3 Replies Latest reply on Jul 25, 2017 3:34 PM by d_aloy

    NTBA- Anyone using it?

    d_aloy

      Hi all

       

      Hopefully you guys can provide some feedback on this.

       

      If you were asked to provide a recommendation on McAfee NTBA - pros and cons, and do you get your value for money basically? - what would it be?

      I do have an idea and opinion on the product, but I would like to hear from other people on this forum.

       

      For those using - or not using (that makes all of you !) -  McAfee NTBA, could you please share,  where possible:

       

      If you use NTBA:

      • Which software version are you using?
      • How do you use it? Do you have specific use cases? i.e configure inside/outside zones and set different policies/thresholds/zones communications rules?
      • What benefits do you see on the current product you are using? That is, the build (8.2, 8.3, etc)
      • Do you see any limitations?
      • Any other feedback? I.e. it was better value for money on previous releases because of what you can see/get on the UI, or it would be great if they could add specific features (i.e. syslog all netflow data out of the device, or flow forward the netflow v9 it is collecting, etc)

       

       

      If you are not using it, could you please share:

      • You did not know it existed?
      • You knew it existed, but you don't see any value on the current product features?
      • You knew it existed, but you don't see any benefit on netflow analysis? Why, are there better tools for network traffic inspection?
      • You used it but you are not getting any information out of it?
      • Product lacks developing to fully use the netflow data it collects?
      • Any other feedback? I.e. it was better value for money on previous releases because of what you can see/get on the UI, or it would be great if they could add specific features (i.e. syslog all netflow data out of the device, or flow forward the netflow v9 it is collecting, etc)
      • There are other netflow analysers that provide a much better value for money - or better integrations (i.e. syslog/flow forward) with 3rd party tools (i.e. SIEM)

       

      Would you recommend me using this product?

       

      I would really (*really*) appreciate some feedback.... It is just my second question on this forum, and the other one got 0 replies ... Hopefully better luck this time!

       

      Thanks all.

       

      Cheers.

      David

        • 1. Re: NTBA- Anyone using it?
          d_aloy

          Hi all

           

          No feedback on this?

           

          Cheers

          David

          • 2. Re: NTBA- Anyone using it?
            dotax

            Hi d_aloy,

             

            I have tried to used it for like 1 month and hopefully My reply is below can provide you with some feedback

             

            If you use NTBA:

            • Which software version are you using?

                 version 8.3.3.2, VM version with OVF

            • How do you use it? Do you have specific use cases? i.e configure inside/outside zones and set different policies/thresholds/zones communications rules?

                 i configured inside zones/outside zones as per IPS monitoring interface direction, i used it to analyze on the historical network flow on single host IP for incident investigation

            • What benefits do you see on the current product you are using? That is, the build (8.2, 8.3, etc)

                 it provide me ability to analyze the attacks that from/to a particular host

            • Do you see any limitations?

                 the limitations is that IPS need to configure SPAN port on monitoring interface in order to work so, it wasted one segment of monitoring interface

            • Any other feedback? I.e. it was better value for money on previous releases because of what you can see/get on the UI, or it would be great if they could add specific features (i.e. syslog all netflow data out of the device, or flow forward the netflow v9 it is collecting, etc)

                 So far has no any feedback, as this is the first netflow product that i had ever used. Hopefully McAfee could try to promote it.

            • 3. Re: NTBA- Anyone using it?
              d_aloy

              Hi dotax

               

              I really appreciate your effort to get NTBA running, and you providing feedback on the 8.3 release.

               

              The reason why I asked is because there is a lot more information stored on the NTBA database.. but it is just gone on 8.3. You used to be able to check files, URLs, very nice conversation radial diagrams between hosts, throughput (in/out) on a per zone basis... And I was just wondering if anyone else had noticed the information is no longer there. I've been told NSP 9.1? may have some of the dashboards available again, so will give it a go in the lab...when I have time!

               

              I do completely agree with you, McAfee should be 'selling' this product a lot more... it has a HUGE potential... especially if they add syslog of netflow data or netflow (v9) forward to 3rd party solutions. That would be a humongous amount of data you could correlate on at the SIEM and there are plenty of use cases to be explored.

               

              Many thanks again for your reply to this thread - it is really, really, appreciated

               

              Regards

              David