McAfee Next Generation

Firewall
and the Security Connected Ecosystem
Speaker Name | Title
.

Organizational Security Concerns

Executives/CISOs

Network Operations

Security Operations

Business Continuity
Security must scale easily
and not impede productivity.
Optimize IT Spend
Reduce Capex/Opex to free
up other resources.
Visibility & Compliance
Pass security audits on time
to avoid penalties.

Availability & Scalability

Minimize network downtime
and add capacity easily.
Performance
Maximize network uptime,
throughput and user
satisfaction.
Centralized Management
Simplify control of IT
infrastructure.

Advanced Threats
Fast blocking of malware,
zero-day attacks and AETs.
Data Exfiltration
Detect and block attempts to
steal sensitive information.
Analysis & Reporting
Simplify policy management,
workflows and forensics.

Executive/CISO Benefits
Cost-effective security that scales easily with your business

Business Continuity
Unified Software
Core provides value,
flexibility and
scalability to grow with
your business.

Optimize IT Spend
Advanced Security
and Connectivity
features included to
provide value and
simplify licensing.

Visibility & Compliance

McAfee Security
Management Center
enables centralized
collection and rapid
correlation of logs and
data, providing a clear
audit trail.
.

Business Continuity
Unified Software Core provides flexibility and scalability to support growth plans

McAfee NGFW Unified Software Core

Physical
Virtual
Software

FW/VPN

IPS

L2FW

McAfee Security Management Center (SMC)

different functional
roles and deployment
options

Singl
e
pane-of-glass

Optimize IT Spend
High-value features included with standard license

Business
Security Simplified
Continuity
Evasion Prevention
Licensing Native Active-Active
Antivirus & Anti-Spam
MaintenanceClustering
IPsec & SSL VPN
Application Control
Support
&
Multi-Link &
User ID
Augmented VPN
IPS
Built-in Routing
Anti-Botnet
Support
Stateful Inspection

Visibility & Compliance

Streamlined auditing and reporting

Built-in templates enable

fast creation of

Executive
Summary
Reports.
.

Business Value
Survey and analysis by IDC
Investments
Year 0

Benefits

Year 1

Cumulated Benefits

Year 2

Year 3

Year 4

Year 5

$120,000

$109674

$100,000
$84662

$80,000
$60260

$60,000
$36347

$40,000
$20920
$12825

$20,000
$-

$25970

$26361

$26850

$27460

$(5647)
$(5647)
$(2448)
$-

$(2448)

$(2448)

$(2448)

McAfee NGFW customer

benefits:
$109,674 cumulative
benefit realized over 5
years
6 month payback period
84% improvement in
event response time
94% decrease in security
related downtime
30% reduction in
infrastructure costs

$(2448)

-$20,000
IDC Report: Calculating the Business Value of Next Generation Firewall, October 2014
.

McAfee products
consistently outpace
their competition in
cost, market presence,
technology, and
technical support.
Romeo Siquijor, CISO
Cemex

Network Operations Benefits

High-availability, performance and centralized management

Availability &
Scalability
Active-Active
Clustering and
Multi-Link provide
network resiliency for
uninterrupted
operations.

Performance
Unified Software
Core and Clustering
accelerate resourceintensive security
functions.

Centralized
Management
McAfee Security
Management Center
provides simple,
centralized control of
large distributed
environments.
.

Availability & Scalability

Native active-active clustering
A single cluster can
support:

Different firmware versions

Different appliance models

and software on COTS
hardware

Updates

Node 1: NGF-3206

Up to 16 active-active nodes
cluster, only with McAfee

v5.7

Operational benefits:

Seamless updates with no

scheduled downtime

Fully transparent failover

practically eliminates
unscheduled downtime

99.999% uptime

v5.8

Node 2: NGF-1402 Node 3: Software

McAfee Next
Generation
Firewall Cluster

v5.6
Node 4: NGF-325

Node 5: Software

10

I can update a Next

Generation Firewall
cluster without dropping
a single packet.
McAfee Customer

11

Availability & Scalability

Network resiliency and cost savings
ISP 1

3/4G

ISP 2
ISP N

Multi-Link
IPsec VPN

Cable

DSL 1
DSL 2
MPLS

Regular
Traffic &
Back-up
links
Critical
Traffic

Multi-Link
Business Continuity
Transparent failover
Load-balancing
or back-up links
Security
.

12

Performance AND Security

Unified Software Core accelerates all security functions

0%
Firewall Performance Degradation
-20%
-40%

-1%

-8%

-16%

-35%

-60%
-80%

-70%

-100%
McAfee NGFW 5206

-87%

Industry Average

McAfee NGFW throughput is not

significantly impacted by
activating resource-intensive
security features such as:
Deep packet inspection
Antivirus
Application control
Other products tested exhibited
from 35% to 87% performance
degradation.

Throughput and Scalability Report McAfee NGFW 5206, Miercom, October 2014
.

13

A four-node cluster can

boost throughput up to
370 percent.
Miercom, 2014

14

Reducing Operating Costs

Top organizational objective

Operating Costs

Reduce support
overhead
requirements

How?

Today

Efficient use of resources

Fast reaction time to
events
Avoidance of downtime
Accuracy no mistakes

Future

State of Network Study, Network World 2014

.

15

Centralized Management
McAfee Security Management Center (SMC)
McAfee
Security
Management
Center

MSSP

Enabling Advanced
Security
Rich context policies
Flexible admin roles
MSSP capabilities

Distant Sites

SIEM

Resource Optimization

Efficiency workflows
Plug-and-play deployment
Scheduled and automated
tasks

Situational Awareness

Data visualizations
Built-in log investigation
tools
SIEM integration
.

16

Centralized Management
Simple and efficient policy management

Hierarchical
Policies

Global Policy
Templates

Policies
Main policy can Share policies
automatically
populate
between
follow template sub-policies
firewalls
changes

17

Centralized Management
Plug-and-play deployment for fast and easy remote site rollouts
McAfee Installation
Cloud
Initial configuration
pushed from the cloud

Initial configuration
uploaded

New York

Paris

London

Call home and

download policies
Manages, updates
& upgrades

McAfee Security
Management Center

Tokyo

San Francisco

Sao Paolo

Cut deployment time

from
days or week to

Minut
es

McAfee Next
Generation Firewalls
.

18

Higher IT Staff Productivity

Freeing up assets for innovation while decreasing costs
IT Staff Time Allocation
Before McAfee NGFW

Projected without McAfee NGFW

After McAfee NGFW

100%
18%

25%

42%

75%

50%
82%

75%

58%

25%

0%
Keeping the lights on

Contributing to innovation

Source: IDC, 2014

.

19

McAfee Next Generation

Firewall does 99% of our
network configuration,
reducing what used to
take hours to minutes.
Julian Dyer, CTO
Cobweb

20

Security Operations Benefits

Advanced threat prevention and efficient analysis tools

Advanced Threats
Security Connected
and McAfee NGFW
collaborate in real-time
across multiple
security solutions to
block zero-day attacks,
morphing malware,
and AETs.

Data Exfiltration
Application Layer
Exfiltration
Protection leverages
endpoint intelligence to
block endpoint-driven
data breach attacks at
the network level.

Analysis & Reporting

McAfee Security
Management Center
enables centralized
collection and rapid
correlation of data,
providing a clear audit
trail.
.

21

Challenges Faced by Security Professionals

Black Hat Conference Survey
Other; 3%
Remediation; 9%

Timely response; 11%

Detection; 35%

False positives; 20%

Protection; 22%

Detection
&
Protection

are the biggest challenges.

McAfee poll of Black Hat 2014 conference attendees

.

22

Advanced Threat Protection

Defend your networks and sensitive information against targeted attacks

Security Connected
Ecosystem
Comprehensive Threat
Intelligence
Local and global sources,
200+ partners

Full Stack
Normalization
AET Prevention
Blocks over 800 Million
evasive attacks

McAfee ATD Integration

Block Zero-Day Attacks
Dynamic and static code
analysis

23

Security Connected Ecosystem

Comprehensive threat intelligence
McAfee Global
Threat
Intelligence

Global
Reputation

Endpoint
Intelligence

SIEM
Integration

McAfee Endpoint
Intelligence Agent

Endpoint
Management

McAfee Enterprise
Security Manager

Sandbox
Analysis

McAfee Next
Generation
Firewall

ePolicy
Orchestrator

Policy Enforcement &

Centralized
Management

McAfee Advanced
Threat Defense

24

Security Connected Ecosystem

McAfee Enterprise Security Manager (McAfee ESM) integration

Detect anomalies:

Unusual user behavior

Suspicious network activity spikes
Anomalous communication patterns

Sum events and

track averages

Alerts based
on deviations

Rapid
Respons
e
to alerts and unusual
patterns
on your network.
.

25

Security Connected Ecosystem

McAfee Advanced Threat Defense (McAfee ATD) integration

Dynamic
File
Analysis

Run Time DLLs

Network Operations
File Operations
Process Operations
Delayed Execution

Static
Code
Analysis
Unpacking
Disassembly of Code
Calculate Latent Code
Familial Resemblance

Accurate
Discover
y
&
Alerting
of zero-day threats.
.

26

Security Connected Ecosystem

McAfee ePolicy Orchestrator (McAfee ePO) integration
McAfee Security
Management
Center

Security
Operations

ePolicy
Orchestrator

Direct links to drill

into endpoint log
events:
IP addresses
Ports
Login
credentials

Endpoints

Discover
&
Take
Action
on suspicious endpoint
behaviors.
.

27

Advanced Evasion Prevention

Discover and block advanced evasion techniques (AETs)
Hiddenfor
Partial Complete visibility
accurate continuous
inspection
Threats
Inspection

What is an AET?

Why are AETs

successful?

Other vendors use narrow or

vertical traffic inspection
windows to improve
performance, allowing threats
How
to block
AETs?
to remain
hidden.
Only full-stack
normalization enables
accurate continuous traffic
inspection.

L.1

McAfee Next
Generation Firewall

L.2
L.3

OSI
Layers

AETs deliver threats

piecemeal across different or
unexpected network layers or
protocols for future
reassembly.

L.4

L.5
L.6
L.7

Packet flow

28

Only McAfee Next

Generation Firewall is
tested against over 800
Million Advanced
Evasion Techniques.

29

Application Layer Exfiltration Protection

Blocks data breach attacks initiated from endpoints
Credit Card
Data
McAfee EIA
POSPOS
Rogue
Application
Application

Anomaly detected
& connection blocked

Highly
Granula
r
Control

POS
Application

Vendor
McAfeeXNGFW
NGFW

POS
Application

Point of
Sales
Terminals

Internet

User: Bill
Group: Cashiers
Connection: HTTPS
Process: POSX.exe
Compares packet
information to policy

of endpoint
applications and
connections.
.

30

Analysis & Reporting

Quick and comprehensive analysis of a large amounts of data

Multiple options for

Fast &
Simple
Drill-Down
and navigation.

31

McAfee Next Generation

Firewall not only
complies with regulatory
guidelines but also
protects our networks in
all their different
configurations.
Fabien Drevet,
Network Unit Manager
France Ministry of Education

32

Summary
The best choice for your business
McAfee Next Generation Firewall provides

Advanced Protection
for critical assets while delivering
http://mcafee.com/ngfw
Proven Business
Value
across organization roles.

Executives/CISOs

Network Operations

Security Operations

Business Continuity
Optimize IT Spend
Visibility & Compliance

Availability & Scalability

Performance
Centralized Management

Advanced Threats
Data Exfiltration
Analysis & Reporting
.

33

34