At Interop on May 22 McAfee unveiled an IPS that cranks up to 10G bps—good enough to cover 10GigE Ethernet and next-generation IPv6 networks, the company said.
On an Interop day full of network security “we did it firsts” (IBM said its newly announced 6G bps intrusion prevention appliance can clean service provider pipes of malware with “unsurpassed” throughput), McAfee said that its new IntruShield 10 Gigabit Ethernet platforms are the “first and only network Intrusion Prevention System appliances to deliver performance of up to 10G bps and the highest gigabit port-density available in the industry.”
When asked whose claims to “fastest network IPS ever” people should believe, John Vecchi, McAfees director of product marketing for network security solutions, said while sitting at McAfees booth at the conference that not only is the 10G bps claim “very real,” but also that the appliance was sitting a few feet from him, churning through packets at 10G bps, as advertised, without any packet drop, while having viruses and other scumware hurled at it nonstop.
“Its not just about speed,” Vecchi said. “Its about security and performance. If youre going to go into a mission-critical environment, like 10GigE, youre going to have to make sure it provides not just performance but the security youve expected. Were still the first 10GigE [network IPS]. Were injecting it with loads and loads of threats. Were showing in real time how it blocks [them]. Its never, ever dropping packets. This isnt just broken mirrors. This is very real.”
Vecchi said that the IntruShield M-Series is following the evolution of IPS technology, which has pushed in from the network perimeter toward the core over the past few years.
“It took a good position in the data center as well as in backbone and service provider networks,” he said. “10gigabit Ethernet is growing 90 percent year over year today, according to IDC. Its the fastest-growing Ethernet technology today. However, until today, none of those networks have been protected. Not in real time.”
Vecchi said that at this point, 70 percent of McAfees appliances are deployed internally in a network as opposed to on the perimeter. The reasons for the migration is that at the network perimeter, an IPS can only block things coming into the network. What an IPS cant do out there is protect aggregation points and key segments where businesses have policies and ongoing, granular network activity.
“Now in a very highly virtualized environment, youre not protecting all those segments,” Vecchi said. “You need an IPS that can provide that performance and have granular flexibility to provide protection to all the policies you have there. Deployed at the perimeter you cant really protect the data center. The internal of the network, thats where the mission-critical data is happening.”
McAfee is also talking up IntruShield 4.1s integration with other products in its security risk management portfolio, including McAfee Foundstone, McAfee Network Access Control and McAfee ePolicy Orchestrator.
Because of the integration with ePO, the new IntruShield appliances and IntruShield 4.1 feature real-time visibility of host details, host IPS attacks and spyware events. ePO works with IntruShields behavior-based host quarantine and adaptive rate limit-ing/QoS to increase time-to-protection.
Integration between the new products and McAfee Foundstone provides real-time threat relevance and vulnerability details, on demand. Those technologies combine with IntruShields integrated behavior-driven NAC and dynamic post-admission control.
The McAfee IntruShield 10 Gigabit Ethernet platforms will be available in the second half of 2007. McAfee IntruShield 4.1 will be available in May 2007. For more info, see McAfees site.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
