McAfee Advanced Threat Defense

McAfee Advanced Threat Defense

Advanced detection for stealthy, zero-day malware

Next Steps:


Today, targeted attacks are designed to defeat security systems through a variety of approaches that either confuse defenses or avoid them completely.

As a part of the McAfee Advanced Threat Defense solution, McAfee has transformed the act of detection by connecting advanced malware analysis capabilities with defenses — from the network edge through the endpoint — and sharing threat intelligence with the entire IT environment. By sharing threat intelligence among management, network, and endpoint systems, McAfee immediately shuts down command and control communications, quarantines compromised systems, blocks additional instances of the same or similar threats, assesses where damage may have occurred, and takes action.

McAfee Advanced Threat Defense enables organizations to not only detect today’s stealthy attacks but also convert information into action and ultimately, protection.

Address the three key requirements needed to solve today’s advanced threat prevention objective: find, freeze, and fix. McAfee Advanced Threat Defense finds advanced malware and integrates with McAfee security solutions to freeze the threat, identify vulnerable machines, and initiate fix or remediation actions.

Best Practices Against Advanced Threats

Gartner Digital Newsletter

Read Now

See McAfee Advanced Threat Defense in action: Videos, demos & technical guides

Learn More

Fighting advanced threats one layer at a time

View Infographic

Features & Benefits

Ensure more accurate advanced threat detection

Reduce the chances of missed malware or false positives. McAfee Advanced Threat Defense uses sophisticated static code and dynamic analysis (sandboxing) to provide the most detailed assessment and data on malware classification. Stealthy malware and zero-day persistent threats are packed or obfuscated to evade detection. Advanced Threat Defense employs strong unpacking to break through evasive techniques, enabling thorough analysis and accurate classification. With broad operating system support, threats are analyzed under the same conditions as the actual host profile, so you catch more malware with fewer false alerts.

Respond to threats faster

Quickly and seamlessly move from advanced malware analysis and conviction to advanced threat protection and resolution — a more comprehensive, efficient solution to the malware problem. Down selection — first using a mix of signatures, reputation, and real-time emulation — helps quickly identify a broad range of malware, producing fast detection results and reducing the number of files requiring more thorough sandbox analysis.

Lower TCO

Centralized deployment enables multiple McAfee network devices to share the same malware analysis appliance, reducing the number of required advanced threat protection appliances, simplifying administration, and cost-effectively scaling security across your network. Advanced Threat Defense can leverage your existing McAfee security solutions, reducing the need for network rearchitecture and minimizing operational costs.

Better together: Security components operate as one

Tight integration reduces time from encounter to containment and protection, enables efficient alert management through streamlined workflows, and reliably maintains throughput and policy enforcement. Support for OpenIOC and STIX, two open standards for indicators of compromise and threat information output, further enhances and enables integration.

System Requirements

McAfee Advanced Threat Defense is a self-contained device. There are no minimum software or hardware system requirements.

Appliance Hardware Components ATD-6000 ATD-3000
Dimensions 2RU Rack Mountable 17.24"W x 3.43"H x 28"L 1RU Rack Mountable 17.25"W x 1.70"H x 29"L
Weight 50 lbs. 33 lbs.
Storage Disk space HDD: 4 x 4TB
SSD: 2 x 800 GB
Disk space HDD: 2 x 4TB
SSD: 2 x 400 GB
Maximum Power Consumption 2x 1,600W 2x 750W
Redundant Power Supply AC redundant, hot swappable
AC Voltage 100-240 V at 50–60Hz and 8.5 Amps 100-240 V at 50–60Hz and 5.8 Amps
Temperature +10° to +35° C (operating) -40° to +70° C (non-operating)
Relative Humidity (Non-Condensing) Operational: 10% to 90%; Non-operational: 50% to 90%
Altitude 0–10,000 feet
Safety Certification UL 1950, CSA-C22.2 No. 950, EN-60950, IEC 950, EN 60825, 21CFR1040 CB license and report covering all national country deviations
EMI Certification FCC Part 15, Class A (CFR 47) (USA), ICES-003 Class A



Learn how McAfee Advanced Threat Defense works with your current security from network to endpoint to protect against threats.

Malware is becoming more evasive than ever before, making sandbox detection difficult. Ensure your team catches stealth, zero-day malware with McAfee Advanced Threat Defense.

Jon Oltsik, Sr. Principle analyst, Security at ESG talks about today’s trends in advanced malware, detection options, and the importance of integration between endpoint and network solutions for protection, context and increased ability to respond. Jon shares his impression of McAfee Advanced Threat Defense.

Awards / Reviews

Miercom: Advanced Threat Analysis — Capabilities and Catch Rates

Technology approaches to defeating sophisticated threats vary widely — with a range of deployment options and differing levels of effectiveness. What’s the right solution for your network? This webcast explains what capabilities to look for in your advanced threat analysis solution. Rob Smithers, president and CEO of Miercom, will offer insight drawn from hands-on experience testing the efficacy of the leading advanced threat analysis systems.

McAfee Advanced Threat Defense Test Results
McAfee Advanced Threat Defense Test Results

AV-TEST performed a test of the McAfee Advanced Threat Defense appliance to determine its malware detection capabilities.

CRN Ranks McAfee in their 2013 Top 25 Best Companies to Partner With
CRN Ranks McAfee in their 2013 Top 25 Best Companies to Partner With

Ranked by IT solution providers (SPs), CRN Research ranks the Top 25 must-have technology suppliers from a list of nearly 230 companies in 12 product categories that SPs need to consider when formalizing their partnerships today and for the future. 1,000 unique SPs of all types and sizes were surveyed.

SC Magazine
SC Magazine Readers Trust Awards – Best APT Protection

SC Magazine selects McAfee as a finalist for the Readers Trust Awards — Best Advanced Persisten Threat (APT) Protection category.

Related Products

McAfee Advanced Threat Defense is a core component of the McAfee network security portfolio and the Security Connected framework. McAfee has transformed the act of detection by connecting advanced malware analysis capabilities with defenses — from the network edge through the endpoint — and sharing threat intelligence with the entire IT environment.

McAfee Next Generation Firewall
McAfee Next Generation Firewall secures enterprises against the most advanced attacks with highly-available, scalable, and flexible cutting-edge protections, all supported by Security Connected, the industry’s broadest and most sophisticated anti-threat ecosystem.

McAfee Network Security Platform
McAfee Network Security Platform is a uniquely intelligent security solution that discovers and blocks sophisticated threats in the network. Using advanced threat detection techniques, it defends against stealthy attacks with extreme accuracy at speeds of up to 80 Gbps, while providing rich contextual data about users, devices, and applications for fast, accurate responses to network-borne attacks.

McAfee Threat Intelligence Exchange
McAfee Threat Intelligence Exchange significantly optimizes advanced threat prevention, closing the gap from encounter to containment for advanced targeted attacks from days, weeks, and months down to milliseconds.

McAfee Enterprise Security Manager
McAfee Enterprise Security Manager provides the speed and rich context required to identify critical threats, respond quickly, and easily address compliance requirements. Continuous global threat and enterprise risk feeds deliver adaptive and autonomous risk management, allowing remediation of threats and compliance reporting in minutes instead of hours.

McAfee Web Gateway
McAfee Web Gateway, deployed on-premises with appliances or in a virtual environment, offers powerful, proactive protection against zero-day threats, spyware, and targeted attacks. Web Gateway combines this advanced security with flexible, granular control, enabling your business to take maximum advantage of the web without compromise.

McAfee Email Gateway
McAfee Email Gateway consolidates inbound threat protection, outbound encryption, advanced compliance, data loss prevention, and administration into a single, easy-to-deploy, and user-friendly appliance. It eliminates ineffective piecemeal defenses, simplifies multivendor security environments, and reduces operating costs — while significantly strengthening email security.

McAfee ePolicy Orchestrator
McAfee ePolicy Orchestrator (McAfee ePO) is a key component of the McAfee Security Management Platform, and the only enterprise-class software, to provide unified management of endpoint, network, and data security. With end-to-end visibility and powerful automations that slash incident response times, McAfee ePO software dramatically strengthens protection and drives down the cost and complexity of managing risk and security.

News / Events

Customer Stories

City of Chicago

Chicago protects its critical infrastructure with an integrated solution from McAfee, combining SIEM, endpoint, and network security.

  • Maximized staff resources.
  • Malware incidents reduced by 2,000%.
  • Centralized management and analysis.
  • Integrated security event logging that captures events throughout the environment.

Eagle Rock Energy

Eagle Rock strengthens its security infrastructure with the addition of new security management and network security solutions.

  • Integrated security architecture paves the way for business expansion.
  • Comprehensive threat detection ensures that security events from every source are noted and logged.
  • The combination of McAfee Web Gateway and McAfee Advanced Threat Defense thwarts inbound threats from the Internet.
  • Intrusion prevention monitors both external and internal activity.


Data Sheets

McAfee Advanced Threat Defense

For a technical summary on the McAfee product listed above, please view the product data sheet.


SANS Top 20 Critical Controls Poster

The top 20 critical controls for effective cyberdefense.

Deeper Inspection. Better Threat Protection.

Malware is becoming more complicated, covert, and clever. Your advanced threat protection solution needs to have just as cunning of a response.

Bury Threats Before They Bury Your Business

Bury threats with McAfee’s Network Security Platform comprehensive signature-less approach to malware detection.

Take An Integrated Approach To Advanced Threats

With today's advanced malware threats, IT departments need to expand their coverage with an appropriately configured security infrastructure. Finding, freezing and fixing advanced exploits fast requires a fully integrated, well-managed approach to IT security.


Dissecting the Top Five Network Attack Methods: A Thief's Perspective

This report offers forensic insight into five of the most common network attack methods that data thieves love to use. It also provides practical guidance on how criminals view your network, how to use that information to maintain a dynamic security profile, and ways to minimize the likelihood of a breach and its injurious repercussions.

The Top Five Network Attack Methods

This report offers insight into five of the most common network attack methods cybercriminals love to use. It provides valuable insight on how attackers target sensitive data and steal intellectual property, as well as guidance on what you can do to minimize the likelihood of a breach and its repercussions.

Market Quadrant: McAfee Advanced Threat Defense is Top Player

This edition of Radicati Market Quadrants reviews products that offer protection from advanced persistent threats.

ESG Report: Tackling Attack Detection and Incident Response

This report examines organizations’ security strategies, cyber-attack environments, incident response challenges and needs. A survey found that security professionals are inundated with security incidents and struggle with timely identification and resolution of targeted attacks. A lack of visibility into user and network activity, shortage of investigative skills and experience, and poor security analytics capabilities are key factors in slowing organizations’ response to incidents.

Gartner Digital Newsletter: Best Practices Against Advanced Threats

The newsletter includes access to Gartner research ‘Five Styles of Advanced Threat Defense’ and discusses how Intel Security solutions help organizations with every aspect of their advanced threat defense strategy and has uniquely integrated them to provide a powerful security platform.

NSS Labs Product Assessment Brief: McAfee Advanced Threat Defense

This report reviews McAfee Advanced Threat Defense, outlining strengths, weaknesses, opportunities and threats.

SANS Analytics and Intelligence Survey

This paper explores the use of analytics and intelligence today and exposes the impediments to successful implementation. Organizations that are deploying analytics and intelligence properly are experiencing faster response and detection times, as well as greater visibility. However, many are confused about how to integrate and automate their intelligence collection processes.

SANS Report: Critical Security Controls: From Adoption to Implementation

A recent SANS survey provides an in-depth look at the primary industries adopting critical security controls and how they approach implementation.

McAfee Advanced Threat Defense Test Results

AV-TEST performed a test of the McAfee Advanced Threat Defense appliance to determine its malware detection capabilities.

ESG Lab Validation Report: McAfee Advanced Threat Defense

This ESG Lab Validation report documents hands-on testing of McAfee Advanced Threat Defense, a key component of McAfee’s end-to-end solution for addressing advanced malware. Testing was designed to explore how the solution accurately detects advanced malware using a layered approach, the speed and effectiveness of responding to an attack, and the operational efficiencies of this integrated solution.

Gartner Report: Designing an Adaptive Security Architecture for Protection from Advanced Attacks

Most enterprise security protection efforts and products have focused primarily on blocking and prevention techniques as well as on policy-based controls to block threats. However, perfect prevention is impossible. Advanced targeted attacks are easily bypassing traditional firewalls and signature-based prevention mechanisms. All organizations should now assume that they are in a state of continuous compromise.

McAfee IPS Appliance Test

AV-TEST performed a review of McAfee’s IPS solution for the enterprise to determine malware detection and blocking capabilities.

The Economic Impact of Cybercrime and Cyber Espionage

This report discusses how to estimate the cost of malicious cyber activity, and its effect on trade, technology and competitiveness.

Solution Briefs

Advanced Threat Defense for SIEM

When advanced detection solutions, known as sandboxes, collaborate with SIEM solutions, enterprises can better understand and respond to unknown, advanced attacks. McAfee Advanced Threat Defense and McAfee Enterprise Security Manager work in concert to extract relevant data from advanced malware and dramatically reduce time to response by minimizing uncertainty and accelerating remediation.

A Well-Connected Sandbox

A well-connected sandbox that is integrated from the network edge to endpoints is one of the most effective defenses against today’s constantly morphing and evasive advanced threats. This brief explains how McAfee Advanced Threat Defense, when integrated with other Intel Security solutions, provides an effective defense against zero-day threats.

Advanced Threat Defense for the Email Gateway

Email is a vital communication vehicle for just about every business these days—and it is also a key threat vector for cybercrooks who are looking to steal valuable data or execute inbound attacks. As part of our unified, integrated Security Connected framework, McAfee Email Gateway and McAfee Advanced Threat Defense work together to find and freeze new, unknown, and stealthy advanced threats. For a complete end-to-end solution, add McAfee Real Time to the mix to quickly identify and fix systems impacted by advanced malware.

McAfee Advanced Threat Defense for McAfee Web Gateway

Social networks, cloud applications, and content-sharing sites have become essential business tools and IT organizations are struggling to make them safely accessible from inside and outside the corporate environment. Read this Solution Brief and see how McAfee Threat Defense for McAfee Web Gateway helps overcome the obstacles.

Abuse of Trust

Attackers prey upon the institution of trust in many ways, with exploiting unsuspecting victims the primary pursuit. Learn how McAfee security technology can help protect against attacks seeking to abuse the trust your company has in its day-to-day operations.

Advanced Threat Defense for Network IPS

Many of today’s unknown, zero-day threats evade traditional signature-based defenses. The addition of third-party sandbox appliances can help, but they have several limitations: high cost of deployment, reliance on a generic virtualized environments, and limited analysis techniques, making the sandbox vulnerable to crafty malware designed to bypass analysis. McAfee Network Security Platform IPS and McAfee Advanced Threat Defense work together to find sophisticated threats, freeze them so they cannot infiltrate, and fix the damage done.

Advanced Threat Defense for Next-Generation Firewalls

Next-generation firewalls certainly offer expanded network security for branch offices and remote locations, but they can’t find and block stealthy, advanced malware. Through the Security Connected approach from McAfee, Advanced Threat Defense and McAfee Next Generation Firewall work hand-in-hand to find and freeze today’s evasive and targeted cyberattacks.

Security in Unison

McAfee Threat Intelligence Exchange and McAfee Advanced Threat Defense work together to provide enterprises with automated, adaptive threat response, which reduces time-to-containment of malicious files. The moment a file is convicted, the entire security infrastructure is informed and updated immediately, providing greatly enhanced visibility and control, from endpoint to network.

McAfee Delivers Comprehensive Threat Protection for the Financial Services Industry

This solution brief explains how the McAfee Security Connected approach provides advanced threat protection for the financial services industry and prevents targeted attacks.

McAfee Advanced Threat Defense: Services solutions for Managed Service Providers (MSP)

IT organizations are focused on shifting budgets from capital expenditures (CAPEX) to operational expenditures (OPEX) in an environment where in-house investments can easily get outpaced by an increasingly sophisticated cybercrime ecosystem. McAfee Advanced Threat Defense can help you to differentiate your services and protect customers against zero-day attacks by offering the industry’s most comprehensive threat protection.

Technology Blueprints

Find, Freeze, and Fix Advanced Threats

Your organization is asking for an advanced malware detection and response strategy that’s sophisticated and adaptive against hacker attacks. Several design trends in advanced malware security affect the performance, efficacy, cost, and management complexity of an overall solution. What’s your next step?

White Papers

SANS Survey: Incident Response – How to Fight Back

SANS recently surveyed incident response (IR) teams to get a clearer picture of what they're up against today. The results are in; most organizations lack formalized IR plans, they expressed a need to collect and correlate threat intelligence and SIEM tools are their focus for improving IR capabilities.

Preventing Targeted Attacks with McAfee's Advanced Threat Defense

In this white paper, IDC outlines McAfee Advanced Threat Defense (ATD) within the context of the specialized threat analysis and protection market. Our centralized approach to malware analysis, deep integrations across the product portfolio, and three-pronged focus on "Find, Freeze, Fix" as a way of dealing with threats is unique within the market and provides a more holistic approach than other detection-oriented products.

Conquer the Top 20 Critical Security Controls

Critical Security Controls (CSCs) help organizations break down operational silos by providing a pragmatic blueprint detailing where to focus efforts to achieve the greatest results. This white paper maps the quick wins within the first five CSCs to associated McAfee products, services, and partner solution capabilities — all part of the Security Connected platform.

Build a Better Sandbox

As malware becomes more sophisticated and evasive, new technologies are emerging to uncover threats no matter how well they’re camouflaged. This white paper proposes a logical design strategy for dynamic malware analysis that optimizes detection effectiveness, efficiency, and economics.

Advanced Targeted Attacks: It Takes a System

Adaptive intelligence and real-time communications orchestrate protection in the McAfee Security Connected Platform.



Threats and Risks