McAfee Network Threat Response is a software package that captures, deconstructs, and analyzes malware that is resident inside your network today. Network Threat Response is a powerful cybertool for security analysts. It automatically identifies malware targeting internal network vulnerabilities, and instantly captures and analyzes it to aid in rapid remediation and ongoing network defense.
Reveals what attackers don't want us to see
Network Threat Response combs through PDFs, Microsoft Office files, and all other network activities looking for attempts to hide or obscure malicious content, providing analysts with instant visibility into attacks.
Uncovers persistent attacks
Network Threat Response identifies and accumulates portions of attacks that trickle in over time, piecing together threat puzzles that sneak into networks at a snail’s pace.
Cuts analysis time down to minutes
Network Threat Response automates security analysts’ tasks by combing through network traffic, looking for signature patterns of malware activity. These attack vectors are automatically forwarded for full analysis and presented to the analyst who can view all the facets of an attack and make appropriate, targeted security changes. These targeted changes allow networks to maintain optimal protection with minimal impact on internal IT operations.
High-performance, high-security platform
Customers seeking to lower the hardware maintenance and management costs can now deploy Network Threat Response on the scalable and multifunctional CloudShield CS-4000 platform. Network Threat Response on the CS-4000 platform provides security-conscious enterprises with a scalable, physically secure, and cybertough approach to finding and avoiding security breaches caused by advanced malware attacks.
A single McAfee Network Threat Response device gives any security team the power of 20 analysts and reverse engineers — without requiring a single hire. Unlike other security devices, which can generate thousands of events a day, analysts can review every event generated by McAfee Network Threat Response within minutes.
IPS solutions that are deployed in-line are forced to make difficult trade-offs due to performance pressures, and more complicated threats may go undetected. Network Threat Response sits out of band, which frees it to perform more in-depth analysis without having to worry about time constraints.
Most tools are one dimensional in their detections, but Network Threat Response utilizes a host of different methodologies that increase detection rates and uncover complicated attacks. Network Threat Response deploys a suite of commercial antivirus (AV) engines for validating network objects, in addition to McAfee AV. For sandbox analysis, Network Threat Response deploys both ValidEdge and Cuckoo for executing and studying the impact of suspicious network objects in a virtual environment. In addition to these engines, Network Threat Response employs many other detection and analysis algorithms including JAR analysis, PDF analysis, Office document analysis, and more.
Shellcode is the set of instructions used by malware to infect and control a device. Network Threat Response uses patent-pending heuristics to detect the presence of shellcode, even obfuscated shellcode, without requiring prior knowledge of the ever-changing, encrypted attack payload. With a suite of analysis engines, Network Threat Response deobfuscates the detected code and presents it for easy analysis by security professionals.
McAfee Network Threat Response accelerates the analysis of captured data via its PCAP import capabilities. Captured data is replayed through analysis engines where hidden traffic is decoded and key indicators are highlighted. As a result, an analyst has anchor points from which to start the investigation — shaving days off of analysis time. Netwitness and Solera are excellent sources of captured PCAP data.
McAfee Network Threat Response is a software solution that can run on a variety of hardware platforms. For optimal security and performance, we recommend running Network Threat Response on the CloudShield CS-4000 platform. Please see the data sheet for appliance specifications and details.
Topics : Network Security
For a technical summary of the CloudShield product listed above, please view the product data sheet and learn how McAfee Network Threat Response on the CloudShield CS-4000 platform complements your existing network defenses.
For a technical summary of the CloudShield product listed above, please view the product data sheet and learn how it is used with McAfee Network Threat Response software.
For a technical summary on the McAfee product listed above, please view the product data sheet.