Software for powerful and reliable intrusion prevention (IPS) with multigigabitnoy capacity to integrate network and system security across the enterprise.
The main feature of the McAfee IntruShield - hardware platform, which uses specialized problem-oriented ASIC chip for analysis of traffic. Thanks to this decision McAfee IntruShield can protect the network with a capacity of up to 10 Gbit / s - the result, unattainable for the software. Company McAfee offers a flexible range of devices IntruShield to protect both the border and core network.
Installing McAfee IntruShield not require changes to the configuration of the network device is installed transparently, "the gap in the wire. Malicious programs and network analyzers can not detect the IPS-system, as well as network interfaces analyzer does not have its own MAC-addresses. Reviewing and analyzing the current traffic, McAfee IntruShield provides effective protection against threats such as DoS-, DDoS-and SYN-flood attacks, network probing, port scanning, hosts and services, and information about the operating system, the selection of passwords, protection from malicious code (botnets, network worms, Trojans, unwanted software).
In addition to protecting against malicious code and network attacks decision McAfee IntruShield 4.1 allows you to block unwanted traffic, such as creating applications, instant messaging or file-sharing networks, P2P. Intelligent traffic management implement an internal firewall and can dynamically control the bandwidth allocated to various protocols.
For the detection and identification of attacks using a combination of methods of signature and behavioral analysis, the correlation method, the detection of traffic anomalies. The majority of attacks detected by signature method. Today, McAfee IntruShield 4.1 database contains more than 5 thousand signatures and periodically updated. Each signature is exactly describes the vulnerability, which directed a variety of attacks, so a single signature can detect some attacks. In the case of critical attacks, not covered by existing signatures, go unscheduled updates. Can create your own signature.
McAfee IntruShield offers flexible boil Antes response to detected attacks: notification, event logging, break the connection (TCP Reset), reconfiguring a firewall, blocking traffic (Packet Drop), imitation is not available machine (ICMP Unreachable).
All the McAfee IntruShield sensors in the organization can be managed with McAfee IntruShield Manager console via Web-interface. McAfee IntruShield Manager manages the distribution of updates and scanning policies, collecting data about the events from the sensors. User authentication can be performed on a local basis, based on the directory service via LDAP server or RADIUS. Order to delegate administrative tasks in large organizations have the opportunity to conduct a tree control of territorial or functional grounds. In subdomain management can Save this individual sensors or existing ports / sensor interface.
In addition, part of the solution IntruShield Command Center allows you to organize geographically distributed hierarchical control system with the installation of multiple servers IntruShield Manager.
Reliability McAfee IntruShield solution achieved through empowerment reservation. IntruShield sensors can organize a cluster configuration modes Active / Active or Active / Passive. Control system IntruShield Manager supports the installation of a fault-tolerant configuration with automatic failover.
For corporate customers a significant advantage is the flexibility of settings McAfee IntruShield, which is based on virtualization technology. Policies for detecting and preventing attacks can be tied not only to physical interfaces, but also to a logical, virtual interfaces, as identified by tag-based VLAN, or IP-address blocks. It is possible to group physical interfaces into one logical (for example, in the case of asymmetric routing). Thus, a single device McAfee IntruShield is able, in some cases replace several conventional IPS-systems that do not support virtualization, with the possibility to appoint an independent policy for the virtual sensors and delegate administration rights to a number of security administrators.
In the McAfee IntruShield is a powerful system for constructing reporting with Web-interface. As part of the solution comes pre-defined reports on system configuration and event detection. Supports ability to create custom report templates and generate reports on schedule and send them to predefined list of recipients. Information about system failures and attacks is redirected to a remote Syslog-server or SNMP-server or sent via e-mail.
McAfee IntruShield supports integration with McAfee solutions for network and system security. Integration with the solution for McAfee Foundstone vulnerability management allows you to determine the relevance of attacks in terms of vulnerabilities previously discovered in the system under attack. By integrating with the decision of Network Access Control McAfee Network Access Control (NAC) can block the port on the switch in case of attack, received from the port. Host quarantine capabilities built-in McAfee IntruShield isolate the machine based on the analysis of their behavior, completely blocking their traffic. Through interaction with the centralized management of McAfee ePolicy Orchestrator McAfee IntruShield solution receives information about network computers and operating systems installed on these remedies. Integration with McAfee Host Intrusion Prevention (HIPS) provides a correlation of attacks that occurred on the network and system levels.
Size : 17 MB