Customers have myriad challenges facing them, and the last thing they have time do to is validate vendor claims. Do their security purchases, past or present, stand up to independent scrutiny?  Most vendors will focus on a key value of their product which can often be difficult to prove or disprove.  Security efficacy and accuracy, however, can be demonstrated through rigorous independent testing, and can have dramatic effects on future budgets.  They can also immediate open up opportunities for our partners demonstrate their leadership in knowing that their vendors are up to the task.

Recently, NSS Labs conducted an independent verification on vendor claims of IPS accuracy and performance.  While some performed well, others did not.  In fact, certain vendors, like TippingPoint, performed so poorly that it calls into their question their dedication to the art and science of security itself.

According to an interview by Techworld with NSS Labs’ President Rick Moy, partners and customers should be more cautious than ever in placing their faith in companies who have questionable security efficacy.  “This iffy security performance contrasts with similar IPS products the company recently tested from McAfee and IBM, which both scored “in the 95 percent range” when pitted against the same family of exploits, said NSS Labs’ Rick Moy. “

Looking deeper into the results of NSS Labs’ tests, we find that TippingPoint caught less than 40% of attacks.  The resulting security, compliance, and privacy implications for their customers are certainly called into question.   According to the report summary, “the security effectiveness of the TippingPoint 10 was subpar, catching only 247 of 622 exploits (39.7%).”

Network World has also reported on this test, and tests in general.  They reported that “In a test series of 209 exploits run against it, the IPS did not score particularly well, detecting only 82 of them.”

Outstanding questions remain.  How will TippingPoint’s former claims of accuracy hold up to this scrutiny?  What are the implications for customers who think they are protected now, but may be exposed according to this test?  How do TippingPoint partners respond to this report when customers inevitably ask about it?

The McAfee Network Security Platform is entering a new phase of its evolution. 

1. Fastest – We’ve recently released the M-series, which scales Intrusion Prevention from 100Mbps to over 10Gbps. 
2. Most Accurate – NSS Labs has awarded the M-8000 NSS Gold Certification for accuracy. 
3. General Leader – Gartner has placed us in the Leader’s quadrant for the 5th year.  It’s time to build on that success and truly redefine the space

It’s time to shake things up a bit.  We’re working on a host of new features in an upcoming release, and we’re looking to you to help us make the best product in the world even better.  In the coming months, McAfee plans to release groundbreaking new technology to help us get even farther ahead of the threat, with more visibility across the enterprise, based on feedback from our customers.  Some of the new features include:

- Targeted attack signatures developed by the opensource community (SNORT format)
- Day-0 malware protections with McAfee Artemis Technology
- Flow-based network threat analysis

Those who are familiar with the NSP know that we achieved 100% detection accuracy by focusing on protocol analysis and system vulnerabilities, across all layers of the stack, and integrating in features like Denial of Service protection, exploit detection, and comprehensive anti-evasion techniques.  You’re also probably familiar with McAfee Avert Labs, whose 350+ researchers focus on vulnerabilities and ways to protect our customers from them.

We need your help in making the world’s most secure IPS even better.  If you’re in the federal government sector, and are responsible for deploying IPS in your organization, we want to hear from you.  Send an e-mail to nsp-beta@mcafee.com or contact your sales representative to get started in the McAfee Network Security Platform beta program.

Rees

Disclaimer: The information contained in this document is for informational purposes only and should not be deemed an offer by McAfee or create an obligation on McAfee. McAfee reserves the right to discontinue products at any time, add or subtract features or functionality, or modify its products, at its sole discretion, without notice and without incurring further obligations.

Hi all!

I hope the winter weather isn’t keeping you inside too much. But just in case it is, here is something you should read, NSS recently published an IPS report that within days had over 3400 downloads.

Why is there so much interest? Unlike other “independent” testing facilities who essentially test to a vendor’s specifications using only very controlled parameters, NSS tests to their own specifications, and every vendor is subject to the same test methodology. They are considered the gold standard for independent security testing, and are relied upon by IT administrators worldwide evaluating network intrusion prevention systems.

We submitted our M-8000 – McAfee’s 10Gbps Network IPS – for NSS for certification. The results were astounding for two reasons:

1. Performance – Under real traffic conditions, the M-8000 easily surpassed the 10Gbps mark. You should embrace solutions that grow with your increasing network demands without having to incur the cost of buying several systems fronted by a load balancer and subsequently having to increase your associated operational costs.

2. Security – we achieved an unprecedented 99.4% accuracy rating with no false positives. You shouldn’t have to spend time trying to figure out if an attack is real or not and if the IPS system was able to stop it, resources are too precious in these economic times.

No other vendor has come close, in either metric. Bottom line is during tough economic times, both of these metrics help ensure you, our customers, have the most economic solution. We know that 70-80% of IT costs are related to operating and maintaining your systems. We hope that our unmatched performance and accuracy will help you be more efficient as an IT organization.

To get a copy of the report, download the PDF from the site. We also did a press release that might give you some additional context.

Rees

Companies today realize that they need more than just good security controls. They must also address compliance with internal security policies and industry regulations. A combination of good security functions and compliance management improves security operations efficiency and maturity. Enterprises can simplify compliance by using a single management console to audit, verify and report on regulatory compliance and internal security policy requirements, to ensure all endpoints are in compliance.

To minimize vulnerabilities companies must integrate all aspects of endpoint security into a single view. They must be able to see how their anti-virus, anti-spyware, anti-spam, Web security, desktop firewall, intrusion prevention, and network access control (NAC) and policy auditing products are working together. Only by doing so, can they can lower management costs, improve visibility and protect their investments.

Enterprises don’t need to start all over when threats evolve and their infrastructure changes.  They need a flexible architecture that grows with their organization and protects them now against business interruptions, zero-day attacks and new exploits.  Recently, McAfee introduced its Total Protection for Endpoint product (formerly Total Protection for Enterprise) to help them meet these challenges.

Finally, they must educate employees on dangers of Internet and inform end users of security threats by detecting and blocking risky Web sites.

Combining security functions with compliance management can help enterprises reduce costs, improve visibility, protect their investment and provide greater control.

We’ve seen an evolution from mass-mailing viruses to more targeted attacks and threats targeting OS vulnerabilities moving to attacks against applications. We’ve seen growth in attacks targeting systems that contain valuable data, including mission-critical enterprise applications sitting in virtual environments, SAP solution-based environments and storage systems.  Companies must take these threats seriously and look for solutions that are purpose-built to protect these environments.

Virtualization is being widely deployed in enterprise environments. Enhanced security is as important in a virtual environment as it is in a physical one. Industry research indicates that there are as many as five offline virtual images for every one online image. Offline virtual images could become unpatched and out-of-date while they are inactive, therefore customers need products that automatically update and patch these offline virtual images periodically so they no longer pose a security risk.

SAP customers also need an enterprise-class security solution to secure mission-critical functions within an organization, such as human resources. For example, candidate resumes are often submitted and entered via a company Web site directly into the SAP database. These resumes could be malicious and potentially compromise the SAP solution-based environment along with the sensitive mission-critical data.

Storage has also come under increasing attacks from viruses, worms, Trojans, spyware, botnets and rootkits. Infected files must be scanned and cleaned before they ever reach the storage device. Real-time scanning for all types of files avoids propagation of infections to other parts of the environment.

We’re in a new era of attacks, demanding new solutions from security vendors.  At McAfee we’re committed to protecting environments against these new kind of attacks and continuing to stay one step ahead of the bad guys.