McAfee NSP: IDPS Product Overview and Analysis

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

See our complete list of top Intrusion Detection and Prevention Systems.

Company Description

Thirty-year-old McAfee was acquired by Intel in 2011 and last year became a limited liability company and an indirect, wholly-owned subsidiary of Foundation Technology Worldwide LLC.

Product Description

The McAfee Network Security Platform (NSP) is a network threat and intrusion prevention solution that protects systems and data wherever they reside, across the data center, the cloud, and hybrid enterprise environments. McAfee NSP finds and blocks advanced targeted attacks on the network. Features include:

  • SSL Decryption
  • Close to stated performance metrics when all necessary features are enabled
  • Behavioral analysis and learning engines
  • Multiple signatureless detection methods
  • Automation and integration into endpoint security.
  • Ability to share actionable intelligence with Web, Email and Endpoint as well as consume intelligence and reputation information generated by the Web, Email and Endpoint solutions.
  • Performance – inspection of network traffic while maintaining line-rate speed
  • Streamlined security management – the McAfee Unified Defense Architecture integrates real-time McAfee Global Threat Intelligence Exchange feeds with McAfee Advanced Threat Defense and McAfee Cloud Threat Detection solutions.

"Our Unified Defense Architecture approach to security management streamlines security operations by combining real-time McAfee Global Threat Intelligence feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks," the company said.

Gartner gives NSP high marks for its sophisticated policy options, ease of deployment, performance, cloud capability and multiple signatureless inspection techniques, but the lack of a firewall line and a complicated user interface are drawbacks.

Markets and Use Cases

NSP is deployed across all market segments whether in the data center, cloud, or hybrid enterprise environments. The most common use case for virtual Network Security Platform (NSP) in the cloud is East-West (inter-VM) traffic protection, while also employing physical sensors for North-South traffic. This leverages physical sensors for high-throughput inspection, and virtual sensors for inspection of the dynamic software-defined network (SDN) segments. This architecture is also suited to hybrid cloud deployments, as it allows the uniform enforcement of network security policies between the two.


Aggregate Performance - 40 Gbps; Maximum number of connections for decrypted SSL traffic as a percentage – ranges from 40,000 connections (on the 100 Mbps appliance) up to 32 million connections (on the 40 Gbps appliance) with 10% SSL traffic mix; Maximum concurrent sessions – 32 million.


NSP offers: bot analysis to correlate multiple suspicious behaviors to uncover unknown bot or zero-day attacks; endpoint-enhanced application control to aid in application blocking decisions, especially when it comes to stealthy exfiltration; malware analysis engines to combat advanced malware, including JavaScript & Flash emulation, a real-time web browser emulation engine (GAM), and sandboxing; analysis of flow data (including layer 7 data) looking for anomalous behavior pointing infections of bots, worms, recon attacks and DoS/DDoS attacks; self-learning DoS profiles to analyze traffic patterns for DoS, DDoS, SYN-floods, FIN-flood, ACK-flood, DNS-flood attacks, as well as heuristic gray-list and anti-phishing detection; and an analytics feature to report potentially malicious hosts, i.e., High-risk Endpoint (HRE) based on threat analytics.

NSP offers: bot analysis, endpoint-enhanced application control, analysis of flow data, self-learning DoS profiles and analytics to report potentially malicious hosts.


NSP can be deployed as a physical or virtual appliance.


No agents are necessary for on-premises and private data center deployment. For public cloud deployment (AWS/Azure), a probe (agent) must be deployed on workloads for the north-south and east-west protection desired on the network layer.


Available in virtual and physical form factors, starting from $10,995. The McAfee Global Threat Intelligence (GTI) service is provided at no additional charge. McAfee Threat Intelligence Exchange (TIE) is sold separately with per-node pricing (no fee to connect and interact with NSP).  A free virtual instance of McAfee Network Behavior Analysis (NTBA) is included with any NSP Manager purchase.


Loading Comments...