Review: McAfee Enhances Next Generation Firewall

Threats aimed at corporate entities and enterprises are rapidly evolving, with targeted attacks becoming the norm and Advanced Persistent Threats (APTs) the bane of many an enterprise security administrator. What’s more, APTs have been further fueled by the rise of Advanced Evasion Techniques (AETs), which help APTs bypass firewalls, security appliances, and endpoint security products.

McAfee, a wholly owned subsidiary of Intel, aims to quell today's security concerns by combining a plethora of security technologies (IPS, IDS, AV, NGFW, etc) with Advanced Evasion Protection, which the company claims can stop attacks delivered by obfuscation techniques, securing enterprise networks against intrusions, APTs and much more.

While that may be an almost unbelievable claim, McAfee's NGFW software, now in version 5.7, backs it up.

Hands on with McAfee’s Next Generation Firewall (Versions 5.6 and 5.7)

I put McAfee’s NGFW software through its paces at the company’s Santa Clara, CA, headquarters using a test lab that consisted of multiple distributed Next Generation Firewalls controlled by the company’s Security Management Center (SMC). SMC works as the conductor for centralizing control and policy distribution among the whole family of McAfee NGFWs regardless of physical locations, giving a holistic view of all security in a distributed network.

One of the first tests I performed exercised the SMC’s ability to remotely add a new firewall to the test environment. The process highlighted the ease of use and robustness of SMC.

Adding a firewall can be done using three different methods, two of which are very simple (cloud configuration delivery or USB-based configuration file) and one that requires a bit more hands-on interaction. I chose the latter method, launching an "add firewall" wizard from the SMC management console. The manual configuration required that I input common network criteria, such as port definitions and IP address assignments.

The end result was a configuration file and single-use configuration password. After that process, I had to manually use the new firewall's CLI to input some more basic information, such as IP information, and provide the temporary password to allow the firewall to connect with the SMC management server. The process was not at all difficult, just time-consuming. For busy administrators, I recommend using either the USB method or cloud-based configuration file delivery.

Once the firewall rebooted, SMC recognized it and allowed me to push down the initial policy, which brought the firewall online. This was the last time I had to use the CLI. All subsequent management tasks occur in the SMC GUI.

After initial configuration, the most important tasks involve defining policies, which control most everything in the firewall, including its usage and who/what can connect. Policies are the key differentiator between "dumb firewalls," which rely on canned rules, and NGFWs, which offer granular control of individual connectivity elements.

Policies are defined using the SMC management console, which offers a policy definition subsection. Policy definition is simple, and the product incorporates a validation engine to verify that policies make logical sense before they are deployed to the subject NGFW. The definition process also offers several pulldown menus and extensive help, enabling even novice administrators to quickly define standard policies for most use cases.

I was able to define a policy that blocked social media access with just a few mouse clicks and immediately deploy it to a target NGFW. Once the policy is deployed, an active logging system relays policy enforcement actions in real time, exposing the policy's impact on users. One feature I found particularly useful here was the ability to right click on a log message and then redefine a policy. For example, when I saw that a user’s Facebook access was blocked, I was able to click on the event and add an exception to the policy to allow access.

Policies are fully granular and can be applied down to the individual user level, as well across a complete enterprise. Policies can also be nested, allowing administers to create site polices that can further be controlled using sub-policies, user-based policies, group-based definitions, and most any other authentication scheme.

McAfee’s NGFW family of products offers a full range of security capabilities, just like many of its competitors. These capabilities include intrusion detection and prevention, application-level security, deep packet inspection, unified management, policy creation and control, VPN support, and anti-malware technologies.

What differentiates McAfee's NGFWs from the competition are three core capabilities that the company has mastered:AET blocking, Multi-Link deployment, and High Availability. We'll discuss those on Page 2.