McAfee Network Threat Response
McAfee Network Threat Response is a software package that captures, deconstructs, and analyzes malware that is resident inside your network today. Network Threat Response is a powerful cyber tool for security analysts. It automatically identifies malware targeting internal network vulnerabilities, and instantly captures and analyzes it to aid in rapid remediation and ongoing network defense.
Reveals what attackers don't want us to see
Network Threat Response combs through PDFs, Microsoft Office files, and all other network activities looking for attempts to hide or obscure malicious content. Network Threat Response is not limited to finding and alerting to the presence of obfuscation; it decodes the traffic, providing analysts with visibility into the attack that is not possible with any tools currently available.
Assembles puzzle pieces together
With the unique ability to uncover slow moving, persistent attacks, Network Threat Response identifies and accumulates portions of attacks that trickle in over time. No other malware product in the marketplace can piece together threat puzzles that sneak into networks at a snail’s pace.
Cuts analysis time down to minutes
Network Threat Response accelerates the complex analysis of captured data via its PCAP import capabilities. As the data is replayed through the advanced analysis engines, hidden traffic is decoded and key indicators are highlighted. As a result, a security or IT analyst has anchor points from which to start a pre-qualified investigation — shaving days off of analysis time.
Maximizes security staff effectiveness
A single Network Threat Response instance gives any security team the power of 20 analysts and reverse engineers without requiring a single hire. Unlike other security devices, which can generate thousands of events a day, analysts can review every event generated by Network Threat Response in minutes versus the hours, days, or weeks needed today.
High-performance, high-security platform
Customers seeking to lower the hardware maintenance and management costs associated with dedicated appliances can now deploy Network Threat Response on the scalable and multi-functional CloudShield CS-4000 platform. The CloudShield CS-4000 platform provides scalability, physical security, and secure communications to host products aimed at mitigating sophisticated threats. Network Threat Response on the CS-4000 platform provides security-conscious enterprises with a scalable, cyber-tough approach to finding and avoiding security breaches caused by advanced malware attacks.
Features & Benefits
Give security analysts a powerful forensic tool
Get deep visibility into the threat context inside your network. McAfee Network Threat Response can examine a series of packets to characterize an attack, discover malware payloads embedded inside PDF files, analyze payloads, and even recreate the series of packets that attempted to conceal the threat.
Characterize unknown threats
Find new network activity and new behaviors unique to your network, accelerating malware analysis and threat response. McAfee Network Threat Response focuses on identifying, collecting, reverse engineering, and labeling malware and bots. It provides real-time capture and analysis of malware and threats inside your network, and determines what occurs after the initial labeling or characterization of an attack.
Automate the response process
Reduce time spent sifting through thousands of threat alerts by viewing confirmed attacks. Using a unique embedded data-coupling process, McAfee Network Threat Response confirms the appearance of vulnerabilities and attempts to exploit. Only McAfee Network Threat Response dissects the threat in near real time to understand how an attack is entering the network, how it is operating, and how it is trying to spread. When Network Threat Response discovers both the location of vulnerability and a means to exploit it in the same stream, it confirms the attack.
Reduce the sensor-to-analyst ratio
Automate tedious manual examinations, enabling experienced security analysts to focus on new, abnormal, and unique network activity. By providing metadata signatures with built-in correlation elements, such as data coupling, McAfee Network Threat Response streamlines security event detection, validation, and reporting.
Get instant threat response
Identify malware using network exploits to move on your internal network. McAfee Network Threat Response captures malware for analysis and response. This stream-based solution rapidly decodes payloads, intercepts and downloads malware, and provides detailed analysis. It checks packet headers for abnormalities and can even replay the attack.
Block attacks with unique signature database
Trust a large signature database, as well as templates, to stop attacks. The SNORT-compatible malware signature database contains more than 18,800 signatures, and 200 new signatures are added each month. McAfee Network Threat Response helps create new signatures to block future attacks and you can even add your own SNORT-compatible signatures.
Integrate easily with McAfee network security solutions
Get complete protection against malware. McAfee Network Threat Response typically works in conjunction with an enforcement appliance like McAfee Network Security Platform or McAfee Firewall Enterprise. New malware is captured and sent to McAfee Artemis Technology to prevent further infection.
Deploy the CloudShield CS-4000 platform
Get the McAfee Network Threat Response sensor software that is available on the CloudShield CS-4000 platform for deployment in untrusted locations and managed from classified or trusted networks. Strong physical security features and encrypted management communications of the CloudShield CS-4000 ensures the integrity of every Network Threat Response sensor instance. The diskless CloudShield CS-4000 ensures that neither proprietary signatures nor software is present on the device when it ships or when power is not present. A single CloudShield CS-4000 delivers enhanced data plane scalability supporting up to 4 Gbps of scanned network traffic, ensuring no impact to network performance.
Streamline web-based management
Reduce overhead and save time with simple, centralized management. The McAfee Network Threat Response Control Center is a web-based management console that manages multiple Network Threat Response sensor appliances. Control Center is also installed on each sensor appliance for single-box evaluation.