Overview

The McAfee NTBA Appliance is a feature-rich, non-intrusive solution for monitoring network traffic by analyzing flow information flowing through network in real time. The NTBA Appliance complements the IPS capabilities in a scenario where Network Security Platform IPS Sensors and NTBA Appliances are installed and managed through the McAfee® Network Security Manager (Manager).

Real-time monitoring of network reduces the time needed to solve network-related problems and helps in identifying threats. Questions as to why our network is slow, which application has the maximum download impact, are easily answered in a network that is monitored by the NTBA Appliance.

The NTBA Appliance gathers flow information from across users, applications, endpoints, network devices, and stores them in an embedded database. You can see real-time data and a moving profile of applications, endpoints, zones, and interface traffic. The NTBA Appliance provides a graphic configurable real-time view of the network traffic.

Threat-related events such as endpoint scans, port scans, worm attacks, new service / application, new endpoint, suspicious connection, DoS, P2P, and spambots can be tracked based on user-defined policies. All this information is coalesced in the Attack Log of the Manager that can be drilled down for detailed information.

The NTBA Appliance does effective malware monitoring by detecting unauthorized reconnaissance scanning of any infected laptops in the system that can spread worm traffic. It also detects unauthorized applications, rogue web servers, and peer-to-peer applications.