SlideShare a Scribd company logo

M1_Introduction_IPS.pptx

Download as PPTX, PDF
I
imanuelantoniussohir

introduction of McAfee IPS

Technology
1 of 37
Network intrusion prevention protects campus and data center networks from malicious attacks. While firewalls perform necessary first line of defense at the network perimeter, intrusion prevention systems perform necessary deep inspection of traffic, blocking unwanted threats. The McAfee Network Security Platform (NSP) is an award-winning intrusion network prevention system. The NSP goes beyond traditional intrusion protection, offering intuitive security controls to protect against sophisticated, next-generation attacks. On successful completion, you should be able to: • Explain the evolution of network security, including the factors driving the need for more advanced security solutions. • Define the term network attack and identify attack types and detection methods. • Describe common attack types. • Explain the difference between an active and passive attack. • Differentiate between a Network Intrusion Prevention System (NIPS) and a Host Intrusion Prevention System (HIPS). • Identify the key features of the McAfee Network Security Platform (NSP). • Identify features and enhancements for this release. • Identify the components in the NSP platform architecture, as well as the NSP Manager architecture. • Explain how NSP fits in the McAfee Security Connected model. • Identify products with which NSP integrates for a next-generation security framework.
The network security landscape is ever-changing. In the early days of computing, networks were proprietary, mostly local and outside. Access was connection-oriented and expensive. Intruders required physical access or technical expertise to attack. The strategy to deter intruders was to hire a security guard, put a sturdy lock on doors, and turn on an alarm. Today, networks are open and span the globe. This is provides flexibility and new business opportunities but also increased risk for destruction, theft, and malicious activities. You are also challenged by a new generation of hackers, which can be broadly classified into categories. • State-sponsored hackers: These are hackers sponsored by corporations and nations (not necessarily rogue). The purpose here is industrial or military espionage. • Hacktivists: The purpose of these hackers is to retaliate against corporations or government agencies; for example, for a policy, regulation, and so on. • Cyber terrorists: These hackers are ideology-driven but sponsored by rogue nation states. • Cyber criminals: These hackers work for international organized crime with the sole purpose of targeting financially sensitive data. Traditional security solutions, such as firewalls, are not enough to protect the network against the sophisticated cyber attacks of today. While firewalls serve as the first line of defense at the network perimeter, they are not enough. We need technologies designed to protect the systems and applications from next-generation attacks that can occur inside and outside the network infrastructure.
Today's security threats are more sophisticated and targeted than ever, and they’re growing at an unprecedented rate. Malicious URLs, viruses, and malware have grown almost six-fold in the last two years, and last year saw more new viruses and malware than all prior years combined. Businesses are at risk. Infection can be fast and widespread. When a business is compromised by an attacker or an insider, substantial damage occurs to brand image and customer loyalty. Understandably, data privacy has become a common theme in new regulations around the world. With the increased threat of criminals mining for consumer and corporate data, the efficiency of Internet security must be a priority. Source: McAfee Labs Threat Center, www.mcafee.com/us/mcafee-labs.aspx
Technological advancements have contributed to the growth of businesses. However, this has also put security professionals in an unenviable position. Review some of the main contributing factors to the current security threat environment. • Internet-based business world: Across industries, organizations depend on the Internet to run their business. Their network is open to their vendors, partners, customers, and even the public. • Mobile computing devices and BYOD: More and more organizations are encouraging the Bring Your Own Device (BYOD) concept, where employees bring their personal mobile devices to their offices and use them for official purposes as well. While it is true that BYOD can save money and space for the organization, the flipside is that it is a huge security threat. • Social networking: Internet-based applications such as social networking sites and multimedia-based applications come with their own set of vulnerabilities. More the features, more are the chances for vulnerabilities. It is not just the recreational applications, but business and productivity applications that users find to be more powerful and capable compared to the equivalents approved by the organization. • Storage devices: Over the years, storage devices have been increasing in capacity but decreasing in size and cost. the security system must be capable of validating the data coming from and going to such devices. • Easy availability of hacking tools: You don’t need to be technical savvy to be a hacker. One can buy the required hacking tools over the Internet.
An attack is any unauthorized action with the intent to compromise data in one or all of these areas: • Confidentiality: Privacy of information stored in electronic format on computer system through unauthorized viewing or copying. • Integrity: Completeness and accuracy of information stored in electronic format on computer system through unauthorized destruction or modification. • Availability: Access of computing resource, network, or system to legitimate and authorized users through denial of service attacks. • Authenticity: Validity of information or its source through redirection or spoofing. Networks typically run 24-hours a day, 7 days a week. This means attacks can occur on any day of the week and at any time. Without effective security measures, the network is vulnerable.
Regardless of their skill level, intruders often share a common strategy: Use tools to search the network for a weakness, then exploit that weakness. Some common attack types are: • Reconnaissance: Gaining information for a future attack; for example, using sniffers, web tools, custom scripts, social engineering, etc. • Exploits: Taking advantage of hidden features, or bugs; i.e., buffer overflows. • Advanced Persistent Threats (APTs): Unrelenting attacks against specific networks over a long period of time. • Denial-of-Service (DoS) from single point and Distributed DoS (DDoS) from multiple points: Crashing a machine or service or overloading the network to prevent service or data availability; for example, ping floods, Smurf attacks, access by thousands of systems at once. • Policy Violations: Exploiting packets that do not conform to network standards to access denied web site. A packet is a unit of data as sent across a network. • Advanced malware: Infecting system or network through downloaded from email attachments, blogs, social networking sites, websites, chat messages, message boards, and so on. • Bots: Using web robots or zombie computers for a coordinated and automated attacks on networked computers • SQL injections: Inserting malicious code into data to compromise a web server or application. Attacks are categorized as passive and active. Passive attacks monitor or eavesdrop on network traffic to capture/steal sensitive data. Active attacks take advantage of vulnerability in software for intrusion or disruption of services or damage to critical assets.
Contemporary hackers have more resources at their disposal, especially when backed up by rival corporations and nation states. The security system must be very dynamic, intelligent, and able to defend against evolving technologies. It needs to meet the needs of key stakeholders; for example: Legal, IT, Administrators/Users. It also should include a plan to handle incidents; for example, how incidents are communicated, classified, prioritized, escalated, and resolved. The security strategy must be proactive and reactive. • Reactive: Capable of blocking attacks and of warning you of potential malicious activity. • Proactive: Capable of identifying network vulnerabilities and also provide you the visibility of both abnormal and normal traffic on the network, as well as clean potentially-harmful traffic in real time. A proactive security strategy is vital to enable you to be a step ahead of the challengers. Some tools to consider as part of the security strategy are Intrusion Protection Systems (IPS) and Intrusion Detection Systems (IDS).
Intrusion detection is the inspection of all inbound and outbound network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. An Intrusion Detection System (IDS) provides passive monitoring of attacks, intrusions and exploits. It analyzes an attack to verify it is truly an attack and not a false positive. It does not prevent attacks but takes action to detect future attacks; for example, new signatures, policies, access-control lists (ACLs). An Intrusion Prevention System (IPS) provides proactive prevention of attacks, intrusions and exploits prevents intrusions on a system or network and takes the configured response action, based on defined rules. The basic use and functionality of an IPS is similar to that of an IDS; however, an IPS guarantees attack prevention.
Signature detection, also known as misuse detection or rule-based detection, uses known patterns of unauthorized behavior to predict and detect subsequent similar attempts. These known patterns are called signatures. With signature matching, network traffic is compared to a database of known attack patterns (signatures). This is effective for well- known attacks; however relying on signature detection alone leaves the network unprotected against new and complex attacks. As an example, if the system sees default.ida in the Uniform Resource Locator (URL) field of an HTTP packet, along with a pattern in the URL argument name field, it identifies this a Code Red attack. This is because the attack matches a standard signature. Another example is an exploit signatures that matches byte patterns at Layers 3 to 7.
DoS/DDoS detection is essential because popular websites and networks experience legitimate and sometimes unexpected traffic surges during external events, or for a particularly compelling new program, service, or application. DoS detection combines threshold-based, self-learning, profile-based detection techniques to protect against attacks. • Threshold-based: The network behavior changes from a predefined or learned baseline; for example, thresholds are exceeded. • Signature matching: The system detects a specially-crafted attack that is known and matches a signature (attack pattern). • Self-learning: The system detects and studies network behavior, and modifies its behavior over time.
Anomaly detection is the detection of an event, state, content or behavior that does not match what is considered to be a normal, predefined standard, or baseline. This baseline can be programmed, or the IPS can self-learned. The system looks for patterns that do not match defined specifications, such as Request for Comments (RFCs); for example, web traffic with syntax not in compliance to a Hypertext Transfer Protocol (HTTP) specification. There are different types of anomaly detection. Each has advantages and challenges. • Statistical Anomalies: Statistical anomalies are network-dependent, because networks can have different behaviors and traffic types. An in-depth knowledge of the network is important to tune out false positives. • Application Anomalies: Application anomalies require analysis of the traffic has to ensure the various fields contain the correct data, according to their defined protocols. • Protocol Anomalies: Protocol anomalies are where the format or behavior of the protocol does not match specifications or baseline of traffic behavior considered normal.
Malware represents malicious software that was created for the sole purpose to contaminate the computer it gets installed onto and make it vulnerable against attacks. There are numerous types of malware types, including, but not limited to, viruses, spyware, rootkits, Trojans, botnets, and worms. With malware detection, the system scans selected file types in the network traffic and reports a confidence level. The confidence level is based on the specificity and severity of the malware, and is indicative of the extent to which the file is infected; for example, a high confidence level indicates a high probability of the file being infected. Some symptoms of malware infection are: • Poor system performance • Longer startup times • Unexpected closing/stopping of browser • Unresponsive links or redirected links • Pop-up advertising windows • Additional toolbars on browser
Traffic normalization, available when the system is operating in inline mode, removes any traffic protocol ambiguities, protecting the end systems by cleaning potentially harmful traffic in real time. Traffic normalization consists cleaning malformed packets and dropping illegal packets (default behavior). Packet scrubbing must be enabled manually. Traffic normalization also thwarts any attempts to evade the system while boosting attack detection accuracy. This feature, also known as protocol scrubbing or packet scrubbing lets network systems prevent hackers from fingerprinting a host system. Often attackers send abnormal traffic in the hope that the end system responds in a way that lets the attacker determine what environments and technologies are deployed at a particular site. This makes it easier to launch subsequent attacks against known vulnerabilities in host network hardware or software resources. Specifically when enabled, normalization does the following: • When the TCP Timestamp option is not negotiated in the SYN/SYN_ACK packet for a connection but appears in any of the packets for the rest of the connection, the TCP Timestamp is removed from the headers of these packets. • The MSS option is permitted only in the SYN/SYN_ACK packets for a TCP connection. If any other packets in the flow contain the MSS option, the Sensor removes it. In both cases, the network performs an incremental checksum of the TCP header and regenerates the cyclic redundancy check (CRC) integrity value.
An Intrusion Protection System (IPS) provides an extra layer of protection for the network, recognizing attacks that a firewall cannot see. As an example, assume the firewall is configured to allow HTTP traffic. The firewall typically relies on a destination port, such as Transmission Control Protocol (TCP) port 80, to judge the nature of the content. Although the firewall can proxy network requests that implicitly ensure legitimate HTTP traffic, the firewall does not scan the traffic for exploits. The IPS inspects inbound and outbound traffic, application-specific headers and payloads, for suspicious patterns and malicious code. It also validates traffic at multiple layers of the Open Systems Interconnection (OSI). Network intrusion prevention devices (NIPS) shall be placed in the network topology to mitigate the risk of malicious ingress and egress traffic. At minimum, NIPS should reside on the perimeter and internal network segments.
There are two type of intrusion protection systems. These devices work together, as part of a total network security solution, but have different functions. Network Intrusion Protection Systems (NIPS) Network Intrusion Protection Systems (NIPS), such as McAfee Network Security Sensors, provide network-wide protection and block network attacks. Network Intrusion Protection Systems inspect the incoming and outgoing traffic passing through them for malicious activity and attacks. They also re-assemble IP fragments and TCP streams and analyze protocols up to the Application Layer. You typically deploy Network Intrusion Protection Systems throughout the network, as well as at the core and perimeter. The most common deployment is inline (in front of or in the path of a network segment). Host Intrusion Protection Systems (HIPS) Host Intrusion Protection Systems (HIPS), such as McAfee Host Intrusion Protection, do not provide network-wide protection or block network attacks. They protect an individual host, such as a desktop PC, a laptop, or a corporate server. You typically deploy a Host Intrusion Protection System as an agent or client on the specific device (host) you want to protect.
The McAfee Network Security Platform (NSP) is an industry-leading and award-winning next-generation network intrusion prevention system. It protects network-connected devices against advanced, targeted attacks through a combination of sophisticated defenses. Key features of the NSP are: • Stateful traffic inspection: Gathers and maintains information about the connections so inspection occurs with full application awareness. • Signature detection: The Sensor can detect traffic patterns known to be malicious. • DoS/DDoS detection: The Sensor recognizes when traffic volume becomes abnormally high through statistical analysis conducted over time. • Anomaly detection: The Sensor can detect anomalies in protocols, applications, and network behavior. • Advanced malware detection: Provides a prioritized list of hosts that need remediation based on a risk score determined by threat vectors and events. • Advanced botnet detection: Correlates multiple different attacks, and uses a heuristic- based discovery or problem-solving approach that detects behaviors of bots. • Intrusion prevention: Lets the Sensor respond according to policy settings, either dropping packets, sending TCP resets or quarantining devices. • Internal firewall: An Internal firewall that can use access control lists to drop unwanted traffic. • High availability: The Sensor also has stateful failover for high availability requirements.
Sensors are deployed at key network access points to provide real-time traffic monitoring to detect malicious activity and respond to the malicious activity as configured by the administrator. As part of an initial deployment, you must choose where the Sensors are to be deployed. You then cable and install the Sensors, using a command line interface (CLI) and the Manager GUI. As part of the initial setup, you must establish trust between the Network Security Manager (NSM) and the Sensors. After deployed and communication is established, Sensors are configured and managed through the Manager server. The Sensors perform IP fragmentation/re-assembly and TCP stream re-assembly, and perform complete protocol analysis up to the Application Layer. The Sensor has hardware- based detection engines that can quickly detect attacks and report alerts and data to the management process running on the Sensor that in turn triggers a response based upon policy settings (such as blocking a connection) and sending alerts to the NSM. Continued on next page
The parsed data passes through its various engines, such as: • Signature Detection Engine: The Signature Detection Engine searches in a flow for multiple triggers (sub-signatures) in multiple fields of a protocol using embedded signature files to increase the precision by which an attack can be unambiguously detected. Example categories of unknown attacks are new worms, intentionally stealthy assaults and variants of existing attacks in new environment. • DoS Detection Engine: The DoS Detection Engine combines threshold-based detection and self-learning profile-based detection. With threshold-based detection, administrators can use pre-programmed limits on data traffic to ensure servers will not become unavailable due to overload. At the same time, self-learning methodologies enable administrators to study the patterns of network usage and traffic to understand the usage patterns during legitimate network operations. • Anomaly Detection Engine: The Anomaly Detection Engine examines the data, using a normal, predefined standard, or baseline to detect abnormal behavior. • Malware/Bot Detection Engines: The Malware Detection Engines scan selected file types and report a confidence level to determine the probability of infection. Types of engines include: • McAfee Global Threat Intelligence File Reputation (GTI) Engine • PDF Emulation Engine • McAfee Network Threat Behavior Analysis (NTBA) Engine • White List and Black List Engine • McAfee Advanced Threat Defense (ATD). ATD is available with NSP8X and ATD integration types. ATD and other malware engines are discussed in more detail later in this course.
1. Manager server: Hosts the Manager software and database. Runs on supported Windows Server OS (64-bit only). 2. Manager database: Stores persistent configuration information and event data. Is installed (embedded) on target server (NSP-supplied version of MySQL only). 3. Manager Browser-based GUI: Used to view, configure, and manage network security appliance deployments. Accessed by a Manager client system. 4. Manager clients: Connect to the Manager server and its hosted Manager GUI via a supported browser. 5. Network Security Sensors: • Provide real-time traffic monitoring to detect malicious activity, and responds to the malicious activity, as configured by the administrator. • Are installed in the network at key points. 5. McAfee Update Server: McAfee-owned and operated file server that houses updated signature and software files for Managers and Sensors installations. Provides fully automated, real-time signature updates (via SSL) without requiring any manual intervention.
Some essential features to consider, as part of the initial set up the initial setup are listed below. These features are configured using the Manager GUI. Authentication By default, the Manager uses own database to provide authentication (local). As most companies now centralize their user management and authentication, the Manager also supports Remote Authentication Dial-In User Service (RADIUS) and Lightweight Directory Access Protocol (LDAP) authentication for users. For either authentication method, you configure the authentication server information, and then when creating a user, you can choose whether the user is a RADIUS, LDAP or Manager Local user. Users and Roles The Manager enables the creation of multiple users within the system. Each user is assigned a role, which determines the user’s access level and permissions. NSP roles provide a granular level of access within the system. This enables the customer to provide very limited responsibilities to a number of individuals, or to assign a single user multiple roles so the user can accomplish multiple administrative tasks (for example, grant System Administrator and Security Expert roles) within the system. Continued on next page.
Essential Features (Continued) Admin Domains An administrative domain (admin domain) is an organizational tool used to group NSP resources so management can be delegated to specific users. By default, there is one root admin domain named My Company. The customer can subdivide the root admin domain into child domains (subdomains). This allows you to delegate entities more familiar with the subdomain's environment to monitor and/or configure the resources in that subdomain; for example, you can subdivide the Root Admin Domain into child domains that are large, from a resource perspective, delegating management of all the NSP resources protecting multiple geographic regions. Or, you can create domains that are very small – a few interfaces on a single Sensor, or even a VLAN tag or CIDR address within a segment of traffic transmitting between two hosts in the protected network. Attack Exceptions You may sometimes notice a spike in alerts in the Threat Analyzer from one host. Such high incidence of alerts can be caused by several factors which the IPS considers suspicious. You can either choose to act on every alert or provide a time frame in which the host issue can be resolved. During this period, you can choose to stop receiving alerts in the Threat Analyzer and focus on other alerts. In order to stop receiving such alerts temporarily, the Manager enables you with an option to create an alert exception, or ignore rule, that prevents such alerts from appearing in the Threat Analyzer. An ignore rule is a rule in the Manager that prevents specific alerts from showing up in the Threat Analyzer, by automatically acknowledging similar alerts. Notifications and Alerts When a packet violating the enforced security policies is detected, Sensor compiles information about the offending packet and sends the information to NSP in the form of an alert. The Manager can send alert information to third-party machines such as SNMP servers and syslog servers. You can also configure the Manager to notify you through email, pager, or script of detected attacks, based on the attack or attack severity. Policies A policy basically identifies the malicious activity you want to detect on the network and how you want to respond when this activity is detected. McAfee supplies preconfigured policies to get the system up and running quickly. In fact, the Default Inline IPS policy is applied by default to Sensors configured with an inline mode (in front of a network segment) when NSP is initialized. Customers can use the preconfigured policies out-of the-box, and fine-tune/customize them later to meet their specific needs. NSP provides multiple policy types to meet customer needs. These include: • IPS policies • Firewall policies • Advanced Malware policies • QoS policies • Connection Limiting policies
The interactions between the Sensor, Manager, Update Server, and Client are depicted in this high-level view of the architecture. The Sensor is the core of the Network protection. It is the device appliance that monitors the traffic crossing network segments and, using multiple forms of detection, determines if an attack is being attempted. In the event of an attack, the Sensor responds according to how it is configured, and sends an alert to the Manager providing notification of the attack and what response was taken. The high-availability features of the Sensor may include redundant power supplies, configuration of stateful failover between Sensor pairs, and more. The Manager, is the central management component that maintains the database of alerts and packet logging generated by all of the Sensors. Configuration changes are performed at the Manager. In turn, Sensors and other devices can be updated from the Manager. The user interface to the Manager is achieved via a Secure Socket Layer (SSL) connection through a web browser. The Manager also has a feature for pairing Managers called the Manager Disaster Recovery (MDR).
The figure focuses on the Manager’s architecture. Key components are listed below. • Environment Configuration: Covers the Manager and Sensor administrative configuration, such as, port settings, administrative domains, security policies and more. • Threat Database: Stores the signature files used for packet inspection and analysis. • Data Fusion: Involves the aggregation and correlation of threat information from other sources such as Host Intrusion Protection, Vulnerability Manager, and Global Threat Intelligence (GTI). • Forensic Analysis: Handles the logging of traffic statistics, capture or host information, and alerts, as well as alert analysis and graphical reporting. • Response System: Handles e-mail alert delivery, log files, and configuration of the type of operational metrics the Sensor is supposed to forward to the Manager.
Optionally, we can integrate NSP with other McAfee products, such as McAfee Advanced Threat Defense, ePolicy Orchestrator (ePO), Host IPS, Network Threat Behavior Analysis, and Vulnerability Manager, for a comprehensive enterprise security management framework. The McAfee Security Connected solution platform includes applications and tools to help customers better understand the threat landscape, vulnerabilities, and relevant countermeasures, translating in to more effective risk management. Network Security The network security framework provides maximum availability, security, integrity, flexibility, and manageability with minimum overhead and risk. • McAfee Next Generation Firewall, powered by Stonesoft provides evasion prevention, centralized management, and built-in high availability and scalability meet the complex, high-performance needs of demanding data centers and distributed enterprises, both today and tomorrow. • McAfee Network Security Platform (NSP) defends against stealthy attacks with extreme accuracy at speeds of up to 80 Gbps, while providing rich contextual data about users, devices, and applications for fast, accurate responses to network-borne attacks. Continued on next page
• McAfee Firewall Enterprise is a proxy-based network firewall security offers a range of capabilities, including application visibility and deep application controls to defend against network security threats. • McAfee Network Threat Behavior Analysis analyzes traffic for network security threats coming from inside the network, including malicious behavior and unusual host interactions. • McAfee Advanced Threat Defense finds advanced malware and zero-day threats, and seamlessly integrates with McAfee network security solutions to freeze the threat while Real Time for McAfee ePolicy Orchestrator initiates a fix or remediation actions. • McAfee Network Threat Response is a framework of next-generation detection engines specializing in thwarting advanced persistent threats (APTs), and prioritizes and presents only those security threats that require investigation — cutting analysis time from weeks to minutes. Information Security Information Security gives you insight so you can understand, classify, and protect incoming and outgoing data, as well as within and as protect against inbound advanced persistent threats. • Solutions, such as McAfee Email Protection, McAfee Web Protection and McAfee Content Security Suite, minimize risk with integrated threat protection, data loss prevention, and advanced antimalware. With our Security Connected framework, customer can gain confidence in their data going to and through the cloud, while minimizing complexity and cost. Enable legitimate use, while implementing policy- based inbound and outbound content security controls to support business goals and compliance. • McAfee Complete Data Protection Suites, McAfee Data Loss Prevention, and McAfee Total Protection for Data Loss Prevention, provide multilayered protection for data regardless of where it resides — on the network, in the cloud, or at the endpoint. Security Management Security Management provides a comprehensive approach to managing enterprise security, with products such as: • ePolicy Orchestrator (ePO) software provides powerful workflow capabilities to increase administrators’ effectiveness so they can more quickly define and deploy security, as well as respond to events and issues as they arise. McAfee delivers complete integration between the McAfee ePO software, McAfee Risk Advisor, and McAfee Endpoint solutions. Continued on next page
• Real Time for McAfee ePO collects McAfee endpoint security product status instantly. This real-time visibility enables the customer to act on the most recent intelligence, not historical data, helping to quickly identify and remediate under-protected and noncompliant endpoints. • Security Information and Event Management (SIEM) brings event, threat, and risk data together to provide strong security intelligence, rapid incident response, seamless log management, and extensible compliance reporting. McAfee Enterprise Security Manager (ESM) tightly integrates with McAfee ePO software, McAfee Risk Advisor, and Global Threat Intelligence — delivering the context required for autonomous and adaptive security risk management. • Vulnerability Manager, with its McAfee Asset Manager feature, delivers unrivaled scalability and performance, actively or passively canvassing everything on the network. Now customers can uncover devices hidden on the network as well as smartphones, tablets, and laptops that come and go between scheduled scans. • Policy Auditor is an agent-based IT audit solution that leverages the Security Content Automation Protocol (SCAP) to automate the processes required for internal and external IT audits. • For Compliance Management, McAfee solutions improve visibility, limit exposure, and ensure continuous compliance, saving time, effort, and expense and helping with:  EMEA Regulations: Middle Eastern, and African (EMEA) regulations, such as Basel II, and EU and country-specific data privacy directives.  North American Regulations: North American industry and government security regulations (including HIPAA, SOX, FACTA, and PCI DSS).  PCI DSS Compliance: Optimized PCI DSS compliance, with solutions tailored for point-of-service machines and ATMs.  Policy Lifecycle Management: Security and compliance with industry and government requirements, including HIPAA, GLBA, and PCI DSS, while saving time and cutting costs. Endpoint Security • McAfee Endpoint Protection solutions suites add defense in depth against the full threat spectrum from zero-day exploits to hacker attacks, protecting Windows, Macs, and Linux systems, as well as mobile devices such as iPhone, iPad, and Android smartphones and tablets. • McAfee Host Intrusion Prevention for Server helps maintain business uptime by protecting critical corporate assets, including servers, applications, customer information, and databases. Continued on the next page.
• McAfee Host Intrusion Prevention for Desktops safeguards the business against complex security threats that may otherwise be unintentionally introduced or allowed by desktops and laptops. • McAfee embedded security solutions help manufacturers ensure their products and devices are protected from cyberthreats and attacks. McAfee embedded system and device security solutions span a wide range of technologies, including application whitelisting, anti-virus and anti-malware protection, device management, and encryption — and all leverage the industry-leading McAfee Global Threat Intelligence. Partner Community The McAfee Partner Community provides partners with access to sales and marketing resources, partner sales and technical training, deal registration, technical support, sales promotions, market development funds (MDF), and rebate programs—all they need to attract new customers and build business.
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx

Recommended

Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Zero Trust.pptx
Zero Trust.pptxZero Trust.pptx
Zero Trust.pptxThavaselviMunusamy1
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfforladies
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 

Recommended

Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Zero Trust.pptx
Zero Trust.pptxZero Trust.pptx
Zero Trust.pptxThavaselviMunusamy1
 
Information Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfInformation Securityfind an article online discussing defense-in-d.pdf
Information Securityfind an article online discussing defense-in-d.pdfforladies
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdfKARANSINGHD
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfANUSREEASHOK5
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptxMsVaishaliKumar
 
Challenges 14 security (1).pdf
Challenges 14 security (1).pdfChallenges 14 security (1).pdf
Challenges 14 security (1).pdfdhayadhayananth1
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdfSitamarhi Institute of Technology
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security ConceptsSitamarhi Institute of Technology
 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxGauravWankar2
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...cyberprosocial
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...cyberprosocial
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

More Related Content

Similar to M1_Introduction_IPS.pptx

AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresCarl B. Forkner, Ph.D.
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsBilalMehmood44
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfANUSREEASHOK5
 
Challenges 14 security (1).pdf
Challenges 14 security (1).pdfChallenges 14 security (1).pdf
Challenges 14 security (1).pdfdhayadhayananth1
 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxGauravWankar2
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516Yasser Mohammed
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...cyberprosocial
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data ProtectionUthsoNandy
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...cyberprosocial
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 

Similar to M1_Introduction_IPS.pptx (20)

AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 
The Threat Landscape & Network Security Measures
The Threat Landscape & Network Security MeasuresThe Threat Landscape & Network Security Measures
The Threat Landscape & Network Security Measures
 
Lec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendationsLec 1- Intro to cyber security and recommendations
Lec 1- Intro to cyber security and recommendations
 
Types-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdfTypes-of-Cyber-Attacks-E-book.pdf
Types-of-Cyber-Attacks-E-book.pdf
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
Challenges 14 security (1).pdf
Challenges 14 security (1).pdfChallenges 14 security (1).pdf
Challenges 14 security (1).pdf
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptx
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
Safeguarding the Digital Realm: Understanding CyberAttacks and Their Vital Co...
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modeling
 

Recently uploaded

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

M1_Introduction_IPS.pptx

  • 1.
  • 2.
  • 3.
  • 4. Network intrusion prevention protects campus and data center networks from malicious attacks. While firewalls perform necessary first line of defense at the network perimeter, intrusion prevention systems perform necessary deep inspection of traffic, blocking unwanted threats. The McAfee Network Security Platform (NSP) is an award-winning intrusion network prevention system. The NSP goes beyond traditional intrusion protection, offering intuitive security controls to protect against sophisticated, next-generation attacks. On successful completion, you should be able to: • Explain the evolution of network security, including the factors driving the need for more advanced security solutions. • Define the term network attack and identify attack types and detection methods. • Describe common attack types. • Explain the difference between an active and passive attack. • Differentiate between a Network Intrusion Prevention System (NIPS) and a Host Intrusion Prevention System (HIPS). • Identify the key features of the McAfee Network Security Platform (NSP). • Identify features and enhancements for this release. • Identify the components in the NSP platform architecture, as well as the NSP Manager architecture. • Explain how NSP fits in the McAfee Security Connected model. • Identify products with which NSP integrates for a next-generation security framework.
  • 5.
  • 6. The network security landscape is ever-changing. In the early days of computing, networks were proprietary, mostly local and outside. Access was connection-oriented and expensive. Intruders required physical access or technical expertise to attack. The strategy to deter intruders was to hire a security guard, put a sturdy lock on doors, and turn on an alarm. Today, networks are open and span the globe. This is provides flexibility and new business opportunities but also increased risk for destruction, theft, and malicious activities. You are also challenged by a new generation of hackers, which can be broadly classified into categories. • State-sponsored hackers: These are hackers sponsored by corporations and nations (not necessarily rogue). The purpose here is industrial or military espionage. • Hacktivists: The purpose of these hackers is to retaliate against corporations or government agencies; for example, for a policy, regulation, and so on. • Cyber terrorists: These hackers are ideology-driven but sponsored by rogue nation states. • Cyber criminals: These hackers work for international organized crime with the sole purpose of targeting financially sensitive data. Traditional security solutions, such as firewalls, are not enough to protect the network against the sophisticated cyber attacks of today. While firewalls serve as the first line of defense at the network perimeter, they are not enough. We need technologies designed to protect the systems and applications from next-generation attacks that can occur inside and outside the network infrastructure.
  • 7. Today's security threats are more sophisticated and targeted than ever, and they’re growing at an unprecedented rate. Malicious URLs, viruses, and malware have grown almost six-fold in the last two years, and last year saw more new viruses and malware than all prior years combined. Businesses are at risk. Infection can be fast and widespread. When a business is compromised by an attacker or an insider, substantial damage occurs to brand image and customer loyalty. Understandably, data privacy has become a common theme in new regulations around the world. With the increased threat of criminals mining for consumer and corporate data, the efficiency of Internet security must be a priority. Source: McAfee Labs Threat Center, www.mcafee.com/us/mcafee-labs.aspx
  • 8. Technological advancements have contributed to the growth of businesses. However, this has also put security professionals in an unenviable position. Review some of the main contributing factors to the current security threat environment. • Internet-based business world: Across industries, organizations depend on the Internet to run their business. Their network is open to their vendors, partners, customers, and even the public. • Mobile computing devices and BYOD: More and more organizations are encouraging the Bring Your Own Device (BYOD) concept, where employees bring their personal mobile devices to their offices and use them for official purposes as well. While it is true that BYOD can save money and space for the organization, the flipside is that it is a huge security threat. • Social networking: Internet-based applications such as social networking sites and multimedia-based applications come with their own set of vulnerabilities. More the features, more are the chances for vulnerabilities. It is not just the recreational applications, but business and productivity applications that users find to be more powerful and capable compared to the equivalents approved by the organization. • Storage devices: Over the years, storage devices have been increasing in capacity but decreasing in size and cost. the security system must be capable of validating the data coming from and going to such devices. • Easy availability of hacking tools: You don’t need to be technical savvy to be a hacker. One can buy the required hacking tools over the Internet.
  • 9.
  • 10. An attack is any unauthorized action with the intent to compromise data in one or all of these areas: • Confidentiality: Privacy of information stored in electronic format on computer system through unauthorized viewing or copying. • Integrity: Completeness and accuracy of information stored in electronic format on computer system through unauthorized destruction or modification. • Availability: Access of computing resource, network, or system to legitimate and authorized users through denial of service attacks. • Authenticity: Validity of information or its source through redirection or spoofing. Networks typically run 24-hours a day, 7 days a week. This means attacks can occur on any day of the week and at any time. Without effective security measures, the network is vulnerable.
  • 11. Regardless of their skill level, intruders often share a common strategy: Use tools to search the network for a weakness, then exploit that weakness. Some common attack types are: • Reconnaissance: Gaining information for a future attack; for example, using sniffers, web tools, custom scripts, social engineering, etc. • Exploits: Taking advantage of hidden features, or bugs; i.e., buffer overflows. • Advanced Persistent Threats (APTs): Unrelenting attacks against specific networks over a long period of time. • Denial-of-Service (DoS) from single point and Distributed DoS (DDoS) from multiple points: Crashing a machine or service or overloading the network to prevent service or data availability; for example, ping floods, Smurf attacks, access by thousands of systems at once. • Policy Violations: Exploiting packets that do not conform to network standards to access denied web site. A packet is a unit of data as sent across a network. • Advanced malware: Infecting system or network through downloaded from email attachments, blogs, social networking sites, websites, chat messages, message boards, and so on. • Bots: Using web robots or zombie computers for a coordinated and automated attacks on networked computers • SQL injections: Inserting malicious code into data to compromise a web server or application. Attacks are categorized as passive and active. Passive attacks monitor or eavesdrop on network traffic to capture/steal sensitive data. Active attacks take advantage of vulnerability in software for intrusion or disruption of services or damage to critical assets.
  • 12. Contemporary hackers have more resources at their disposal, especially when backed up by rival corporations and nation states. The security system must be very dynamic, intelligent, and able to defend against evolving technologies. It needs to meet the needs of key stakeholders; for example: Legal, IT, Administrators/Users. It also should include a plan to handle incidents; for example, how incidents are communicated, classified, prioritized, escalated, and resolved. The security strategy must be proactive and reactive. • Reactive: Capable of blocking attacks and of warning you of potential malicious activity. • Proactive: Capable of identifying network vulnerabilities and also provide you the visibility of both abnormal and normal traffic on the network, as well as clean potentially-harmful traffic in real time. A proactive security strategy is vital to enable you to be a step ahead of the challengers. Some tools to consider as part of the security strategy are Intrusion Protection Systems (IPS) and Intrusion Detection Systems (IDS).
  • 13. Intrusion detection is the inspection of all inbound and outbound network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. An Intrusion Detection System (IDS) provides passive monitoring of attacks, intrusions and exploits. It analyzes an attack to verify it is truly an attack and not a false positive. It does not prevent attacks but takes action to detect future attacks; for example, new signatures, policies, access-control lists (ACLs). An Intrusion Prevention System (IPS) provides proactive prevention of attacks, intrusions and exploits prevents intrusions on a system or network and takes the configured response action, based on defined rules. The basic use and functionality of an IPS is similar to that of an IDS; however, an IPS guarantees attack prevention.
  • 14. Signature detection, also known as misuse detection or rule-based detection, uses known patterns of unauthorized behavior to predict and detect subsequent similar attempts. These known patterns are called signatures. With signature matching, network traffic is compared to a database of known attack patterns (signatures). This is effective for well- known attacks; however relying on signature detection alone leaves the network unprotected against new and complex attacks. As an example, if the system sees default.ida in the Uniform Resource Locator (URL) field of an HTTP packet, along with a pattern in the URL argument name field, it identifies this a Code Red attack. This is because the attack matches a standard signature. Another example is an exploit signatures that matches byte patterns at Layers 3 to 7.
  • 15. DoS/DDoS detection is essential because popular websites and networks experience legitimate and sometimes unexpected traffic surges during external events, or for a particularly compelling new program, service, or application. DoS detection combines threshold-based, self-learning, profile-based detection techniques to protect against attacks. • Threshold-based: The network behavior changes from a predefined or learned baseline; for example, thresholds are exceeded. • Signature matching: The system detects a specially-crafted attack that is known and matches a signature (attack pattern). • Self-learning: The system detects and studies network behavior, and modifies its behavior over time.
  • 16. Anomaly detection is the detection of an event, state, content or behavior that does not match what is considered to be a normal, predefined standard, or baseline. This baseline can be programmed, or the IPS can self-learned. The system looks for patterns that do not match defined specifications, such as Request for Comments (RFCs); for example, web traffic with syntax not in compliance to a Hypertext Transfer Protocol (HTTP) specification. There are different types of anomaly detection. Each has advantages and challenges. • Statistical Anomalies: Statistical anomalies are network-dependent, because networks can have different behaviors and traffic types. An in-depth knowledge of the network is important to tune out false positives. • Application Anomalies: Application anomalies require analysis of the traffic has to ensure the various fields contain the correct data, according to their defined protocols. • Protocol Anomalies: Protocol anomalies are where the format or behavior of the protocol does not match specifications or baseline of traffic behavior considered normal.
  • 17. Malware represents malicious software that was created for the sole purpose to contaminate the computer it gets installed onto and make it vulnerable against attacks. There are numerous types of malware types, including, but not limited to, viruses, spyware, rootkits, Trojans, botnets, and worms. With malware detection, the system scans selected file types in the network traffic and reports a confidence level. The confidence level is based on the specificity and severity of the malware, and is indicative of the extent to which the file is infected; for example, a high confidence level indicates a high probability of the file being infected. Some symptoms of malware infection are: • Poor system performance • Longer startup times • Unexpected closing/stopping of browser • Unresponsive links or redirected links • Pop-up advertising windows • Additional toolbars on browser
  • 18. Traffic normalization, available when the system is operating in inline mode, removes any traffic protocol ambiguities, protecting the end systems by cleaning potentially harmful traffic in real time. Traffic normalization consists cleaning malformed packets and dropping illegal packets (default behavior). Packet scrubbing must be enabled manually. Traffic normalization also thwarts any attempts to evade the system while boosting attack detection accuracy. This feature, also known as protocol scrubbing or packet scrubbing lets network systems prevent hackers from fingerprinting a host system. Often attackers send abnormal traffic in the hope that the end system responds in a way that lets the attacker determine what environments and technologies are deployed at a particular site. This makes it easier to launch subsequent attacks against known vulnerabilities in host network hardware or software resources. Specifically when enabled, normalization does the following: • When the TCP Timestamp option is not negotiated in the SYN/SYN_ACK packet for a connection but appears in any of the packets for the rest of the connection, the TCP Timestamp is removed from the headers of these packets. • The MSS option is permitted only in the SYN/SYN_ACK packets for a TCP connection. If any other packets in the flow contain the MSS option, the Sensor removes it. In both cases, the network performs an incremental checksum of the TCP header and regenerates the cyclic redundancy check (CRC) integrity value.
  • 19. An Intrusion Protection System (IPS) provides an extra layer of protection for the network, recognizing attacks that a firewall cannot see. As an example, assume the firewall is configured to allow HTTP traffic. The firewall typically relies on a destination port, such as Transmission Control Protocol (TCP) port 80, to judge the nature of the content. Although the firewall can proxy network requests that implicitly ensure legitimate HTTP traffic, the firewall does not scan the traffic for exploits. The IPS inspects inbound and outbound traffic, application-specific headers and payloads, for suspicious patterns and malicious code. It also validates traffic at multiple layers of the Open Systems Interconnection (OSI). Network intrusion prevention devices (NIPS) shall be placed in the network topology to mitigate the risk of malicious ingress and egress traffic. At minimum, NIPS should reside on the perimeter and internal network segments.
  • 20. There are two type of intrusion protection systems. These devices work together, as part of a total network security solution, but have different functions. Network Intrusion Protection Systems (NIPS) Network Intrusion Protection Systems (NIPS), such as McAfee Network Security Sensors, provide network-wide protection and block network attacks. Network Intrusion Protection Systems inspect the incoming and outgoing traffic passing through them for malicious activity and attacks. They also re-assemble IP fragments and TCP streams and analyze protocols up to the Application Layer. You typically deploy Network Intrusion Protection Systems throughout the network, as well as at the core and perimeter. The most common deployment is inline (in front of or in the path of a network segment). Host Intrusion Protection Systems (HIPS) Host Intrusion Protection Systems (HIPS), such as McAfee Host Intrusion Protection, do not provide network-wide protection or block network attacks. They protect an individual host, such as a desktop PC, a laptop, or a corporate server. You typically deploy a Host Intrusion Protection System as an agent or client on the specific device (host) you want to protect.
  • 21.
  • 22. The McAfee Network Security Platform (NSP) is an industry-leading and award-winning next-generation network intrusion prevention system. It protects network-connected devices against advanced, targeted attacks through a combination of sophisticated defenses. Key features of the NSP are: • Stateful traffic inspection: Gathers and maintains information about the connections so inspection occurs with full application awareness. • Signature detection: The Sensor can detect traffic patterns known to be malicious. • DoS/DDoS detection: The Sensor recognizes when traffic volume becomes abnormally high through statistical analysis conducted over time. • Anomaly detection: The Sensor can detect anomalies in protocols, applications, and network behavior. • Advanced malware detection: Provides a prioritized list of hosts that need remediation based on a risk score determined by threat vectors and events. • Advanced botnet detection: Correlates multiple different attacks, and uses a heuristic- based discovery or problem-solving approach that detects behaviors of bots. • Intrusion prevention: Lets the Sensor respond according to policy settings, either dropping packets, sending TCP resets or quarantining devices. • Internal firewall: An Internal firewall that can use access control lists to drop unwanted traffic. • High availability: The Sensor also has stateful failover for high availability requirements.
  • 23. Sensors are deployed at key network access points to provide real-time traffic monitoring to detect malicious activity and respond to the malicious activity as configured by the administrator. As part of an initial deployment, you must choose where the Sensors are to be deployed. You then cable and install the Sensors, using a command line interface (CLI) and the Manager GUI. As part of the initial setup, you must establish trust between the Network Security Manager (NSM) and the Sensors. After deployed and communication is established, Sensors are configured and managed through the Manager server. The Sensors perform IP fragmentation/re-assembly and TCP stream re-assembly, and perform complete protocol analysis up to the Application Layer. The Sensor has hardware- based detection engines that can quickly detect attacks and report alerts and data to the management process running on the Sensor that in turn triggers a response based upon policy settings (such as blocking a connection) and sending alerts to the NSM. Continued on next page
  • 24. The parsed data passes through its various engines, such as: • Signature Detection Engine: The Signature Detection Engine searches in a flow for multiple triggers (sub-signatures) in multiple fields of a protocol using embedded signature files to increase the precision by which an attack can be unambiguously detected. Example categories of unknown attacks are new worms, intentionally stealthy assaults and variants of existing attacks in new environment. • DoS Detection Engine: The DoS Detection Engine combines threshold-based detection and self-learning profile-based detection. With threshold-based detection, administrators can use pre-programmed limits on data traffic to ensure servers will not become unavailable due to overload. At the same time, self-learning methodologies enable administrators to study the patterns of network usage and traffic to understand the usage patterns during legitimate network operations. • Anomaly Detection Engine: The Anomaly Detection Engine examines the data, using a normal, predefined standard, or baseline to detect abnormal behavior. • Malware/Bot Detection Engines: The Malware Detection Engines scan selected file types and report a confidence level to determine the probability of infection. Types of engines include: • McAfee Global Threat Intelligence File Reputation (GTI) Engine • PDF Emulation Engine • McAfee Network Threat Behavior Analysis (NTBA) Engine • White List and Black List Engine • McAfee Advanced Threat Defense (ATD). ATD is available with NSP8X and ATD integration types. ATD and other malware engines are discussed in more detail later in this course.
  • 25. 1. Manager server: Hosts the Manager software and database. Runs on supported Windows Server OS (64-bit only). 2. Manager database: Stores persistent configuration information and event data. Is installed (embedded) on target server (NSP-supplied version of MySQL only). 3. Manager Browser-based GUI: Used to view, configure, and manage network security appliance deployments. Accessed by a Manager client system. 4. Manager clients: Connect to the Manager server and its hosted Manager GUI via a supported browser. 5. Network Security Sensors: • Provide real-time traffic monitoring to detect malicious activity, and responds to the malicious activity, as configured by the administrator. • Are installed in the network at key points. 5. McAfee Update Server: McAfee-owned and operated file server that houses updated signature and software files for Managers and Sensors installations. Provides fully automated, real-time signature updates (via SSL) without requiring any manual intervention.
  • 26. Some essential features to consider, as part of the initial set up the initial setup are listed below. These features are configured using the Manager GUI. Authentication By default, the Manager uses own database to provide authentication (local). As most companies now centralize their user management and authentication, the Manager also supports Remote Authentication Dial-In User Service (RADIUS) and Lightweight Directory Access Protocol (LDAP) authentication for users. For either authentication method, you configure the authentication server information, and then when creating a user, you can choose whether the user is a RADIUS, LDAP or Manager Local user. Users and Roles The Manager enables the creation of multiple users within the system. Each user is assigned a role, which determines the user’s access level and permissions. NSP roles provide a granular level of access within the system. This enables the customer to provide very limited responsibilities to a number of individuals, or to assign a single user multiple roles so the user can accomplish multiple administrative tasks (for example, grant System Administrator and Security Expert roles) within the system. Continued on next page.
  • 27. Essential Features (Continued) Admin Domains An administrative domain (admin domain) is an organizational tool used to group NSP resources so management can be delegated to specific users. By default, there is one root admin domain named My Company. The customer can subdivide the root admin domain into child domains (subdomains). This allows you to delegate entities more familiar with the subdomain's environment to monitor and/or configure the resources in that subdomain; for example, you can subdivide the Root Admin Domain into child domains that are large, from a resource perspective, delegating management of all the NSP resources protecting multiple geographic regions. Or, you can create domains that are very small – a few interfaces on a single Sensor, or even a VLAN tag or CIDR address within a segment of traffic transmitting between two hosts in the protected network. Attack Exceptions You may sometimes notice a spike in alerts in the Threat Analyzer from one host. Such high incidence of alerts can be caused by several factors which the IPS considers suspicious. You can either choose to act on every alert or provide a time frame in which the host issue can be resolved. During this period, you can choose to stop receiving alerts in the Threat Analyzer and focus on other alerts. In order to stop receiving such alerts temporarily, the Manager enables you with an option to create an alert exception, or ignore rule, that prevents such alerts from appearing in the Threat Analyzer. An ignore rule is a rule in the Manager that prevents specific alerts from showing up in the Threat Analyzer, by automatically acknowledging similar alerts. Notifications and Alerts When a packet violating the enforced security policies is detected, Sensor compiles information about the offending packet and sends the information to NSP in the form of an alert. The Manager can send alert information to third-party machines such as SNMP servers and syslog servers. You can also configure the Manager to notify you through email, pager, or script of detected attacks, based on the attack or attack severity. Policies A policy basically identifies the malicious activity you want to detect on the network and how you want to respond when this activity is detected. McAfee supplies preconfigured policies to get the system up and running quickly. In fact, the Default Inline IPS policy is applied by default to Sensors configured with an inline mode (in front of a network segment) when NSP is initialized. Customers can use the preconfigured policies out-of the-box, and fine-tune/customize them later to meet their specific needs. NSP provides multiple policy types to meet customer needs. These include: • IPS policies • Firewall policies • Advanced Malware policies • QoS policies • Connection Limiting policies
  • 28.
  • 29. The interactions between the Sensor, Manager, Update Server, and Client are depicted in this high-level view of the architecture. The Sensor is the core of the Network protection. It is the device appliance that monitors the traffic crossing network segments and, using multiple forms of detection, determines if an attack is being attempted. In the event of an attack, the Sensor responds according to how it is configured, and sends an alert to the Manager providing notification of the attack and what response was taken. The high-availability features of the Sensor may include redundant power supplies, configuration of stateful failover between Sensor pairs, and more. The Manager, is the central management component that maintains the database of alerts and packet logging generated by all of the Sensors. Configuration changes are performed at the Manager. In turn, Sensors and other devices can be updated from the Manager. The user interface to the Manager is achieved via a Secure Socket Layer (SSL) connection through a web browser. The Manager also has a feature for pairing Managers called the Manager Disaster Recovery (MDR).
  • 30. The figure focuses on the Manager’s architecture. Key components are listed below. • Environment Configuration: Covers the Manager and Sensor administrative configuration, such as, port settings, administrative domains, security policies and more. • Threat Database: Stores the signature files used for packet inspection and analysis. • Data Fusion: Involves the aggregation and correlation of threat information from other sources such as Host Intrusion Protection, Vulnerability Manager, and Global Threat Intelligence (GTI). • Forensic Analysis: Handles the logging of traffic statistics, capture or host information, and alerts, as well as alert analysis and graphical reporting. • Response System: Handles e-mail alert delivery, log files, and configuration of the type of operational metrics the Sensor is supposed to forward to the Manager.
  • 31.
  • 32. Optionally, we can integrate NSP with other McAfee products, such as McAfee Advanced Threat Defense, ePolicy Orchestrator (ePO), Host IPS, Network Threat Behavior Analysis, and Vulnerability Manager, for a comprehensive enterprise security management framework. The McAfee Security Connected solution platform includes applications and tools to help customers better understand the threat landscape, vulnerabilities, and relevant countermeasures, translating in to more effective risk management. Network Security The network security framework provides maximum availability, security, integrity, flexibility, and manageability with minimum overhead and risk. • McAfee Next Generation Firewall, powered by Stonesoft provides evasion prevention, centralized management, and built-in high availability and scalability meet the complex, high-performance needs of demanding data centers and distributed enterprises, both today and tomorrow. • McAfee Network Security Platform (NSP) defends against stealthy attacks with extreme accuracy at speeds of up to 80 Gbps, while providing rich contextual data about users, devices, and applications for fast, accurate responses to network-borne attacks. Continued on next page
  • 33. • McAfee Firewall Enterprise is a proxy-based network firewall security offers a range of capabilities, including application visibility and deep application controls to defend against network security threats. • McAfee Network Threat Behavior Analysis analyzes traffic for network security threats coming from inside the network, including malicious behavior and unusual host interactions. • McAfee Advanced Threat Defense finds advanced malware and zero-day threats, and seamlessly integrates with McAfee network security solutions to freeze the threat while Real Time for McAfee ePolicy Orchestrator initiates a fix or remediation actions. • McAfee Network Threat Response is a framework of next-generation detection engines specializing in thwarting advanced persistent threats (APTs), and prioritizes and presents only those security threats that require investigation — cutting analysis time from weeks to minutes. Information Security Information Security gives you insight so you can understand, classify, and protect incoming and outgoing data, as well as within and as protect against inbound advanced persistent threats. • Solutions, such as McAfee Email Protection, McAfee Web Protection and McAfee Content Security Suite, minimize risk with integrated threat protection, data loss prevention, and advanced antimalware. With our Security Connected framework, customer can gain confidence in their data going to and through the cloud, while minimizing complexity and cost. Enable legitimate use, while implementing policy- based inbound and outbound content security controls to support business goals and compliance. • McAfee Complete Data Protection Suites, McAfee Data Loss Prevention, and McAfee Total Protection for Data Loss Prevention, provide multilayered protection for data regardless of where it resides — on the network, in the cloud, or at the endpoint. Security Management Security Management provides a comprehensive approach to managing enterprise security, with products such as: • ePolicy Orchestrator (ePO) software provides powerful workflow capabilities to increase administrators’ effectiveness so they can more quickly define and deploy security, as well as respond to events and issues as they arise. McAfee delivers complete integration between the McAfee ePO software, McAfee Risk Advisor, and McAfee Endpoint solutions. Continued on next page
  • 34. • Real Time for McAfee ePO collects McAfee endpoint security product status instantly. This real-time visibility enables the customer to act on the most recent intelligence, not historical data, helping to quickly identify and remediate under-protected and noncompliant endpoints. • Security Information and Event Management (SIEM) brings event, threat, and risk data together to provide strong security intelligence, rapid incident response, seamless log management, and extensible compliance reporting. McAfee Enterprise Security Manager (ESM) tightly integrates with McAfee ePO software, McAfee Risk Advisor, and Global Threat Intelligence — delivering the context required for autonomous and adaptive security risk management. • Vulnerability Manager, with its McAfee Asset Manager feature, delivers unrivaled scalability and performance, actively or passively canvassing everything on the network. Now customers can uncover devices hidden on the network as well as smartphones, tablets, and laptops that come and go between scheduled scans. • Policy Auditor is an agent-based IT audit solution that leverages the Security Content Automation Protocol (SCAP) to automate the processes required for internal and external IT audits. • For Compliance Management, McAfee solutions improve visibility, limit exposure, and ensure continuous compliance, saving time, effort, and expense and helping with:  EMEA Regulations: Middle Eastern, and African (EMEA) regulations, such as Basel II, and EU and country-specific data privacy directives.  North American Regulations: North American industry and government security regulations (including HIPAA, SOX, FACTA, and PCI DSS).  PCI DSS Compliance: Optimized PCI DSS compliance, with solutions tailored for point-of-service machines and ATMs.  Policy Lifecycle Management: Security and compliance with industry and government requirements, including HIPAA, GLBA, and PCI DSS, while saving time and cutting costs. Endpoint Security • McAfee Endpoint Protection solutions suites add defense in depth against the full threat spectrum from zero-day exploits to hacker attacks, protecting Windows, Macs, and Linux systems, as well as mobile devices such as iPhone, iPad, and Android smartphones and tablets. • McAfee Host Intrusion Prevention for Server helps maintain business uptime by protecting critical corporate assets, including servers, applications, customer information, and databases. Continued on the next page.
  • 35. • McAfee Host Intrusion Prevention for Desktops safeguards the business against complex security threats that may otherwise be unintentionally introduced or allowed by desktops and laptops. • McAfee embedded security solutions help manufacturers ensure their products and devices are protected from cyberthreats and attacks. McAfee embedded system and device security solutions span a wide range of technologies, including application whitelisting, anti-virus and anti-malware protection, device management, and encryption — and all leverage the industry-leading McAfee Global Threat Intelligence. Partner Community The McAfee Partner Community provides partners with access to sales and marketing resources, partner sales and technical training, deal registration, technical support, sales promotions, market development funds (MDF), and rebate programs—all they need to attract new customers and build business.