cancel
Showing results for 
Search instead for 
Did you mean: 

Choosing a Flavor of Advanced Threat Defense

 

Introduction

 

This document will give you a perspective on which form factor of McAfee Advanced Threat Defense to utilize in your environment. Is the physical appliance (ATD), or the virtual appliance (vATD) right for you?

 

Video

 

 

 

Advanced Threat Defense (ATD) or Virtual Advanced Threat Defense (vATD)

 

 

Model and Deployment Options

 

Physical Advanced Threat Defense:

 

 

      • ATD-3000 supports up to 30 VMs
      • ATD-6000 supports up to 60 VMs
      • Supports Android VM

 

Virtual Advanced Threat Defense:

 

      • vATD 1008 supports 8 VMs
      • vATD 1016 supports 16 VMs
      • vATD 3032 supports 32 VMs
      • vATD 6064 supports 64 VMs

 

 

 

Form Factor Disparities

 

Virtual ATD offers the same functionality as the physical appliance with the follow exceptions:

 

      • Subscription-based licensing is used for vATD, while perpetual licensing is used for ATD
      • Deployment: .ova file for virtual
      • Currently, vATD cannot be put in a load-balanced configuration with physical appliances. A future release will support both virtual and physical appliances in a single cluster
      • Android VM is not supported with vATD
      • Some CLI commands are not supported

 

*Please Note: A future release will offer feature parity between the physical and virtual appliances.

 

 

 

Form Factor Parallels

 

vATD supports similar integrations available today with the physical appliance including:

 

      • McAfee Web Gateway (MWG)
      • McAfee Virtual Web Gateway (vMWG)
      • McAfee Network Security Platform (NSP)
      • McAfee Virtual Network Security Platform (vNSP) vNSP 8.3+
      • McAfee Threat Intelligence Exchange
      • McAfee Endpoint Security
      • McAfee Enterprise Security Manager (SIEM)
      • McAfee Active Response (MAR)
      • McAfee ePolicy Orchestrator (ePO)

 

 

vATD Use Cases

 

      • Localized Sandboxing – Multi National environment. If your requirement is to analyze malware in a host country or region where the malware is targeting. The physical appliance is too expensive and not practical. vATD would be the optimized solution in this case.
      • Virtual Only Datacenter – Ceasing to add physical ATDs. Since vATD can be nested on a hypervisor such as ESXi, this will meet the deployment requirements of a virtual only data center.
      • Cloud First Focus – With the shift of workloads to the Cloud, vATD can be optimal for the deployment of Cloud configurations.
      • Incident Response – While ATD offers incident response, it’s more suited for larger infrastructures. If your incident response team tends to have a smaller headcount, the throughput capacity of a physical appliance isn’t necessary. This is where a smaller vATD appliance could be optimized.
      • Partner Utilization – If you are a partner who does not have the budgetary means to purchase a physical appliance, an 8 VM (v1008), could be the affordable, and efficient solution for a Not For Resale (NFR) situation.
Contributors
Version history
Revision #:
3 of 3
Last update:
‎03-14-2018 11:49 AM
Updated by: