Content

McAfee Network User Behavior Analysis

(Securify)

McAfee Network User Behavior Analysis product shot
Find out who’s doing what and from where on your network

Gain a continuous, real-time view of what business users are doing across your complex network environment. McAfee Network User Behavior Analysis (UBA) (Securify) leverages your existing network data and the identity and role information in your existing directories to deliver cost-effective visibility of user access and behavior across networks and systems.

Tab Navigation

Benefits and Features

Benefits:

  • Minimize IT and business risk
    Know what users are doing on your network; compare against security and business policies to minimize security risks and legal liability; McAfee Network UBA is proven to reduce costs, effort, and risk associated with network planning and changes
  • Gain unparalleled visibility for compliance
    Streamline audit preparation with McAfee Network UBA; it has been successfully used to quickly pinpoint and solve PCI- and FISMA-related access and behavior gaps that other solutions may miss
  • Deploy cost-effective, scalable monitoring
    Enable out-of-band monitoring with no network reconfiguration; McAfee Network UBA monitors require no agents, no application integration, and no recoding; for identity-based monitoring, Network UBA leverages existing directory information
  • Enjoy enterprise scalability
    Rest assured that McAfee Network UBA can scale to meet your monitoring needs; it has been deployed and scaled across more than 3 million users in some of the most demanding network environments in the world

Features:

  • Identity capabilities
    Track users' activity from the moment they access the network; real-time integration with your directory means you always know the user, their role, and the policy context; changes made in the directory automatically filter down to Network UBA monitors
  • Out-of-band network monitoring and analysis
    Enable network monitoring and real-time analysis via port mirroring or passive network taps for deep packet inspection; alternatively, you can monitor network traffic via flow data from Cisco Netflow, Juniper J-Flow, and others
  • Intuitive views of network traffic
    Gain two at-a-glance views of network traffic:
    • Pure "Discovery" mode provides a dynamic baseline to help protect against false positives
    • Controls" mode automatically verifies traffic against user, group, and role-based policies, and alerts on  violation
  • Integration with existing infrastructure
    Leverage existing technologies; McAfee Network UBA integrates with Active Directory and LDAP-based directories, non-Windows identity clients like Centrify, network routers and switches, and flow-based data from Cisco, Juniper, and others

Description:

McAfee Network User Behavior Analysis (UBA) monitor appliances are network-based and designed to capture and analyze critical traffic data inside the network using one of three methods:

  • Monitors passively capture, decode, and analyze traffic via native deep packet inspection (DPI). They use port mirroring or passive network taps to obtain full packet data for protocol decoding up to the application layer. This level of detail is often required to ensure a tamperproof view of network activity within critical systems.
  • Flow monitors analyze existing flow-based data from Cisco Netflow, Juniper J-Flow, and others. This broader network view is often useful for gaining a cost-effective, enterprise-wide view of who is doing what and from where across the entire network.
  • When using McAfee Network UBA management appliances, you can use monitors in a "mixed" mode that combines DPI and flow-based data.

Monitor detection capabilities include:

  • Network scan detection
  • Service probe detection
  • Protocol anomaly detection
  • Network behavior anomaly detection
  • Application behavior anomaly detection
  • Unauthorized services detection
  • Unauthorized communication channels detection
  • Native IDS signature detection, which includes custom signature deployment, and regular and on-demand signature updates

McAfee provides these Network UBA monitor options:

  • Monitor SE—bandwidth: up to 1 Gb/s for heavy-traffic networks
  • Monitor—bandwidth: up to 400 Mb/s
  • Monitor LE:bandwidth up to 100 Mb/s
  • Monitor LE—50: for monitoring small, remote office networks of 50 or fewer machines
  • Flow Monitor SE: for flow-based monitoring across larger networks and segments
  • Flow Monitor:for flow-based monitoring across smaller networks and segments

Note that each monitor is capable of performing its own analysis in a distributed manner, or you can aggregate the data to the McAfee Network UBA Control Center. A reporting appliance is also available for long-term data warehousing and compliance reporting.

System Requirements:

Note: The following are minimum system requirements only. Actual requirements will vary depending on the nature of your environment.

McAfee Network User Behavior Analysis (UBA) Monitor

Technical specifications

  • 1 Intel Xeon 5130, 2.00 GHz, 1,333 MHz, 4 MB cache, dual-core CPU (for Monitor SE, Flow Monitor SE, and Flow Monitor: 1 Xeon 5150, 2.66 GHz CPU)
  • Two 250 GB, 16 MB cache, 10K RPM SATA hard drives
  • 4 GB RAM

Physical data

  • Rack-mountable 1U device
  • Height: 1.7 inches
  • Width: 16.9 inches
  • Depth: 28.6 inches
  • Weight: 30 pounds

Environmental limits overview

  • Operating temperature: 10° C to 35° C / 50° F to 90° F (maximum change rate not to exceed 10° C per hour)
  • Non-operating temperature: -40° C to 70° C
  • Non-operating humidity: 90%, non-condensing at 28° C

Power and BTU specs

  • Max surge amps = 9.5
  • Max running amps = 8.5
  • Avg running amps = 6.25
  • Watts = 750
  • BTU/hr = 2,550

Safety compliance

  • UL60950 - CSA 60950 (USA/Canada)
  • EN60950 (Europe)
  • IE60950 (International)
  • CE - Low-voltage Directive 73/23/EEE (Europe)

Certification

  • Common Criteria EAL 3 Certified
  • U.S. Department of Defense accreditations for operating in SIPRNet, NIPRNet, and JWICS

Note: Technical information provided by Intel Corporation. Specifications subject to change at any time without prior notice.

McAfee Network User Behavior Analysis (UBA) Control Center

Technical specifications

  • 1 Intel Xeon 5150, 2.66 GHz, 1,333 MHz, 4 MB cache, dual-core CPU
  • Two 150 GB, 16 MB cache, 10K RPM SATA hard drives
  • 4 GB RAM

Physical data

  • Rack-mountable 1U device
  • Height: 1.7 inches
  • Width: 16.9 inches
  • Depth: 28.6 inches
  • Weight: 30 pounds

Environmental limits overview

  • Operating temperature: 10° C to 35° C / 50° F to 90° F (maximum change rate not to exceed 10° C per hour)
  • Non-operating temperature: -40° C to 70° C
  • Non-operating humidity: 90%, non-condensing at 28° C

Power and BTU specs

  • Max surge amps = 9.5
  • Max running amps = 8.5
  • Avg running amps = 6.25
  • Watts = 750
  • BTU/hr = 2,550

Safety compliance

  • UL60950 - CSA 60950 (USA/Canada)
  • EN60950 (Europe)
  • IE60950 (International)
  • CE - Low-voltage Directive 73/23/EEE (Europe)

Certification

  • Common Criteria EAL 3 Certified
  • U.S. Department of Defense accreditations for operating in SIPRNet, NIPRNet, and JWICS

Note: Technical information provided by Intel Corporation. Specifications subject to change at any time without prior notice.