McAfee Network Security Platform version 7.5 is now available and it seems someone forgot to tell engineering it was just a dot release. It delights me that our customers will get so many significant enhancements in a single update, so excuse me as I channel my inner peacock and flaunt some of the platform’s new feathers.
This release is really about two things: what it can do to protect you against advanced threats and how it helps you react when attacks are successful.
‘Advanced’ malware is synonymous with ‘unknown’ malware. With this version, Network Security Platform adds innovative signature-less threat detection and prevention technologies, including deep file analysis and a powerful anti-malware engine capable of detecting advanced malware across a full range protocols and file types. For the record, Network Security Platform already has several behavior and reputation-based technologies for detecting stealthy attacks, but these latest enhancements represent a quantum leap forward for the network security industry for inline, integrated advanced malware detection.
McAfee Labs performs extensive research to discover innovative ways to detect and prevent bots and botnet attacks. This research was used to develop a new active botnet engine that dynamically identifies thousands of active botnet command and control channels. This adds to existing botnet protection that uses ‘multi-attack’ correlation and bot behavior patterns to provide maximum coverage against known and unknown botnets.
The IPS industry has a problem – an alert problem. The ‘stock ticker’ approach to managing security events doesn’t work when faced with thousands of daily alerts. Network Security Platform now includes intelligent alert prioritization to automatically prioritize network events based on a wide range of environmental factors. The release improves integration with McAfee ePO and McAfee Enterprise Security Manager making use of real-time information so operators have the full context of an attack, at the precise time of the attack.
This release also gives the platform a literal face-lift. The new Network Security Manager interface includes customizable dashboards with dramatic workflow improvements based on the concept of progressive disclosure. It intuitively presents threat information with corresponding user, device and forensics data to streamline event investigation.
Over the coming weeks we’ll be digging into the details of these new capabilities, so stay tuned. In the meantime, please check out some of the following resources to learn about what’s new: visit www.mcafee.com/networksecurity.