Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
245 Views 0 Replies Latest reply: Jul 2, 2013 11:44 AM by flyingunicorn RSS
flyingunicorn Newcomer 1 posts since
Jul 2, 2013
Currently Being Moderated

Jul 2, 2013 11:52 AM

Can NTBA inititate active session blocking on McAfee IPS?

Hi,

 

we currently are installing the NTBA software and did integrate it in the NSM. Both in Version 7.5.

First step for reporting and alerting.

Next should be a bit more advanced.

Besides the analysis, correlations and forensics I would like to have an active integration between NTBA and IPS.

Means in particular situations the NTBA shall alert and send a command to the IPS which tells her to block the souspicious sessions between a sender and destination. Based on the bad reputation of the sender address.

E.g. in case the NTBA may detect an unusual high number of drive mappings initiated by one IP it should alert the admins and the IPS shall block the communication.

All these communications are internal within a WAN.

Does sombody knwo whether this is possible and if yes in which dicument I have to look in?

 

Thanks in advance

 

FlyingUnicorn

 

Nachricht geändert durch flyingunicorn on 02.07.13 11:52:32 CDT

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points