Testing Conducted by Leading Independent Test Lab and Based on New End-User
Focused IPS Methodology
Market and Technology-Leading IntruShield Delivers Outstanding Accuracy and
Coverage for Zero-Day Attacks and Evasions
RSA CONFERENCE, SAN FRANCISCO, Feb. 14 /PRNewswire-FirstCall/ -- McAfee,
Inc. (NYSE: MFE), the pioneer and worldwide leader of intrusion prevention
solutions, today announced that McAfee IntruShield has been recognized as the
intrusion prevention solution (IPS) to achieve the highest accuracy in
detecting and blocking both zero-day and known attacks in a head-to-head test
against 3Com (formerly Tipping Point), conducted by Miercom, an independent
networking, security and communications product testing organization. Miercom
tested McAfee's IntruShield 4010 against TippingPoint's UnityOne-2400, which
represents the latest in a series of third-party competitive tests won by the
McAfee IntruShield product family. This recent win is based on a new
evaluation methodology developed by Miercom that was designed with end-users
in mind, applying a set of criteria based on real-world environments.
With over a dozen awards to its credit against every notable IPS vendor on
the market since its introduction in 2002, McAfee IntruShield significantly
outperformed the competition in testing based on this new Miercom methodology.
The methodology, which covers five key areas -- architecture, accuracy and
coverage, performance, manageability/flexibility, and ease of use, provides a
blueprint for evaluating systems on the market and defining an organization's
infrastructure security requirements.
According to the test results, only McAfee IntruShield, of the two leading
IPSs tested, was able to successfully protect against zero-day, known and
modified Miercom attacks with 100% accuracy. The 3Com UnityOne product was
only able to block approximately 56% of the same attacks and provided
protection for only 15% of the zero-day and modified attacks tested. In
addition, in False Positive testing, IntruShield blocked no legitimate
traffic, while UnityOne incorrectly identified attacks and blocked legitimate
traffic in 60% of the cases, when all UnityOne attack signatures were turned
on, Miercom tested.
"The McAfee IntruShield product portfolio is the only IPS Miercom has so
far tested that provides accurate and comprehensive protection against zero-
day and known attacks. IntruShield consistently outperformed the competition
in our head-to-head testing," said Edwin E. Mier, president of Miercom.
"Testing against the new Miercom methodology, based on the principles of
addressing end-user concerns and needs in an intrusion prevention solution is
the best way to accurately assess in-line IPS products, and to date only
McAfee has proven its ability to provide comprehensive protection."
The test addressed areas that an IPS is intended to deliver, which is
security and threat prevention for networks and other system infrastructure.
Highlights of McAfee IntruShield's performance results relative to the major
Miercom test criteria include:
* Architecture: IntruShield earned excellent scores with architecture that
performs stateful inspection and through protocol analysis coupled with
integrating a variety of detection methods for broad protection, including
signature, application/protocol/statistical anomaly, advanced shell code
detection algorithms and DoS/DDoS.
* Accuracy and Coverage: IntruShield delivered outstanding accuracy and
coverage against a broad range of attacks, and delivered 100% protection
across all attack categories, including zero-day attacks, modified attacks,
known attacks and evasion attempts.
* Performance: McAfee IntruShield's purpose-built appliance delivered
excellent performance and wire-speed-throughput at up to 2 Gbps, while
demonstrating a switch-like latency even at maximum traffic loads and heavy
attack conditions.
* Manageability & Flexibility: IntruShield's plug-n-play default-blocking
policy proved effective against both known and zero-day attacks and evasions,
while virtualization feature offered outstanding flexibility by defining up to
1,000 virtual sensors per physical device, each with its own granular policy
based on CIDR block, VLAN tags, or physical interfaces.
* Ease of Use: IntruShield provided ease-of-use to meet the needs of
small and mid-size customers while meeting the ease-of-customization needs
demanded by enterprise customers-including alerting, reporting, forensic
analysis and policy management.
The test brings to focus that partial success in threat prevention equates
to only partial protection. Most IPS solutions on the market today are able to
only protect from previously known threats, but cannot prevent new, zero-day
attacks or modified existing attacks, which is increasingly the direction of
new, more sophisticated attack scenarios. Typical IPS solutions are
architected to block attacks by creating signatures of already known attacks
and providing a software or hardware product that identifies these known
attacks through a process of signature matching.
"McAfee IntruShield is consistently recognized and applauded for its
superior ability to thwart both zero-day and known attacks. As a leader in
security testing and analysis, Miercom continues to validate McAfee's
commitment to delivering best-of-breed network IPS to our customers," said
Vimal Solanki, director of product marketing for McAfee IPS Solutions, McAfee,
Inc. "Further proving our dominance in third-party testing is very gratifying,
but to receive a top rating in a new methodology test that addresses real-
world concerns, stressing accuracy and optimal success in blocking zero-day
attacks is extremely exciting. We commend Miercom for taking lead with an in-
depth customer-centric methodology."
Miercom's test highlighted the criticality of deploying an IPS solution
that utilizes a comprehensive set of capabilities that go beyond signature
matching and undertake significantly more complex technologies in the realm of
heuristics and advanced protocol and application analysis to fully and
proactively protect network assets against all types of attacks. The tests
also proved that default blocking capabilities, typically touted by IPS
vendors as an out-of-box solution, are a good starting point for proactive
protection, however, are not sufficient for complete protection against the
broad range of today's fast-spreading, powerful threats. In the face of
unknown or zero-day attacks, these solutions are rendered insufficient. The
results of the test proved that only IntruShield was able to meet the demands
of rigorous testing to provide comprehensive and proactive protection without
requiring signature updates that are limited to only addressing known attacks.
According to Miercom, only McAfee IntruShield "demonstrated the ability to
deliver on all elements of the Miercom methodology" based on IntruShield's
ability to tackle unknown threats through the tight integration of protocol
and application analysis coupled with advanced Shell Code detection heuristics
and context aware signature matching. Additionally, McAfee IntruShield's
ability to provide multiple, highly granular, and flexible security policies
per segment adds another layer of comprehensive, proactive risk management.
The new Miercom methodology is publicly available at
http://www.miercom.com/dl.html?fid=20050115&type=pr . Miercom's Lab testing
summary report for the IntruShield 4010 and UnityOne-2400 can also be found at
http://www.miercom.com/dl.html?fid=20050204&type=report .
About Miercom
Miercom, founded in 1988, is the leading independent test center
specializing in networking and communications-related product testing and
analysis. Based in Central N.J., Miercom conducts comparative product
testing, privately as well as for publication, in leading-edge technologies
including IP telephony, network security and Storage Area Networks and other
evolving technologies. For additional information about Miercom
(http://www.Miercom.com), please feel free to contact Martin Milner at 609.490.0200,
or mmilner@miercom.com.
About McAfee, Inc.
McAfee, Inc., headquartered in Santa Clara, Calif., a worldwide leader in
intrusion prevention and risk management solutions, delivers proven security
products and services to help customers effectively balance the competing
priorities between business needs and security requirements. McAfee applies
profound security expertise toward helping companies, government agencies and
consumers block attacks, prevent disruptions, and continuously track and
improve the security of their systems and networks. This risk management
approach results in absolute confidence. For more information, McAfee, Inc.
can be reached at 972-963-8000 or http://www.mcafee.com.
NOTE: McAfee, IntruShield and Foundstone are either registered trademarks
or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other
countries. The color red in connection with security is distinctive of McAfee
brand products. All other registered and unregistered trademarks in this
document are the sole property of their respective owners.
SOURCE McAfee, Inc.
 back to top
Photo Notes:
NewsCom: http://www.newscom.com/cgi-bin/prnh/20040426/MCAFEELOGO
AP Archive: http://photoarchive.ap.org
PRN Photo Desk, photodesk@prnewswire.com
Related links:
http://www.mcafee.com
CONTACT:
Megan Patterson of McAfee, Inc.,
+1-408-346-3696, or megan_patterson@mcafee.com; or Ryan Lowry of
Porter Novelli, +1-415-975-3359, or ryan.lowry@porternovelli.com,
for McAfee, Inc.
|
