- Chat with McAfee Ready to make a purchase or have questions before you buy? Chat with a McAfee expert. Available Monday to Friday.
- Contact Me
- Find a Reseller
- Get Security Notifications Now
- Call: 1-888-847-8766
Overview
McAfee Network Threat Response is a software package that captures, deconstructs, and analyzes malware that is resident inside your network today. Network Threat Response is a powerful cybertool for security analysts. It automatically identifies malware targeting internal network vulnerabilities, and instantly captures and analyzes it to aid in rapid remediation and ongoing network defense.
Reveals what attackers don't want us to see
Network Threat Response combs through PDFs, Microsoft Office files, and all other network activities looking for attempts to hide or obscure malicious content, providing analysts with instant visibility into attacks.
Uncovers persistent attacks
Network Threat Response identifies and accumulates portions of attacks that trickle in over time, piecing together threat puzzles that sneak into networks at a snail’s pace.
Cuts analysis time down to minutes
Network Threat Response automates security analysts’ tasks by combing through network traffic, looking for signature patterns of malware activity. These attack vectors are automatically forwarded for full analysis and presented to the analyst who can view all the facets of an attack and make appropriate, targeted security changes. These targeted changes allow networks to maintain optimal protection with minimal impact on internal IT operations.
High-performance, high-security platform
Customers seeking to lower the hardware maintenance and management costs can now deploy Network Threat Response on the scalable and multifunctional CloudShield CS-4000 platform. Network Threat Response on the CS-4000 platform provides security-conscious enterprises with a scalable, physically secure, and cybertough approach to finding and avoiding security breaches caused by advanced malware attacks.
Features & Benefits
Maximizes security staff effectiveness
A single McAfee Network Threat Response device gives any security team the power of 20 analysts and reverse engineers — without requiring a single hire. Unlike other security devices, which can generate thousands of events a day, analysts can review every event generated by McAfee Network Threat Response within minutes.
Increases flexibility and analytical capabilities
IPS solutions that are deployed in-line are forced to make difficult trade-offs due to performance pressures, and more complicated threats may go undetected. Network Threat Response sits out of band, which frees it to perform more in-depth analysis without having to worry about time constraints.
Utilizes multi-faceted exploit detection
Most tools are one dimensional in their detections, but Network Threat Response utilizes a host of different methodologies that increase detection rates and uncover complicated attacks. Network Threat Response deploys a suite of commercial antivirus (AV) engines for validating network objects, in addition to McAfee AV. For sandbox analysis, Network Threat Response deploys both ValidEdge and Cuckoo for executing and studying the impact of suspicious network objects in a virtual environment. In addition to these engines, Network Threat Response employs many other detection and analysis algorithms including JAR analysis, PDF analysis, Office document analysis, and more.
Uses shellcode detection and deobfuscation
Shellcode is the set of instructions used by malware to infect and control a device. Network Threat Response uses patent-pending heuristics to detect the presence of shellcode, even obfuscated shellcode, without requiring prior knowledge of the ever-changing, encrypted attack payload. With a suite of analysis engines, Network Threat Response deobfuscates the detected code and presents it for easy analysis by security professionals.
Provides incident response with PCAP analysis
McAfee Network Threat Response accelerates the analysis of captured data via its PCAP import capabilities. Captured data is replayed through analysis engines where hidden traffic is decoded and key indicators are highlighted. As a result, an analyst has anchor points from which to start the investigation — shaving days off of analysis time. Netwitness and Solera are excellent sources of captured PCAP data.
System Requirements
McAfee Network Threat Response is a software solution that can run on a variety of hardware platforms. For optimal security and performance, we recommend running Network Threat Response on the CloudShield CS-4000 platform. Please see the data sheet for appliance specifications and details.
News / Events
News
- Security Powerhouses McAfee and CloudShield Offer a New Sensor-based Approach to Detect and Defend Against Advanced Persistent Threats
May 14, 2012Topics : Network Security
Events
No results foundOn Demand
No results foundResources
McAfee Network Threat Response on CloudShield CS-4000
For a technical summary of the CloudShield product listed above, please view the product data sheet and learn how McAfee Network Threat Response on the CloudShield CS-4000 platform complements your existing network defenses.
CloudShield CS-4000 Platform
For a technical summary of the CloudShield product listed above, please view the product data sheet and learn how it is used with McAfee Network Threat Response software.
McAfee Network Threat Response
For a technical summary on the McAfee product listed above, please view the product data sheet.
White Papers
Community
Forums
No results foundBlogs
- Making progress in Recognizing Risk for Medical Devices
Kim Singletary - June 18, 2013
The FDA recently released a new warning regarding medical devices, malware and cyber-security. The recommendations are sound and reflect progress since the release of the United States Government Accountability Office report on Medical Devices citing a need for expanding information security. Any implantable medical device has a planned lifespan for ten years because undergoing major surgery more Read more... - FDA Urges Medical Device Manufacturers to Strengthen Security
Teresa Chen - June 18, 2013
We’ve all seen headlines about the growing numbers of medical devices being infected by malware. Recently, the Wall Street Journal reported at least 327 devices at Veterans Affairs (VA) hospitals have been compromised since 2009. Taking action, the U.S. Food and Drug Administration (FDA) is urging device manufacturers and health care facilities to be more vigilant Read more... - Why whitelisting is ready for Enterprise desktops
Kim Singletary - June 17, 2013
When I was first introduced to whitelisting now over five years ago I was considering this technology for critical shared systems and looking at ways to manage remote operations. Dynamic whitelisting as a control to deny execution and access to system resources unless there was explicit trust of the applications and executables was a very Read more... - McAfee ESM named Leader in 2013 Gartner Magic Quadrant for SIEM
Gretchen Hellman - June 12, 2013
McAfee announced this week that our SIEM (security information and event management) offering has been positioned as a “Leader” in the 2013 Gartner Magic Quadrant for Security Information and Event Management. According to the report, Leaders provide “technology that is a good match to current customer requirements. Leaders also show evidence of superior vision and Read more... - Microsoft Patch Tuesday Report: BYOD in Focus
Scott Taschler - June 11, 2013
Today Microsoft released 5 patches which addressed 23 individual vulnerabilities. Only one patch is identified by Microsoft as “critical” and resolves 19 reported vulnerabilities in Internet Explorer. Looking over the patches I would like to highlight the following two patches: MS13-047: This is the bulk of the update consisting of patches for 19 critical vulnerabilities Read more...