McAfee Network Threat Response

McAfee Network Threat Response

Deconstruct, analyze, and respond to threats inside your network

Next Steps:

Overview

McAfee Network Threat Response is a software package that captures, deconstructs, and analyzes malware that is resident inside your network today. Network Threat Response is a powerful cybertool for security analysts. It automatically identifies malware targeting internal network vulnerabilities, and instantly captures and analyzes it to aid in rapid remediation and ongoing network defense.

Reveals what attackers don't want us to see
Network Threat Response combs through PDFs, Microsoft Office files, and all other network activities looking for attempts to hide or obscure malicious content, providing analysts with instant visibility into attacks.

Uncovers persistent attacks
Network Threat Response identifies and accumulates portions of attacks that trickle in over time, piecing together threat puzzles that sneak into networks at a snail’s pace.

Cuts analysis time down to minutes
Network Threat Response automates security analysts’ tasks by combing through network traffic, looking for signature patterns of malware activity. These attack vectors are automatically forwarded for full analysis and presented to the analyst who can view all the facets of an attack and make appropriate, targeted security changes. These targeted changes allow networks to maintain optimal protection with minimal impact on internal IT operations.

High-performance, high-security platform
Customers seeking to lower the hardware maintenance and management costs can now deploy Network Threat Response on the scalable and multifunctional CloudShield CS-4000 platform. Network Threat Response on the CS-4000 platform provides security-conscious enterprises with a scalable, physically secure, and cybertough approach to finding and avoiding security breaches caused by advanced malware attacks.

Features & Benefits

Maximizes Security Staff Effectiveness

A single McAfee Network Threat Response device gives any security team the power of 20 analysts and reverse engineers without requiring a single hire. Unlike other security devices, which can generate thousands of events a day, analysts can review every event generated by McAfee Network Threat Response within minutes.

Reveals What They Don’t Want Us to See

A distinguishing characteristic of advanced malware is its ability to evade detection. McAfee Network Threat Response looks at PDFs, Microsoft Office files, and all other network activities for attempts to hide or obscure traffic. NTR doesn’t just alert to the presence of obfuscation; it decodes the traffic, providing analysts with visibility into the attack that is not possible with other existing tools.

Increased Flexibility and Analytical Capabilities

IPS solutions that are deployed in-line are forced to make difficult trade-offs due to performance pressures. That means more complicated threats may go undetected. NTR sits out of band, which frees it to perform more in-depth analysis without having to worry about time contstraints.

Assembles Puzzle Pieces Together

Network Threat Response has the unique ability to uncover slow moving, persistent attacks, identifying and accumulating portions of attacks that trickle in over time. Nothing else gives our customers the ability to piece together threat puzzles that sneak into their network at a snail’s pace.

Multi-faceted Exploit Detection

Most tools are one-dimensional in their detections, but NTR utilizes a host of different methodologies that increase detection rates and allow for the detection of complicated attacks. NTR deploys a suite of commercial AV engines for validating network objects, in addition to McAfee AV. Sandbox Analysis? NTR deploys both ValidEdge and Cuckoo for executing and studying the impact of suspicious network objects in a virtual environment. In addition to these engines, NTR employs many other detection and analysis algorithms including JAR analysis, PDF analysis, Office document analysis, etc.

Shellcode Detection and Deobfuscation

Shellcode is the set of instructions used by malware to infect and control a device. McAfee Network Threat Response uses patent-pending heuristics to detect the presence of shellcode, without requiring prior knowledge of the ever-changing, encrypted attack payload. Even obfuscated shellcode is detected with NTR’s suite of analysis engines, and it takes it a step further, deobfuscating the detected code and presenting it for easy analysis by security professionals.

Cuts Analysis Time Down to Minutes

NTR automates the Security Analysts task by combing through network traffic looking for signature patterns of malware activity and attack. Once identified, these “attack vectors” are automatically forwarded into the full suite of NTR analysis services. The result of this processing is presented to the analyst who can view all the facets of the attack and make appropriate, targeted security changes. These targeted security changes allow networks to maintain optimal protection with minimal impact on internal IT operations.

Incident Response with PCAP Analysis

McAfee Network Threat Response accelerates the analysis of the captured data via its PCAP import capabilities. Captured data can be replayed through the McAfee Network Threat Response analysis engines where hidden traffic is decoded and key indicators are highlighted. As a result, an analyst has anchor points from which to start the investigation—shaving days off of analysis time. Netwitness and Solera are excellent sources of captured PCAP data.

System Requirements

McAfee Network Threat Response is a software solution that can run on a variety of hardware platforms. For optimal security and performance, we recommend running Network Threat Response on the CloudShield CS-4000 platform. Please see the data sheet for appliance specifications and details.

Awards / Certifications

CRN Ranks McAfee in their 2013 Top 25 Best Companies to Partner With
CRN Ranks McAfee in their 2013 Top 25 Best Companies to Partner With

Ranked by IT solution providers (SPs), CRN Research ranks the Top 25 must-have technology suppliers from a list of nearly 230 companies in 12 product categories that SPs need to consider when formalizing their partnerships today and for the future. 1,000 unique SPs of all types and sizes were surveyed.

Resources

Data Sheets

McAfee Network Threat Response on CloudShield CS-4000

For a technical summary of the CloudShield product listed above, please view the product data sheet and learn how McAfee Network Threat Response on the CloudShield CS-4000 platform complements your existing network defenses.

CloudShield CS-4000 Platform

For a technical summary of the CloudShield product listed above, please view the product data sheet and learn how it is used with McAfee Network Threat Response software.

McAfee Network Threat Response

For a technical summary on the McAfee product listed above, please view the product data sheet.

White Papers

Deep Dive into McAfee Network Threat Response

By providing a single, expandable framework supporting a proactive security infrastructure, McAfee Network Threat Response enables IT administrators to focus on tasks core to their business model without the need to reconfigure, reinstall, and retrain for an ever-changing threat landscape.

Community

Blogs

  • Top 10 Reasons to Upgrade to ePO 5.1
    McAfee Enterprise - April 15, 2014

    Enterprises today are fighting an uphill battle when it comes to security. While there is a proliferation of security management and reporting tools available, the lack of integration and visibility can add more complexity and snags rather than less. Working between multiple security systems diverts attention from other tasks in addition to costing money and […]

    The post Top 10 Reasons to Upgrade to ePO 5.1 appeared first on McAfee.

  • Securing the Internet of Things with McAfee
    McAfee Enterprise - April 11, 2014

    With Google Glass, FitBit, smart cars, smart televisions, and more, it seems like the world is getting closer to the reality of the Internet of Things. In fact, according to IDC, the installed base of the Internet of Things will be approximately 212 billion “things” worldwide by 2020. Whether it’s wearable technology, household items, transportation […]

    The post Securing the Internet of Things with McAfee appeared first on McAfee.

  • Keeping Domain Controllers Safe
    Swaroop Sayeram - April 10, 2014

      I came across an excellent book titled, Assessing Network Security. It’s written by three Microsoft security researchers who understand Domain Controllers (DCs) inside out. I found it quite insightful and I strongly recommend it if you are in charge of IT Security. They describe DC security with a single sentence – “Defending the keys to […]

    The post Keeping Domain Controllers Safe appeared first on McAfee.

  • Microsoft Patch Tuesday: April 2014
    Doug Neuman - April 9, 2014

    Hello Everyone, For April’s edition of Patch Tuesday, we are presenting the final patches for the beloved Windows XP. Those of you still running Windows XP systems in your environment are highly recommended to speak with your McAfee sales team about Application Control. Application Control can provide your EOL systems protection against an unpatched vulnerability. […]

    The post Microsoft Patch Tuesday: April 2014 appeared first on McAfee.

  • Intel and McAfee Join Forces, Dazzle at Intel Security Innovation Summit
    Ken Kartsen - April 8, 2014

    Wow, what an incredible week we just wrapped up. In case you missed it, April 2nd was the Intel Security Through Innovation Summit, produced by FedScoop. We could not have been more thrilled with the outcome. Nearly 1,000 attendees came, including federal government and enterprise customers, McAfee and Intel personnel, partner companies and other DC-based […]

    The post Intel and McAfee Join Forces, Dazzle at Intel Security Innovation Summit appeared first on McAfee.