Network Associates is setting the table to make a run at fellow large-scale security vendors by marrying intrusion detection systems to intrusion prevention systems.
On Monday, Network Associates will unveil McAfee IntruShield 1200. Coming under Network Associates' wing via its Intruvert Networks Inc. acquisition, the rebranded McAfee appliance will extend bundled IDS (intrusion detection systems) and IPS (intrusion prevention systems) to branch offices and midsize networks.
Many customers are becoming increasingly concerned that those areas could prove vulnerable to hackers who could create a back door to the network or datacenter, said Raj Dhingra, vice president of marketing for McAfee in Santa Clara, Calif.
"By integrating signature, anomaly, and DoS (denial of service) protection, we've reduced false positives, built products that could scale up to 2Gbps, and deployed products inline at wire speed, and not worried about dropping packets," Dhingra said.
Due in mid-August, the McAfee IntruShield box features Web-based monitoring, two 10/100 detection ports, and port clustering or inline mode options. Inline mode can be switched on instantly to stop threats in real time, he added.
The proliferation of blended threats aimed at networks is forcing security vendors to include proactive technology in their products in favor of traditional reactive detection models.
With Cisco Systems Inc., Symantec Corp., and Internet Security Systems Inc., through its new Proventia appliance series making an IPS charge, Network Associates is repackaging its technology away from IDS to build trust to jumpstart inline implementations, said Andrew Braunberg, senior analyst for Sterling, Va.-based Current Analysis Inc.
Braunberg cautioned, however, that IPS is a tough beast to wrestle, and should be achieved with extreme care and not at the expense of IDS.
"I think sometimes users have to be careful what they ask for," Braunberg said. "Even though IDS has some knocks -- and rightfully so for some false positive issues -- the protection can cause some troubles, too, if you start blocking traffic you shouldn't be."