How do you or your organization use this solution?
Please share with us so that your peers can learn from your experiences.
The solution is used mostly for perimeter protection. It's to protect the client and server site. It offers basic but effective Smart Blocking. We've tested it in a product environment and it performed rather well.
We use the solution for security purposes. It allows our organization to detect a variety of malicious attacks such as malware and viruses, et cetera.
Our clients primarily use the solution for security purposes. We have it deployed on the endpoints.
We use the solution as a level of security for our organization. It can show us what's happening on our network so that we are able to monitor events effectively. We end up having to deal with many events and this helps us detect where a virus or malware is coming from. It helps buy us time so we can fight off the attack.
We use a lot of the functions this solution provides such as the firewall and the ability to check aliases. We can monitor and show the traffic that's moving in and out. When we detect malware, we scan for the virus on the PC and we can decide whether to delete or block the malware. I'm a junior product consultant and we are customers of McAfee.
I look at the attack analysis, which shows me which attackers try to exploit my vulnerabilities. I can check the ticket to see if it's blocked or whether it's a false positive. Whatever the case, if it already exists, I will block it. McAfee IPS has a benign engine, so this may not be a target in your environment. If you just prevent attackers from using it, they will try another vulnerability. I have physical routers, but they try to make some novel vulnerabilities. This is not applicable to my environment, so when I see this alert I know it's a false positive not related to my environment. In some cases, I change the action of these alerts or attacks to block. This is what happened in one of the use cases I take advantage of from IPS. I got an alert about some attacks in my environment, regarding the SPAN port and server traffic. I saw it and I detected the source point of this attack.
The primary use is to deploy sensors. We have two use cases: to predict the anomalous behavior and to predict the normal threshold for our network.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Let the community know what you think. Share your opinions now!