We recently made the decision to provide ALL of our new and existing McAfee Network Security Platform customers with a virtual, production-ready instance of McAfee Network Threat Behavior Analysis (NTBA). For those already familiar with NTBA, this makes a ton of sense. For those of you that aren’t, allow me to explain…
McAfee Network Threat Behavior Analysis (NTBA) is the perfect complement to Network IPS. Whereas traditional IPS makes inline assessments of what is happening on the network right now, NTBA provides a historical view of threat behavior over the course of days, weeks, or even months. By trending application flow information (I.e. netflow, url, file, ftp, smtp etc.), NTBA can positively identify previously undetected threats and facilitate faster event resolution. It is fully integrated with both McAfee Network Security Manager and McAfee GTI; and it provides both security and network visibility down to application level.
NTBA sits passively in the network and you can connect it directly to a monitoring port of your NSP, so deployment is very straightforward. You can also use it in network segments where you don’t have an IPS by pulling netflow data from routers and switches. This virtual instance of McAfee Network Threat Behavior Analysis is available at no extra cost to McAfee Network Security Platform customers; every McAfee Network Security Manager comes with a single virtual instance of NTBA, downloadable from the McAfee download site. If you have 5 Network Security Managers in your network, then you’re entitled to 5 virtual NTBA appliances.
And NO hidden tricks either:
- Fully functional, no feature restrictions
- You can run in 3 different configurations (2core/6GB, 4core/8GB, 8core/16GB) for capacity 6k flows/s to 25k flows/s.
- No restrictions on routers/switches exporting netflow data.
The only restriction is that a maximum of 2 Network Security Platform exporters can send flow data to NTBA.
Considering the fact that some existing netflow analysis tools with similar throughput capacity (25k flows/sec) can go for upwards of $100K, this represents a significant value to McAfee Network Security Platform customers. But don’t just take our word for it. Please download your entitled copy today and let us know what you think in the comments below or with @IntelSec_Biz on Twitter.
Download location (requires grant ID to log in):