McAfee unveils updated risk-management line

At Interop on Tuesday, McAfee unveiled the highest-speed intrusion-prevention system it has developed in its IntruShield line, as well as updated versions of its vulnerability-assessment, remediation and policy-auditor products.

The McAfee IntruShield 10 Gigabit Ethernet appliance, which supports both IPv4 and IPv6, is intended for use inside the network core and in data centers to detect and block attack and spyware traffic.

While it used to be more commonplace to deploy IPS/IDS at the Internet edge of the corporate network, today “70% of IntruShield deployments are in the core,” said John Vecchi, director of product marketing in McAfee’s network security solutions division.

McAfee’s 10Gpbs appliance will be on display at Interop this week and generally available in the second half of the year, Vecchi said.

McAfee also announced an updated version of the appliance-platform software used in its lower-speed IntruShield IPS models that range from 100Mbps to 2Gbps.

The McAfee IntruShield 4.1 platform has been updated to enable data-sharing with the McAfee ePolicy Orchestrator (ePO) management console, which can manage McAfee antivirus and other security software. In addition, IntruShield would be able to share data with the Foundstone vulnerability-assessment engine.

“We can now import the relevant threat data into IntruShield,” to give network managers using IntruShield a better picture of what attack traffic is the most pertinent to their IT environment, Vecchi said.

In addition, IntruShield 4.1 has been integrated with another McAfee's desktop agent-based network access control (NAC) software for enforcing security policy before granting network access.

With this “dynamic NAC” feature, Vecchi said, IntruShield will be able to quarantine computers for remediation in the post-admission control stage if the IPS detects infections, such as worms. “IntruShield will understand and quarantine that host,” Vecchi said.

In addition to the high-speed IPS, McAfee unveiled new versions of its Foundstone vulnerability-assessment scanner as well as its products it obtained through the acquisition of Citadel, the Remediation Manager product for automated antivirus and patch updates and Policy Auditor tool for automated audit of managed assets.

The McAfee Foundstone 6.0 scanner can import threat-assessment data from the McAfee ePO client software so that Foundstone can present the security manager with a risk score of the most vulnerable systems that may need to be patched or upgraded.

The McAfee Remediation Manager 4.5 software takes policy-validation information collected by the Policy Auditor 4.5 and third-party assessment tools to automate vulnerability management of desktops and servers. The updated version of Policy Auditor and Remediation Manager can be used with the ePO central-management console and McAfee NAC 6.0 to quarantine devices in accordance with set policies.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.