the underlying physical hardware, McAfee said April 12. McAfee also added
enhanced botnet control and reputation analysis to give IT teams increased
visibility into the network threats.
The virtual network traffic inspection features are
available for customers running VMware-based virtual environments, Tyler
Carter, product marketing senior group manager for network security at McAfee,
told eWEEK. Support for Microsoft and Citrix virtual environments is currently
under consideration.
The platform uses an agent-based software that McAfee
licensed from OEM partner Reflex Systems. The agent runs on the VMware
hypervisor, mirrors and collects traffic information, and transmits the
mirrored data outside of the VM onto the hardware platform, Carter said. Since
the network analysis is performed on the hardware, the individual virtual
machine’s processing power is not diverted.
As companies move more applications into the virtual
environment, security management continues to be critical. IT teams need
visibility over the whole infrastructure, regardless of the actual environment,
Carter said. Network administrators get information about both virtual and
physical servers in one place and doesn’t have to toggle between two monitoring
systems, Carter said.
McAfee also enhanced how botnets are detected and blocked in
the latest version of the Network Security Platform by improving its reputation
analysis engine. The platform regularly receives feeds containing file and
network connection reputation information from McAfee’s Global Threat
Intelligence service.
The cloud-based service gives up-to-date malware information
culled from more than 60 million malware samples and reputation data based on two
billion IP reputation queries each month, according to McAfee. With this
information, the system has the necessary context to detect botnet traffic from
already compromised machines within the network as well as to prevent potential
infection attempts.
Competing services tend to rely on signature-based scanning
for intrusion-prevention which means they are not as quick in detecting the
newest threats, Carter said. While McAfee uses signature scanning to some
extent, the focus is on reputation data to identify recently compromised
systems that may be sending malware. Instead of just saying a particular IP
address is malicious and adding it onto a blacklist, McAfee performs the
analysis to determine that the system’s reputation is worse than it used to be,
or better than it used to be, Carter said.
The platform’s traffic-redirect capabilities allow security
administrators to inspect a subset of the network traffic using other
third-party tools. The security platform may flag some suspicious activity on
the network that require additional inspection, or the IT team may decide that
some traffic should undergo extra analysis. Administrators can add on data loss
prevention, network forensics or advanced malware analysis tools to glean
additional insights.
McAfee Network Security Platform used to be called the
IntruShield IPS.
IT Security & Network Security News & Reviews News & Reviews 
