See our complete list of top Intrusion Detection and Prevention Systems.
Thirty-year-old McAfee was acquired by Intel in 2011 and last year became a limited liability company and an indirect, wholly-owned subsidiary of Foundation Technology Worldwide LLC.
The McAfee Network Security Platform (NSP) is a network threat and intrusion prevention solution that protects systems and data wherever they reside, across the data center, the cloud, and hybrid enterprise environments. McAfee NSP finds and blocks advanced targeted attacks on the network. Features include:
- SSL Decryption
- Close to stated performance metrics when all necessary features are enabled
- Behavioral analysis and learning engines
- Multiple signatureless detection methods
- Automation and integration into endpoint security.
- Ability to share actionable intelligence with Web, Email and Endpoint as well as consume intelligence and reputation information generated by the Web, Email and Endpoint solutions.
- Performance – inspection of network traffic while maintaining line-rate speed
- Streamlined security management – the McAfee Unified Defense Architecture integrates real-time McAfee Global Threat Intelligence Exchange feeds with McAfee Advanced Threat Defense and McAfee Cloud Threat Detection solutions.
“Our Unified Defense Architecture approach to security management streamlines security operations by combining real-time McAfee Global Threat Intelligence feeds with rich contextual data about users, devices, and applications for fast, accurate response to network-borne attacks,” the company said.
Gartner gives NSP high marks for its sophisticated policy options, ease of deployment, performance, cloud capability and multiple signatureless inspection techniques, but the lack of a firewall line and a complicated user interface are drawbacks.
Markets and Use Cases
NSP is deployed across all market segments whether in the data center, cloud, or hybrid enterprise environments. The most common use case for virtual Network Security Platform (NSP) in the cloud is East-West (inter-VM) traffic protection, while also employing physical sensors for North-South traffic. This leverages physical sensors for high-throughput inspection, and virtual sensors for inspection of the dynamic software-defined network (SDN) segments. This architecture is also suited to hybrid cloud deployments, as it allows the uniform enforcement of network security policies between the two.
Aggregate Performance – 40 Gbps; Maximum number of connections for decrypted SSL traffic as a percentage – ranges from 40,000 connections (on the 100 Mbps appliance) up to 32 million connections (on the 40 Gbps appliance) with 10% SSL traffic mix; Maximum concurrent sessions – 32 million.
NSP offers: bot analysis, endpoint-enhanced application control, analysis of flow data, self-learning DoS profiles and analytics to report potentially malicious hosts.
NSP can be deployed as a physical or virtual appliance.
No agents are necessary for on-premises and private data center deployment. For public cloud deployment (AWS/Azure), a probe (agent) must be deployed on workloads for the north-south and east-west protection desired on the network layer.
Available in virtual and physical form factors, starting from $10,995. The McAfee Global Threat Intelligence (GTI) service is provided at no additional charge. McAfee Threat Intelligence Exchange (TIE) is sold separately with per-node pricing (no fee to connect and interact with NSP). A free virtual instance of McAfee Network Behavior Analysis (NTBA) is included with any NSP Manager purchase.