Showing results for 
Search instead for 
Did you mean: 

Choosing a Flavor of Advanced Threat Defense




This document will give you a perspective on which form factor of McAfee Advanced Threat Defense to utilize in your environment. Is the physical appliance (ATD), or the virtual appliance (vATD) right for you?






Advanced Threat Defense (ATD) or Virtual Advanced Threat Defense (vATD)



Model and Deployment Options


Physical Advanced Threat Defense:



      • ATD-3000 supports up to 30 VMs
      • ATD-6000 supports up to 60 VMs
      • Supports Android VM


Virtual Advanced Threat Defense:


      • vATD 1008 supports 8 VMs
      • vATD 1016 supports 16 VMs
      • vATD 3032 supports 32 VMs
      • vATD 6064 supports 64 VMs




Form Factor Disparities


Virtual ATD offers the same functionality as the physical appliance with the follow exceptions:


      • Subscription-based licensing is used for vATD, while perpetual licensing is used for ATD
      • Deployment: .ova file for virtual
      • Currently, vATD cannot be put in a load-balanced configuration with physical appliances. A future release will support both virtual and physical appliances in a single cluster
      • Android VM is not supported with vATD
      • Some CLI commands are not supported


*Please Note: A future release will offer feature parity between the physical and virtual appliances.




Form Factor Parallels


vATD supports similar integrations available today with the physical appliance including:


      • McAfee Web Gateway (MWG)
      • McAfee Virtual Web Gateway (vMWG)
      • McAfee Network Security Platform (NSP)
      • McAfee Virtual Network Security Platform (vNSP) vNSP 8.3+
      • McAfee Threat Intelligence Exchange
      • McAfee Endpoint Security
      • McAfee Enterprise Security Manager (SIEM)
      • McAfee Active Response (MAR)
      • McAfee ePolicy Orchestrator (ePO)



vATD Use Cases


      • Localized Sandboxing – Multi National environment. If your requirement is to analyze malware in a host country or region where the malware is targeting. The physical appliance is too expensive and not practical. vATD would be the optimized solution in this case.
      • Virtual Only Datacenter – Ceasing to add physical ATDs. Since vATD can be nested on a hypervisor such as ESXi, this will meet the deployment requirements of a virtual only data center.
      • Cloud First Focus – With the shift of workloads to the Cloud, vATD can be optimal for the deployment of Cloud configurations.
      • Incident Response – While ATD offers incident response, it’s more suited for larger infrastructures. If your incident response team tends to have a smaller headcount, the throughput capacity of a physical appliance isn’t necessary. This is where a smaller vATD appliance could be optimized.
      • Partner Utilization – If you are a partner who does not have the budgetary means to purchase a physical appliance, an 8 VM (v1008), could be the affordable, and efficient solution for a Not For Resale (NFR) situation.
Version history
Revision #:
3 of 3
Last update:
‎03-14-2018 11:49 AM
Updated by: