As enterprise customers move from the private to the public cloud, they are looking for safety and uninterrupted coverage, but also multi-platform availability and inter-operativity with other products
The public cloud offers convenience, cost savings, and the opportunity to shift capital infrastructure spending to an operational expense model. But it also introduces a new level of risk, where a vulnerability in publicly-accessible software can enable an attacker to breach the cloud and infiltrate sensitive information, or accidentally expose customer data to other tenants using the same service.
The real world complicates matters further: the journey from the private cloud to the public cloud is often in stages: customers may use a combination of both (i.e. hybrid cloud). Futher, there are big changes happening in the Security Operation Center (SOC) in the multi-cloud environment, with automation increasing and many controls becoming virtual. Customers ask, “How do I respond? How do protect myself?”
A big part of the answer is Intrusion Detection and Prevention Systems (IDPS) software. By year-end 2020, 70% of new stand-alone IDPS placements will be cloud-based (public or private) or deployed for internal use cases, rather than the traditional placement behind a firewall.1
Another part of the equation usability. Customers need a cybersecurity product that works for their needs: their specific cloud vendor, their platform, and integration with their other cybersecurity solutions. Also, virtualized security solutions must be flexible and scalable, and, even more importantly, they must function seamlessly with software-defined networking platforms.
We believe that McAfee’s latest IDPS release – the McAfee® Network Security Platform (NSP) – has the answers to many of these questions. NSP discovers and blocks sophisticated threats in cloud architectures with accuracy and simplicity. It’s a complete network threat and intrusion prevention solution that protects systems and data wherever they reside across datacenter, cloud, and hybrid enterprise environments, utilizing multiple signature-less detection technologies.
It’s also important to remember that different customers use IDPS products in different ways. The latest NSP release allows customers to use the software in the way they want. For example:
Cloud Infrastructure Security: NSP (and Virtual Network Security Platform, or vNSP, designed specifically for the cloud) support both Azure and Amazon Web Services (AWS) — today’s leading public cloud services — delivering complete threat visibility of data going through an internet gateway and into east-west traffic. A customer can restore threat visibility and security compliance into public cloud architectures with a platform that delivers true east-west traffic inspection.
Decrypting SSL traffic with dynamic keys: Traditional decrypting technologies are ineffective with encrypted traffic using dynamic keys like the Elliptic Curve Diffe-Hellman Exchange (ECDHE) key, thus creating blind spots in network traffic. NSP now provides a unique solution2 for decrypting dynamic SSL keys like ECDHE (this is a first in the industry). This patent-pending solution scales with workloads delivering high performance.
Ease of Use: With NSP, users have greater control on the host. The console and enhanced graphical user interface put users in control of real-time data with a “single pane of glass,” delivering centralized, web-based management. NSP is the first and only IDPS solution to combine advanced threat prevention and application awareness into a single security decision engine, plugging infrastructure gaps. It’s also a distributed platform that is not performance-hogging.
Platform: vNSP supports AWS and Azure in public cloud workloads on both Windows and Linux.
Integration: NSP works with other McAfee products, as well as the Data Exchange Layer (DXL), which shares data with non-McAfee products.
Open Source Support: NSP supports SNORT, the open source community pushing out AV signatures.
Marketplace: Customers can now access vNSP on the AWS and Azure marketplaces. (available as Bring Your Own License [BYOL]).
Another question we hear from customer is about “machine learning,” which is an important part of the future of cybersecurity in a world of increasing threat complexity. McAfee’s NSP uses machine learning, employing self-learning systems from historical data, including data from other McAfee products, such as Advanced Threat Defense and Endpoint. This is part of the evolution into ML.
We believe it’s understandable why Gartner has placed McAfee in the Leaders quadrant in IDPS for the 11th year in a row.
Things are changing. The private and public cloud are dynamic. NSP finds common ground.
12018 Gartner Magic Quadrant for Intrusion Detection and Prevention Systems
2Available in NSP only (not vNSP).
Gartner Magic Quadrant for Intrusion Detection and Prevention Systems, Craig Lawson, Claudio Neiva, 10 January 2018. From 2014-17, McAfee was included as Intel Security (McAfee). Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.