McAfee Network Threat Response

Give security analysts a powerful forensic tool

Get deep visibility into the threat context inside your network. McAfee Network Threat Response can examine a series of packets to characterize an attack, discover malware payloads embedded inside PDF files, analyze payloads, and even recreate the series of packets that attempted to conceal the threat.

Characterize unknown threats

Find new network activity and new behaviors unique to your network, accelerating malware analysis and threat response. McAfee Network Threat Response focuses on identifying, collecting, reverse engineering, and labeling malware and bots. It provides real-time capture and analysis of malware and threats inside your network, and determines what occurs after the initial labeling or characterization of an attack.

Automate the response process

Reduce time spent sifting through thousands of threat alerts by viewing confirmed attacks. Using a unique embedded data-coupling process, McAfee Network Threat Response confirms the appearance of vulnerabilities and attempts to exploit. Only McAfee Network Threat Response dissects the threat in near real time to understand how an attack is entering the network, how it is operating, and how it is trying to spread. When Network Threat Response discovers both the location of vulnerability and a means to exploit it in the same stream, it confirms the attack.

Reduce the sensor-to-analyst ratio

Automate tedious manual examinations, enabling experienced security analysts to focus on new, abnormal, and unique network activity. By providing metadata signatures with built-in correlation elements, such as data coupling, McAfee Network Threat Response streamlines security event detection, validation, and reporting.

Get instant threat response

Identify malware using network exploits to move on your internal network. McAfee Network Threat Response captures malware for analysis and response. This stream-based solution rapidly decodes payloads, intercepts and downloads malware, and provides detailed analysis. It checks packet headers for abnormalities and can even replay the attack.

Block attacks with unique signature database

Trust a large signature database, as well as templates, to stop attacks. The SNORT-compatible malware signature database contains more than 18,800 signatures, and 200 new signatures are added each month. McAfee Network Threat Response helps create new signatures to block future attacks and you can even add your own SNORT-compatible signatures.

Integrate easily with McAfee network security solutions

Get complete protection against malware. McAfee Network Threat Response typically works in conjunction with an enforcement appliance like McAfee Network Security Platform or McAfee Firewall Enterprise. New malware is captured and sent to McAfee Artemis Technology to prevent further infection.

Deploy the CloudShield CS-4000 platform

Get the McAfee Network Threat Response sensor software that is available on the CloudShield CS-4000 platform for deployment in untrusted locations and managed from classified or trusted networks. Strong physical security features and encrypted management communications of the CloudShield CS-4000 ensures the integrity of every Network Threat Response sensor instance. The diskless CloudShield CS-4000 ensures that neither proprietary signatures nor software is present on the device when it ships or when power is not present. A single CloudShield CS-4000 delivers enhanced data plane scalability supporting up to 4 Gbps of scanned network traffic, ensuring no impact to network performance.

Streamline web-based management

Reduce overhead and save time with simple, centralized management. The McAfee Network Threat Response Control Center is a web-based management console that manages multiple Network Threat Response sensor appliances. Control Center is also installed on each sensor appliance for single-box evaluation.