McAfee has launched a security appliance to monitor internal corporate traffic flows for worms, viruses and botnet activity in order to block outbreaks traced to corporate computers.
The appliance, called Network Threat Behavior Analysis, can be plugged into a aggregation point, such as a switch or router, in order to provide visibility into the network, says Greg Brown, McAfee senior director of product marketing.
"It's looking at devices, computers, servers," he says, by utilising Cisco NetFlow data, among other systems. "It's watching the traffic coming from these devices and sending an alert if there are outbreaks," Brown points out.
The NTBA, offered as the T-Series T-200 and T-500, is also designed to work with the McAfee ePolicy Orchestrator (EPO) systems security management console to implement blocking actions to quarantine an infected device off the network or provide blocking action through McAfee's M-Series intrusion-prevention systems.
The T-200 is intended for use in mid- to large-sized corporate LANs, and the T-500 is intended for use in large corporate backbone networks or datacentres.
In addition to unveiling NTBA, McAfee also announced enhancements to its M-Series IPS, which range from 100Mbps to 10Gbps.
According to Brown, McAfee has added real-time detection capabilities to the M-Series so the equipment can determine if threats such as drive-by downloads are occurring. Brown says the enhancement is based on the cloud-based malware defense system called Artemis from McAfee.
The T-Series Network Threat Behavior Analysis, expected to ship later this month, starts at $24,995 for the T-200 appliance and $44,995 for the T-500. The McAfee M-Series IPS starts at $10,995.