Integration with McAfee Advanced Threat Defense

Over the years, malware has evolved into a sophisticated tool for malicious activities such as stealing valuable information, accessing your computer resources without your knowledge, and for disrupting business operations. At the same time, technological advancement provides limitless options to deliver malicious files to unsuspecting users. Hundreds of thousands of new malware variants every day make the job of malware detection even more complex. Traditional anti-malware techniques are no longer sufficient to protect your network.

McAfee's response to this challenge is the McAfee Advanced Threat Defense solution. This is an on-premise appliance that facilitates detection and prevention of malware. McAfee Advanced Threat Defense provides protection from known, near-zero day, and zero-day malware without compromising on the quality of service to your network users.

The McAfee Advanced Threat Defense solution primarily consists of the McAfee Advanced Threat Defense appliance and its pre-installed software. The McAfee Advanced Threat Defense appliance is available in two models. The low-end model is the ATD-3000. The high-end model is the ATD-6000. You can deploy McAfee Advanced Threat Defense as a stand-alone appliance or integrate it with some of the other McAfee products. For complete information on McAfee Advanced Threat Defense, see the McAfee Advanced Threat Defense Product Guide.

McAfee Advanced Threat Defense has the added advantage of being an integrated solution. In addition to its own multi-level threat detection capabilities, its ability to seamlessly integrate with other McAfee security products, protects your network against malware and other Advanced Persistent Threats (APTs).

You can integrate McAfee Advanced Threat Defense with Network Security Platform. After you integrate, both the Sensor and the Manager communicate with McAfee Advanced Threat Defense separately to augment your defense against malware.

Outline of how this integration works— Based on how you have configured the corresponding Advanced Malware policy, the IPS Sensor detects a file download and sends a copy of the file to McAfee Advanced Threat Defense for analysis. If McAfee Advanced Threat Defense detects the file to be a malware immediately, the Sensor can block the download. The Manager displays the results of the analysis from McAfee Advanced Threat Defense.

If McAfee Advanced Threat Defense requires more time for analysis, the Sensor allows the file to be downloaded. If McAfee Advanced Threat Defense detects a malware after the file has been downloaded, it informs Network Security Platform, and you can use the Sensor to quarantine the host until it is cleaned and remediated. You can configure the Manager to update all the Sensors about this malicious file. Therefore, if that file is downloaded again anywhere in your network, your Sensors might be able to block it.

Note: The Sensor that is integrated with McAfee Advanced Threat Defense can be deployed in inline, tap, or SPAN mode. However, similar to other malware engines, response actions such as Block and Send TCP Reset might not have the desired effect since the file might have reached the target host.