Shifts in business models have resulted in greater consumption of cloud services with the current landscape reflecting a mixture of on-premise and cloud systems. Whether a business has migrated completely to the cloud, remained exclusively on-premise or adopted the hybrid paradigm, digital data will be at risk unless deliberate steps have been taken to invoke adequate security. It is sufficient to appreciate that the threat scene is aggressive and miscreants have amassed lots of resources giving them significant advantage in the security space. An approach that is highly recommended for inclusion into the digital security arsenal is intrusion detection and prevention (IDPS).
Lots of security device type exist in the marketplace and while each serves an important purpose, there are many reasons why it is critical to include IDPS to protect the digital assets of an organization.
In addition to the list presented here, organizations often deploy IDPS to secure the data center. The reason is that data center traffic is notably different from traffic that traverses the network perimeter. For any data center security device, colossal performance is key.
A rich profile mix is characteristic of data center activity due in large part to interactions between users and assorted servers (file, database, application, directory, etc.), network and backup application traffic. As connections are constantly being built and terminated, any security device such as a firewall will introduce unwanted latency. Therefore, an IDPS that is securing a data center must be of sufficient quality to deliver high performance without sacrificing the level of security inspection and blocking.
A next generation IDPS is an ecosystem of integrated security systems designed to resist dynamic, advanced and evolving attacks from diverse sources. Through our strategic partnership with McAfee.
TRUSTWORTHY Systems Inc. can assist you with the provisioning of an IDPS most suitable for your security needs. The following McAfee components integrate with the core McAfee IDPS:
This is an intelligence gathering network that correlates digital hazard information from all threat areas. GTI consists of IP Reputation and File Reputation cloud-based services.
File reputation provides real-time protection against file level threats. GTI queries threat data from the McAfee Network Security Platform (NSP) and combines that data with data from other threat vectors to identify relationships. This includes identifying malware used in network intrusions, web protocols embedded in malware, websites hosting malware, callback activity, bot activity and other malicious agents. GTI constantly updates NSP with the latest reputation or categorization intelligence to augment its IDPS capabilities.
Hundred of thousands of new malware variants proliferate daily within the digital space and this challenges security tools and personnel enormously. One of the countermeasures introduced by McAfee is Advanced Threat Defense (ATD). This is an on-premise appliance that analyses files for malicious content that might otherwise go undetected.
When the McAfee NSP encounters a somewhat suspicious file attempting to enter the network, it sends a copy of the file to ATD for analysis. A positive result from ATD signals the NSP to immediately block the file. For files delivered to ATD after it has been found within the network, a positive result can trigger NSP to quarantine the computers or other devices on which the malware was found.
The McAfee Network Threat Behavior Analysis (NTBA) appliance is a solution for monitoring network traffic in real time through analysis of flow information traversing the network. Graphical real-time views of network traffic consisting of a moving profile of applications, endpoint, zones and interface traffic is provided. Specifically, NTBA can detect and report on port scans, endpoint sweep attacks, endpoint name changes and network traffic volume. When integrated with the McAfee NSP, the NTBA can process layer 7 traffic, identify devices and users that generate to most IDS events and permit forensic analysis for IPS events.
The McAfee NSP consist of one or more McAfee network security sensors (sensor) and the McAfee network security manager (manager) which may be an appliance or software.
The sensor is a high-performance, scalable and flexible content processing appliance built for accurate detection and prevention of intrusions, misuse, malware, DoS and DDoS attacks. The sensor is specifically designed to handle traffic at wire-speed, efficiently inspect and detect intrusions with a high degree of accuracy. If an attack is detected, a sensor responds according to its configured policy. A sensor can perform many types of attack responses, including generating alerts and packets logs, resetting TCP connection, scrubbing malicious packets and blocking malicious packets before the target is compromised.
The manager is used to configure and manage the sensor(s). The administrator connects to the manager from a client system through a browser and can access alerts, status, configuration, reports and fault management functions. All the major features in NSP are policy based and with policies for firewall, IPS, recon, QoS and others being accessible through the manager.
Through partnership with McAfee, the team at TRUSTWORTHY Systems Inc. is ready to assist organizations with the design, provisioning and support for a robust next-generation IDPS solution.
Let TRUSTWORTHY Systems Inc. be the catalyst for risky behavior, change and development of a better digital experience within your organization.