Page 1
Data Sheet | McAfee Network Protection Solutions
McAfee IntruShield 1200, 1400, and 2700 Network IPS Appliances
Award-winning, next-generation intrusion prevention solution delivering best-in-class proactive
prevention of zero-day and DoS attacks, spyware, malware, botnets, and VoIP threats
No business is immune to security threats, no matter
how large or small. The risks to small and mediumsized businesses (SMBs) and other organizations
continue to grow as the rising number of new
vulnerabilities and the speed and sophistication of
attacks that exploit those vulnerabilities pose an
ever-increasing threat to your business. The rise and
evolution of new hybrid attacks that use multiple
techniques to attack your network infrastructure
means that enterprises of all sizes must constantly
defend themselves against these shifting threats.
Traditional, reactive security technology alone cannot ensure
network availability, integrit y, and data confidentiality. Due
to the inadequate ability of traditional technolog y to provide
proactive threat detection and prevention, businesses remain
vulnerable to sophisticated and highly targeted zero-day and
Denial of Service (DoS) attacks, as well as spyware, malware,
and Voice over IP (VoIP) threats. Small businesses need to
defend their critical network infrastructure by deploying
advanced, proactive protection against vulnerability-based
threats and attacks. Furthermore, companies of every size
are under intense regulatory and audit pressure to ensure the
privacy of confidential data and decrease business risk.
For comprehensive, proactive network protection against a
broad range of today’s threats and attacks, SMBs and other
organizations need to deploy next-generation intrusion
prevention. The proven and award-winning McAfee®
IntruShield® network intrusion prevention system (IPS)
delivers the most comprehensive, accurate, and scalable
threat protection. IntruShield helps SMBs assure the
availability and security of critical network infrastructure
through proactive and comprehensive threat prevention.
The McAfee IntruShield IPS Solution
The McAfee IntruShield family of award-wining, nextgeneration IPS appliances enables SMBs and enterprises
to reduce business risk by deploying the industry’s most
comprehensive and proven network IPS solution. Their
purpose-built platforms proactively protect endpoints
and critical network infrastructure from known, zeroday, and DoS attacks, as well as threats like spyware, VoIP
vulnerabilities, botnets, ma lware, network worms, Trojans,
and peer-to-peer applications.
IntruShield’s unparalleled technology preemptively
blocks attacks before they reach their intended targets,
while providing absolute accuracy and mission-critical
performance for all network environments. Its integrated
protection and easy-to-manage platform delivers broad
asset protection, maximized business availability, reduced
liability, and security-cost avoidance. And IntruShield’s
powerful policy enforcement, advanced forensics, and
comprehensive reporting capabilities help small and large
businesses comply with audit and regulatory requirements.
IntruShield is the industry’s first risk-aware intrusion
prevention solution, enabling SMBs to deploy prioritized
risk management through intelligent, highly targeted threat
prevention. By integrating with market-leading McAfee
Foundstone® vulnerability management (VM) solutions—as
well as open-source vulnerabilit y assessment (VA) systems
such as Nessus—IntruShield reduces business risk,
increases operational efficiencies, and maximizes security
by providing the ability to identif y and block the most
relevant threats and attacks targeting your network.
IntruShield’s built-in VoIP protection, spy ware prevention,
and advanced Web-client protection maintains businesscritical applications, reduces IT costs, and secures
confidential information by blocking spyware, malware,
botnets, and VoIP threats. Its unrivaled ASIC-based
architecture, deep packet inspection, and patented shellcode detection deliver unequaled zero-day protection.
The innovative IntruShield architecture is purpose-built
for long product life cycles, providing continuous nextgeneration security and feature enhancements. This allows
for continuous protection against the latest threats and
vulnerabilities—including spyware, malware, botnets, SYN
flood, and VoIP threats—while never requiring hardware
upgrades. IntruShield’s architecture integrates patented
signature, anomaly, DoS, and distributed DoS (DDoS)
analysis techniques, enabling highly accurate threat
detection and prevention that blocks attacks before they
Page 2
Data Sheet | McAfee Network Protection Solutions
inflict damage. IntruShield’s next-generation technology
delivers unparalleled features, including “out-of-the-box”
default IPS block ing, pre-configured Recommended for
Blocking policies, built-in spy ware and VoIP protection,
virtual IPS, and an integrated internal firewa ll. And the
IntruShield portfolio of appliances is backed by McAfee—
the largest dedicated security company and the most
trusted name in the industry.
Features and Benefits
Comprehensive protection
k Broad threat prevention—IntruShield’s purpose-
built intrusion prevention appliances deliver the
most comprehensive threat prevention by proactively
protecting endpoints and network infrastructure from
known, zero-day, and DoS attacks, as well as threats like
spyware, VoIP vulnerabilities, malware, botnets, network
worms, Trojans, and peer-to-peer applications
k Built-in anti-spyware protection—Provides enhanced
security by integrating multi-layered protection against
spyware, adware, dialers, keyloggers, password crackers,
and remote-control programs. IntruShield’s spyware
protection helps reduce IT costs, prevents potential privacy
breaches, and protects confidentiality by proactively
preventing the download of these unwanted programs
while blocking spyware communication and propagation
k Unrivaled botnet prevention—Industry’s only network-
based security solution to provide comprehensive,
layered, and proactive blocking of malicious distributed
botnets. IntruShield protects against the growing threat
of botnets by identify ing them as a distinctive categor y
of attack and proactively blocking their installation,
communication, and activation through the Internet
k VoIP vulnerability protection—IntruShield’s integrated
VoIP security proactively protects mission-critical VoIP
infrastructure and applications by accurately detecting
and blocking known, zero-day, and DoS attacks.
IntruShield protects against underlying VoIP protocol
vulnerabilities while preserving VoIP application and
voice-quality integrity
k Encrypted attack prevention—Industry’s first and
only network IPS to securely and proactively protect
against both clear-text and encrypted attacks (I-2700).
IntruShield’s advanced, real-time SSL decryption and
inspection technology dramatically increases network
security coverage by protecting critical e-commerce
infrastructure
k IPS and internal firewall—Integrated network IPS and
stateful internal firewall capabilities deliver unrivaled
internal system protection, network infrastructure
protection, and enterprise-wide policy enforcement
Accurate protection
k Built-in, advanced Web-client protection—Proactively
protects Web browsers and desktops from cyberattacks, spy ware, botnets, and other forms of malware.
It prevents the download of unwanted programs while
protecting against unauthorized network access.
IntruShield’s built-in Web-client protection complements
McAfee Perimeter and System Protection Solutions by
providing an additional layer of network protection
k Next-generation DoS prevention—The industry’s most
advanced, next-generation DoS-prevention technology
delivers comprehensive, real-time protection against
sophisticated DoS attacks, cyber-attacks, and cyber
extortion. Multi-layered threshold, profile-based,
and SYN cookie technology—in combination with
IntruShield’s unrivaled virtual IPS capabilities—deliver
highly granular protection against a broad spectrum of
DoS attacks, including DoS, DDoS, and SYN flood attacks
k Infrastructure protection—Provides preemptive, zero-
day vulnerability protection against threats and attacks
that target mission-critical routers, switches, perimeter
firewalls, and DNS servers. Provides the only effective
means to protect critical network infrastructure during
windows of vulnerability
k Risk-aware intrusion prevention—Risk-aware IPS
delivers significant operational efficiencies by providing
the ability to intelligently identify and block the most
relevant alerts and attacks. Integration with marketleading Foundstone VM solutions automatically identifies
and highlights risks. Enables targeted, prioritized
risk management by importing and correlating risk
assessment information from Foundstone, as well as
open-source VA systems such as Nessus
k Signature, anomaly, and DoS analysis—IntruShield’s
unmatched architecture integrates a variety of advanced
detection methods—including signature, application,
and protocol anomaly, shell-code detection algorithms,
and next-generation DoS/DDoS prevention—to deliver
the most accurate protection available against today’s
threats and attacks
k Unmatched detection accuracy—Int ruShield performs
stateful traffic inspection with thorough parsing of over 100
protocols, while leveraging over 3,000 high-quality, multitoken, multi-trigger signatures to provide the most accurate
detection in the industry. IntruShield’s unmatched
accuracy allows you to confidently block threats and
attacks in real time without affecting legitimate traffic
Page 3
Data Sheet | McAfee Network Protection Solutions
k Backed by McAfee—Proven protection, unmatched
security knowledge, and continuous proactive security
research from the world’s largest dedicated security
company. McAfee, the most trusted name in the industr y
Scalable and manageable
k Out-of-the-box default blocking—IntruShield is pre-set
for Default IPS Blocking, and comes pre-configured with a
Recommended for Blocking policy that provides accurate
and proactive blocking for hundreds of attacks straight
out of the box. Recommended for Blocking signatures
are continuously updated by McAfee to provide
comprehensive protect ion against new threats
k Easy-to-use centralized management—A single
management console delivers simple, centralized,
Web-based management of IntruShield appliances
and policies. Plus, a rich set of fourteen ready-touse, pre-defined IPS security polices allow for easy
customization. IntruShield’s easy-to-use management
reduces complexity, max imizes IT efficiencies, and
lowers operational costs. IntruShield Security Manager
is provided at no cost for management of up to two (2)
IntruShield appliances
k Advanced intrusion forensics—Delivers unique forensic
features to analyze key characteristics of known and
zero-day threats and intrusions. IntruShield’s powerful
forensic capabilities provide highly actionable and
accurate information and reporting related to intrusion
identification, relevancy, direction, impact, and analysis
k Flexible deployment—Unprecedented flexibility of IPS or
intrusion detection system (IDS) deployment—including
in-line, port clustering, high availability, span, and
tap modes—suits any network security architecture.
IntruShield’s flexible architecture allows SMBs to
automatically migrate from reactive intrusion detection
to proactive intrusion prevention
Award-winning ASIC-based architecture
k Purpose-built hardware—IntruShield appliances are
purpose-built for mission-critical intrusion prevention,
and are engineered using multiple state-of-the-art
network processors, co-processors, FPGAs, and generalpurpose processors. IntruShield’s award-winning
architecture incorporates dedicated, high-speed
hardware to achieve unmatched accuracy, performance,
and proactive protection
k Integrated user authentication—Integrated user-
authentication capabilities deliver administrative and
user-management efficiencies. Integration prov ides
system operators and users with comprehensive
authentication support to external databases, including
Radius, LDAP, and TACAS
k Automated real-time threat updates—Innovative,
automated process delivers real-time signature
updates without requiring sensor reboots and provides
protection against newly discovered vulnerabilities while
eliminating manual updates and network downtime
k Always on management with automated disaster
recovery—Delivers uninterrupted, highly available
management capabilities by providing active/standby
management server technology for the IntruShield
Security Management (ISM) system. Automated failover
and fail-back technology enables disaster recovery of
critical configuration data in the event of failure. Always
on management ensures the continuity of critical
network protection and supports corporate disaster
recovery policies
k Unprecedented virtual IPS—IntruShield’s unique and
flexible virtua lization capability extends to both IPS
and the internal firewall, supporting up to 100 virtual
IPS sensors per physical device (100 for I-2700, 32 for
I-1400, 16 for I-1200), each virtual IPS with its own highly
customized and granular security policy
k Investment protection—Industry’s most advanced
architecture, purpose-built for long product life cycles,
allows for continuous next-generation security and
feature enhancements. Continues to provide advanced
protection against today’s threats, including spyware,
malware, DoS, VoIP vulnerabilities, botnets, and
encrypted attack protection, while never requiring
appliance hardware upgrades
k Integrated network and host IPS —Provides
breakthrough integration by enabling host (McAfee Host
Intrusion Prevention Solution) and network (IntruShield)
IPS security-event aggregation and coordination on a
single IntruShield Security Management console
k High-availability deployment—Complete, stateful
failover capabilities deliver high-availability (HA)
configuration between a pair of primary and failover
IntruShield appliances. IntruShield’s HA configuration
feature allows transparent Layer 7 stateful failover,
thereby avoiding a single point of failure
Page 4
Data Sheet | McAfee Network Protection Solutions
IntruShield Sensor Specifications
Sensor Hardware Components I-2700 I-1400 I-1200
Network location
Performance throughput
Maximum concurrent connections 250,000 80,000 40,000
Ports
Gigabit Ethernet detection ports 2 — —
Fast Ethernet (FE) detection ports 6 4 2
Dedicated FE response ports 3 1 1
Dedicated FE management port Yes Yes Yes
External fail-open control ports 1 — —
Console and aux ports Yes Yes Yes
Built-in network taps Yes (for FE ports) Yes Yes
Fail-open Yes (for FE ports) Yes Yes
Fail-close Yes Yes Yes
Mode of operation
Span port monitoring Yes Yes Yes
Tap mode Yes (for FE ports) Yes Yes
In-line mode Yes Yes Yes
Port clustering Yes Yes Yes
No. of virtual IPS systems 100 32 16
Traffic monitoring on active-active links Yes Yes Yes
Traffic monitoring on active-passive links
Monitoring of asymmetric traffic routing Yes Yes Yes
High availability
Redundant power Yes (Optional) No No
Device failure detection Yes Yes Yes
Link failure detection Yes Yes Yes
Physical dimensions
Weight 47 lbs. 17 lbs. 15 lbs.
Power 100–240 VAC (50/60 Hz) Same for all models Same for all models
Power consumption 250w 100w 100w
Temperature 0° to 40° C (Operating)
Relative humidity (non-condensing)
Altitude 0–10,000 feet Same for all models Same for all models
Safety certification
EMI certification FCC Part 15, Class A (CFR 47)
17.44 (W) x 3.44 (H) x 23.00 (D)
-40° to 70° C (Non-operating)
Operational: 10 percent to 90 percent
UL 1950, CSA-C22.2 No. 950,
EN-60950, IEC 950, EN 60825, IEC
60825, 21CFR1040 CB license and
report covering all national country
(USA) ICES-003 Class A (Canada),
EN55022 Class A (Europe), CISPR22
Perimeter Branch office/perimeter Branch office
Up to 600 Mbps Up to 200 Mbps Up to 100 Mbps
Yes Yes Yes
2RU Rack-mountable
Non-operational: 5 percent to
95 percent
deviations
Class A (Int’l)
1RU Rack-mountable
17.32 (W) x 1.65 (H) x10.5 (D)
Same for all models Same for all models
Same for all models Same for all models
Same for all models Same for all models
Same for all models Same for all models
1RU Rack-mountable
17.32 (W) x 1.65 (H) x10.5 (D)
Page 5
Data Sheet | McAfee Network Protection Solutions
Sensor Software Components I-2700 I-1400 I-1200
Stateful traffic
inspection
Signature detection
Anomaly detection
DoS detection
Intrusion
prevention
Encrypted attack
protection
Internal firewall
High availability
Management
IP defragmentation and TCP stream reassembly Yes Yes Yes
Detailed protocol analysis Yes Yes Yes
Asymmetric traffic monitoring Yes Yes Yes
Protocol normalization Yes Yes Yes
Advanced evasion protection Yes Yes Yes
Forensic data collection Yes Yes Yes
Protocol tunneling Yes Yes Yes
Protocol discovery Yes Yes Yes
User-defined signatures Yes Yes Yes
Real-time signature updates Yes Yes Yes
Statistical anomaly Yes Yes Yes
Protocol anomaly Yes Yes Yes
Application anomaly Yes Yes Yes
Threshold-based detection Yes Yes Yes
Self-learning profile-based detection Yes Yes Yes
Maximum DoS profiles 300 120 100
Stop attacks in progress in real time Yes Yes Yes
Drop attack packets/sessions Yes Yes Yes
Reconfigure firewall Yes No No
Initiate TCP reset, ICMP unreachable Yes Yes Yes
Packet logging Yes Yes Yes
Automated and user-initiated prevention Yes Yes Yes
Stops encrypted attacks in real time Yes No No
Blocks unwanted and nuisance traffic Yes Yes Yes
Granular security policy enforcement Yes Yes Yes
Stateful failover Yes
Yes Yes
(for FE ports)
Command-line interface (console) Yes Yes Yes
Manager communication Secure channel Same for all models Same for all models
McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, w ww.mcafee.co m
McAfee a nd/ or additi onal marks here in are regi stered tra dema rks o r trademar ks of McA fee, I nc. and/ or it s af filiat es in the US and /or other coun tries. Mc Afee Red in conn ecti on wi th
sec urit y is distin ctive of M cAfe e bra nd pro ducts. A ll other re gist ered and un regis tere d trad emar ks he rein are th e sol e pro perty of their resp ective ow ners. © 20 06 M cAfe e, Inc. All
righ ts re ser ved. 1-sp s-in s-0 06-030 6
Loading...