Embed Size (px)
Citation preview
Data Sheet | McAfee Network Protection Solutions
McAfee IntruShield Security Manager ApplianceNext-generation intrusion prevention management appliance delivers advanced, simple security management for enterprises and service providers
The risks to organizations, enterprises, and service
providers continue to grow as the rising number
of new vulnerabilities—and the sophistication of
attacks that exploit those vulnerabilities—pose an
ever-increasing threat to your operation. The rise
and evolution of hybrid attacks that use multiple
techniques to attack your network infrastructure
means that your organization—no matter the size—
must constantly defend against these shifting threats.
The McAfee IntruShield IPS Solution
The McAfee® IntruShield® family of award-winning intrusion prevention system (IPS) appliances enables enterprises and service providers to reduce business risk by deploying the industry’s most comprehensive and proven network IPS solution. IntruShield’s purpose-built platforms proactively protect endpoints and critical network infrastructure from known, zero-day, Denial of Service (DoS), and encrypted attacks, as well as threats like spyware, Voice-over-IP (VoIP) vulnerabilities, botnets, malware, phishing, network worms, Trojans, and peer-to-peer applications.
McAfee backs the IntruShield portfolio of appliances—the largest dedicated security company and the most trusted name in the industry.
The IntruShield Security Manager Platform
The McAfee IntruShield Security Manager (ISM) is a powerful, hardened, rack-mountable appliance that provides comprehensive, scalable, real-time, always-on, policy-based management of IntruShield IPS sensors. A single, plug-and-play McAfee ISM appliance delivers centralized, web-based management of IntruShield appliances and policies. The state-of-the-art ISM console with its enhanced graphical user interface (GUI) puts IT administrators in control of real-time data to easily manage, configure, and monitor all IntruShield IPS appliances across widely distributed, mission-critical deployments.
The intuitive and easy-to-use, web-based ISM management interface controls anything from single device deployments up to large, distributed, enterprise-wide deployments. It delivers comprehensive and in-depth attack information, as well as highly customized graphical reports. Secure access to the ISM platform empowers remote management of a large number of sensors deployed throughout the enterprise network. In addition, the ISM platform delivers a host of award-winning, next-generation features, including preconfigured, default, inline IPS-blocking policies, flexible user-defined signature editing, global policy editing, virtual IPS, granular user access, and always-on management.
k Simple, granular security policy management
k All-new clean and simple user interface
k Easy-to-use, preconfigured policies
k Preset out-of-the-box default blocking
k Highly flexible and customizable reporting
k Automated, real-time threat security updates
k Virtual IPS and always-on management
“Management and control capabilities are outstanding, and provide extremely powerful and flexible means of controlling anything from a single device to a large, enterprise-wide deployment.”
—Bob Walder, president, The NSS Group NSS IPS Group Test, Edition 3
McAfee IntruShield Security Manager Global Edition
The McAfee ISM Global Edition appliance is an advanced version for managing IntruShield sensor deployments in large and distributed enterprise and service provider networks, and is suitable for global IPS deployments of up to 100 IntruShield appliances.
Data Sheet | McAfee Network Protection Solutions
McAfee IntruShield Security Manager
The McAfee ISM appliance is an advanced solution for managing IntruShield sensor deployments in small and medium-sized networks and enterprise branch offices, and is suitable for deployments of up to six IntruShield sensors.
Features and Benefits
Easy to use and manage
k New clean and simple user interface—Intuitive, easy-to-use design increases efficiencies and reduces administrative time by making it easy to set, configure, and manage appliances
k New centralized manager dashboard—Intuitive, centralized alert dashboard turns data into knowledge by providing three-second, real-time, “at-a-glance” summary of threat and system environment
k All-new, user-friendly “set-up wizard”—IntruShield Manager’s new user-friendly set-up wizard increases ease of installation by allowing simple, three-minute installation of new IPS sensors
k Simple, single-screen navigation—Smooth and simple single-screen navigation eliminates pop-up windows to streamline administration and maintenance
k Alert manager with ultra-easy event drill-down— Delivers efficient three-click navigation and drill-down to quickly and easily ascertain key actionable event data for increased visibility and response
k Automated alert notification—Provides security professionals with automatic alert notifications via email, PDA, and pagers. Notification can be tailored to reflect user-controlled alert severity or certain user-selected attacks
Comprehensive
k Intuitive web-based management—Easy-to-use, centralized, web-based platform provides secure, scalable remote management of enterprise-wide IPS deployments
k Comprehensive response management—A complete set of response actions, including user-defined responses and extensive notification capabilities, provides proactive attack notification and prevention
k IPS and internal firewall—Policy enforcement and internal system and network infrastructure threat protection through converged network IPS and internal firewall capabilities
k Automated alert notification—Automatic alert notifications via email, PDA, and pagers. Notifications can be tailored to reflect user-determined alert severity or certain user-selected attacks
Powerful, easy-to-use graphical management
Accurate
k Accurate intrusion intelligence—Forensic and reporting capabilities provide detailed, accurate, and reliable information related to intrusion identification, relevancy, direction, impact, and threat analysis
k Risk-aware intrusion prevention—Improves operational efficiencies by providing the ability to intelligently identify and block the most relevant alerts and attacks by importing and correlating risk assessment information from McAfee Foundstone,® as well as open-source vulnerability assessment (VA) systems, such as Nessus. Automatically identifies and highlights risk relevancy in ISM Alert Viewer, thereby enabling targeted, prioritized risk management
k Virtual IPS—IntruShield’s unique and flexible virtualization capability extends to both the IPS and the internal firewall providing support for up to 1,000 virtual sensors per IntruShield appliance, each with their own unique and highly granular security policy. Virtual policies can be applied to a set of network segments or an individual host
k Granular security policy management—Complete, granular policy management framework for implementing individualized security policies to suit the needs of different enterprise entities, business units, or geographical locations. Enables the accurate characterization of resources to be protected, which
Easy-to-Use InterfaceClean, simple and intuitive user interface
At-a-Glance DashboardCentralized at-a-glance threat and system Monitoring and control
User-Friendly Set-up WizardSimple three-minute sensor installization
Real-time Alert ManagerThree-click navigation to highly actionable alert and attack information
Data Sheet | McAfee Network Protection Solutions
increases accuracy of attack detection and reduces false positives
McAfee ISM’s comprehensive Alert Viewer
McAfee ISM provides detailed attack descriptions
IntruShield’s unprecedented virtual IPS
IntruShield’s risk-aware IPS provides prioritized risk relevancy
Scalable
k Out-of-the-box default blocking—IntruShield is preset for default IPS blocking, and comes preconfigured with a recommended for-blocking policy that provides accurate and proactive blocking for hundreds of attacks straight out of the box. Recommended for blocking signatures are updated continuously by McAfee to provide comprehensive protection against new threats
k Always-on management with disaster recovery—Provides uninterrupted, highly available management capabilities by providing active/standby management server technology. Automated failover and fail-back technology enables disaster recovery of critical configuration data in event of failure, while ensuring the continuity of critical network protection and supporting corporate disaster recovery policies
k Automated, real-time threat updates—Delivers real-time, automated, enterprise-wide signature updates without requiring sensor reboots. IntruShield Manager Scheduler can push new signatures and/or software to sensors as soon as the update is available, or at a scheduled time
k Role-based access control with integrated user authentication—Role-based access control empowers granular access to specific resources within an administrative domain. Integrated user authentication capabilities deliver administrative and user-management efficiencies, providing comprehensive authentication support to external databases, including Radius, LDAP, and TACAS
k IPS and internal firewall—Unprecedented policy enforcement, internal system, and network infrastructure threat protection through converged network IPS and internal firewall capabilities.
k Ease-of-deployment—The ISM Manager’s plug-and-play functionality installs in minutes for pain-free deployment
IntruShield
Switch
A(Finance)
B(Engineering)
C(Web Servers)
RouterA B
C
Data Sheet | McAfee Network Protection Solutions
k Enterprise interoperability—Provides interoperability with enterprise management and security information management (SIM) applications to reduce total cost of ownership. ISM platform supports alert forwarding via SNMP to enterprise network management applications, such as HP OpenView, IBM Tivoli, or CA Unicenter
McAfee ISM provides always-on management
McAfee ISM’s easy-to-read reports
McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com
McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive
of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2006 McAfee, Inc. All rights reserved. 1-nps-ism-001-0806
INTERNETPrimaryISM
Sensor
ManagementConsole
Confirmation andPolicies Transfer
SecondaryISM
Sensor Sensor
McAfee IntruShield Security Manager Specifications
McAfee IntruShield Security Manager McAfee IntruShield Security Manager Global Edition
Platform support Windows® 2003 Windows 2003
Database support MySQL MySQL
Number of IntruShield appliances supported Up to six Up to 100
Technical specifications
Form factor 1U 1U
CPU Dual Xeon, 2.8 GHz Dual Xeon, 2.8 GHz
RAM 2 GB 2 GB
GB SCSI drives Dual 146 GB Dual 146 GB
RAID controller Yes Yes
Disk space Dual 146 GB Dual 146 GB
Power Single AC Single AC
Dimensions 30” x 19” x 1.69” 30” x 19” x 1.69”
Client requirements Internet Explorer v6.0 Internet Explorer v6.0
