Evaluation next generation IPS

Mattew Glenn, VP product management McAfee

Vikram Phatak, CEO, NSS Labs

Tyler Carter, Director product marketing McAfee

1. Product analysis: 10 vendors

2. Comparative Analysis Reports:

a. security

b. performance

c. management system

d. TCO (total cost of ownership

3. Security Value Map

Interesting so many vendors are top left corner.

In previous year, NSS show the default security effectiveness, but this confuses the CEO, resulting budget are not properly allocated.

Right Size not same throughput.

Concurrent connection and connection per seconds are important

Throughput and latency is also very important.

Security effectiveness: Desktop protection:



Overal security effectiveness:

McAfee has very good management platform.

McAfee power of GTI (Global Threat Intelligence):

Using threat reputation and SIEM to collate all the threats.

it has application awareness

it has contextual awareness

it has content awareness

NOTE: all screenshot taken during the webinar.

systemic approach to malware: detect & prevent

full analysis automation: detect, ID root cause, determine, prevent.

NSS will do 0-day test moving forward.

Audience Question

Q: can we get a copy of this very good presentation?

A: The recording will be made available.  We are not planning to send out the slides.

Audience Question

Q: How can we obtain/access the broadcast?

A: You will automatically be sent a link to the recording after the broadcast, via email.

Audience Question

Q: Within the testing process, and from you info,am I correct to assume the device are tested against a set of know/signatured set of exploits. If that is correct within the testing how is the ability to identified and protected against a anomily that is an important feature/function of a good Netwotk IPS...Your thoughts on is this testing showing the ability of each as far as anomily detection and reporting untila signature is available....

A: Thanks for the question. I'll queue this up for Q&A at the end.

Audience Question

Q: Can GTI integrate with other SIEM's than McAfee like ArcSight?

A: Thanks for the question.  I'll queue this up for Q&A.

Audience Question

Q: Is GTI a technology tied to the IPS or is this something separate?

A: GTI is built directly into McAfee Network Security Platform (our IPS), out of the box.  It's also included in most other McAfee security solutions. With our SIEM, it is available as a subscription.

Audience Question

Q: We currently have Intrushield is GTI available for this old product?

A: GTI is available with the M-Series line of sensors.  These were first released in 2008 and are the current model IPS for McAfee.  The original I-Series platform (released in 2003) does not have the newer GTI features for file and IP reputation.

My question:

Q: question for Vikram: it seems like this is the first time SonicWall & Palo Alto join the NSS test and doing pretty good, what your opinion in regards to the "new comers" compare to the "traditional" vendor such sourcefire & mcafee?

A: Some new interesting technology from new comers and quite impressive.

Vikram is cautiously optimistic.

Audience Question

Q: In order to benefit from the GTI, we need to provide the sensors access to the internet which for most of our customers

A: Correct.  For GTI, sensors need an internet connection to the GTI cloud.