McAfee Network Security Platform v6.0
Strengths: Nice IDS/IPS features, easy to deploy, configure and manage.
Weaknesses: As a standalone IDS/IPS, relies mostly on signature- and rule-based protection.
Verdict: Good solution for adding IDS/IPS to a layered security architecture. Strong offering if deployed with other NSP components.
SummaryMcAfee Network Security Platform (NSP) v6.0 provides threat protection for demanding networks. This network intrusion prevention system delivers inline threat prevention and detection capabilities through a combination of protocol discovery and analysis, heuristics, behavior analysis and cloud-based reputation feeds. The offering is delivered on a purpose-built appliance platform. The sensor is a content-processing appliance built for accurate detection and prevention of intrusions, misuse and distributed denial-of-service (DDoS) attacks. The platform is managed with McAfee Network Security Manager, which is part of the NSP integrated security offering that also includes network access control, network threat behavior analysis and full integration with McAfee endpoint solutions. We evaluated the intrusion detection/intrusion prevention component with the network security manager as the management platform.
The solution provided to us included the IDS/IPS sensor and a preconfigured Windows server loaded with the Network Security Manager. We had the server set up and talking to the sensor in no time. There are default policies that come as part of the base setup that provide basic protections. The device examines the header and data portion of every network packet, looking for patterns and behavior in the network traffic that indicate malicious activity.
Creating policy and managing the sensors is done through a web-based user interface. We really liked the threat analyzer capabilities. This feature discovers hosts on the network and creates a nice map showing security events that violate configured policies.
McAfee Network Security Platform models range from 100Mbps throughput to 10Gbps-plus. List prices range from $10,995 for the M-1250 (100 Mbps) model to $229,995.
Support is provided at a cost of 20 percent of the price of the solution. Several upgraded support offerings are available.