McAfee Unleashes 'Fastest Ever' 10GigE Network IPS

By Lisa Vaas  |  Posted 05-22-2007

At Interop on May 22 McAfee unveiled an IPS that cranks up to 10G bps—good enough to cover 10GigE Ethernet and next-generation IPv6 networks, the company said.

On an Interop day full of network security "we did it first's" (IBM said its newly announced 6G bps intrusion prevention appliance can clean service provider pipes of malware with "unsurpassed" throughput), McAfee said that its new IntruShield 10 Gigabit Ethernet platforms are the "first and only network Intrusion Prevention System appliances to deliver performance of up to 10G bps and the highest gigabit port-density available in the industry."

When asked whose claims to "fastest network IPS ever" people should believe, John Vecchi, McAfee's director of product marketing for network security solutions, said while sitting at McAfee's booth at the conference that not only is the 10G bps claim "very real," but also that the appliance was sitting a few feet from him, churning through packets at 10G bps, as advertised, without any packet drop, while having viruses and other scumware hurled at it nonstop.

"It's not just about speed," Vecchi said. "It's about security and performance. If you're going to go into a mission-critical environment, like 10GigE, you're going to have to make sure it provides not just performance but the security you've expected. We're still the first 10GigE [network IPS]. We're injecting it with loads and loads of threats. We're showing in real time how it blocks [them]. It's never, ever dropping packets. This isn't just broken mirrors. This is very real."

Vecchi said that the IntruShield M-Series is following the evolution of IPS technology, which has pushed in from the network perimeter toward the core over the past few years.

"It took a good position in the data center as well as in backbone and service provider networks," he said. "10gigabit Ethernet is growing 90 percent year over year today, according to IDC. It's the fastest-growing Ethernet technology today. However, until today, none of those networks have been protected. Not in real time."

Vecchi said that at this point, 70 percent of McAfee's appliances are deployed internally in a network as opposed to on the perimeter. The reasons for the migration is that at the network perimeter, an IPS can only block things coming into the network. What an IPS can't do out there is protect aggregation points and key segments where businesses have policies and ongoing, granular network activity.

"Now in a very highly virtualized environment, you're not protecting all those segments," Vecchi said. "You need an IPS that can provide that performance and have granular flexibility to provide protection to all the policies you have there. Deployed at the perimeter you can't really protect the data center. The internal of the network, that's where the mission-critical data is happening."

McAfee turns in ninth consecutive record-breaking quarter. Click here to read more.

McAfee is also talking up IntruShield 4.1's integration with other products in its security risk management portfolio, including McAfee Foundstone, McAfee Network Access Control and McAfee ePolicy Orchestrator.

Because of the integration with ePO, the new IntruShield appliances and IntruShield 4.1 feature real-time visibility of host details, host IPS attacks and spyware events. ePO works with IntruShield's behavior-based host quarantine and adaptive rate limit-ing/QoS to increase time-to-protection.

Integration between the new products and McAfee Foundstone provides real-time threat relevance and vulnerability details, on demand. Those technologies combine with IntruShield's integrated behavior-driven NAC and dynamic post-admission control.

The McAfee IntruShield 10 Gigabit Ethernet platforms will be available in the second half of 2007. McAfee IntruShield 4.1 will be available in May 2007. For more info, see McAfee's site.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.