Call a Specialist Today! 866-981-2998
Free Shipping! Free Shipping!

McAfee Application Data Monitor
Detect fraud, data loss, and hidden threats with application-layer inspection


McAfee Application Data Monitor

Intel Security Products
McAfee Application Data Monitor Hardware
McAfee Application Data Monitor 1260 Hardware
#APM-1260A
Get a Quote!
McAfee Application Data Monitor 3460 Hardware
#APM-3460A
Get a Quote!

Click here to jump to more pricing!

Overview:

The McAfee Application Data Monitor appliance decodes an entire application session to Layer 7, providing a full analysis of everything from the underlying protocols and session integrity all the way up to the contents of the application (such as the text of an email or its attachments). This level of detail allows accurate analysis of real application use, while also enabling you to enforce application use policies and detect malicious, covert traffic.

Identify data loss and compliance violations — The Application Data Monitor appliance detects when sensitive information is being transmitted inside email attachments, instant messages, file transfers, HTTP posts, or any other application, notifying you immediately and mitigating any loss. You can detect these sensitive data types, alert appropriate personnel, and log the transgression to maintain an audit trail for compliance audit requirements.

Detect application-layer threats — New, sophisticated threats exploit the vulnerabilities in common business applications to penetrate your network and export sensitive data. While these application-layer threats are difficult to detect using traditional firewalls and intrusion detection and intrusion prevention systems, the Application Data Monitor appliance is able to look into the entire contents of an application — including the underlying protocols — to detect hidden payloads, malware, and even covert communication channels.

Threat activity is moving “up the stack” to the application layer, while compliance requirements demand that all access to sensitive data be fully monitored, logged, and audited. The McAfee® Application Data Monitor appliance takes security and compliance beyond the limits of log management by monitoring all the way to the application layer. You can fully inspect application contents to achieve the deepest visibility into how your network is being used.

The McAfee Application Data Monitor appliance decodes an entire application session to Layer 7, providing a full analysis of everything from the underlying protocols and session integrity to the contents of the application itself (such as the text of an email or its attachments). This level of detail allows accurate analysis of real application usage, while also enabling you to enforce application use policies and detect malicious, covert traffic.

This deep inspection supports compliance by tracking all use of sensitive data on the network. When the McAfee Application Data Monitor appliance detects a violation, it preserves all details of that application session for use in incident response and forensics or for compliance audit requirements.

At the same time, the McAfee Application Data Monitor appliance provides visibility into threats that may masquerade as legitimate applications:

  • Advanced application-layer threats
  • Unauthorized use or theft of confidential data
  • Attacks on or from security “blind spots”
  • Usage of dangerous legacy code
  • Theft or misuse of user credentials
  • Transmission of sensitive data via any application
  • Broken business processes

Key Advantages

  • Decodes the entire application session, all the way to Layer 7, for hundreds of applications
  • Includes pre-built detection rules for regulated and sensitive data
  • Supports user-definable dictionaries and rules for customization
  • Generates a complete audit trail of application events for compliance
  • Operates passively to avoid application interference
  • Integrates with McAfee Enterprise Security Manager to permit correlation of application contents with events and other data feeds
  • Flexible, hybrid delivery options include physical and virtual appliances

Features & Benefits:

Capture full session detail of all violations
Go beyond application flow monitoring to decode the entire application session, all the way to Layer 7.

Leverage pre-built detection rules for regulated and sensitive data
Monitor access to and use of sensitive information such as credit card numbers, social security numbers, and bank routing numbers out of the box, or customize the McAfee Application Data Monitor appliance’s detection capabilities by defining your own dictionaries of sensitive and confidential information.

Document a complete audit trail of application events for compliance
Preserve all details of application sessions that violate policies for use in incident response, forensics, and compliance audits.

Avoid interference with application performance and latency
Deploy Application Data Monitor as a passive SPAN port for passive monitoring, with no risk to an application's operation, performance, or reliability.

Add application insight into McAfee Enterprise Security Manager
Use McAfee Enterprise Security Manager as a central resource and interface for all monitoring and compliance activities and use application contents in event correlation and other advanced SIEM functions.

Data Loss and Compliance Violations

The McAfee Application Data Monitor appliance can detect when sensitive information is being transmitted inside email attachments, instant messages, file transfers, HTTP posts, or any other application, notifying you immediately so that the loss can be mitigated.

You can detect sensitive data such as credit card information and Social Security numbers out of the box or customize the McAfee Application Data Monitor appliance’s detection capabilities by defining your own dictionaries of sensitive and confidential information. The McAfee Application Data Monitor appliance will detect these sensitive data types, alert appropriate personnel, and log the transgression to maintain an audit trail.

Document Discovery

The McAfee Application Data Monitor appliance discovers more than 500 document types as they are being exchanged over the network by email, chat, P2P, file shares, and other means. The McAfee Application Data Monitor appliance discovers documents irrespective of the extension—documents masquerading as another type trying to bypass mail gateways and IDS/IPS devices. Even documents embedded inside other documents, as well as archived, compressed, and encoded documents are discovered with actionable metrics such as filename and operation being performed.

Application-Layer Threats

New, sophisticated threats exploit the vulnerabilities in common business applications to penetrate your network and export sensitive data. While these application-layer threats are difficult to detect using traditional firewalls and intrusion detection systems (IDS) and intrusion prevention systems (IPS), The McAfee Application Data Monitor appliance is able to look into the entire contents of an application—including the underlying protocols—to detect hidden payloads, malware, and even covert communication channels—for example an executable embedded inside a PDF document.

Protocol Anomalies

Anomaly detection can proactively identify imminent threats, reducing risk and minimizing loss. While traditional security solutions are limited to the analysis of network flows, the McAfee Application Data Monitor appliance takes this approach to the next level. We look past network behavior to detect anomalies within applications and protocols, delivering a stronger, more proactive risk detection methodology.

No Interference with Applications

Since the McAfee Application Data Monitor appliance operates on a SPAN port, it will not interfere with application performance or reliability or introduce latency.

Integrated with Your Infrastructure

While most network monitoring solutions operate in isolation, the McAfee Application Data Monitor appliance works in concert with other information security systems. Through McAfee Enterprise Security Manager, it connects to the rest of your security infrastructure to simplify security operations, improve overall efficiency, and lower costs. You can integrate loss and fraud detection with powerful analytics, network inspection, database event monitoring, and more.

Example Use Cases

The McAfee Application Data Monitor appliance can detect a variety of unauthorized activity, policy violations, theft, and fraud. Here are some examples.

Theft of confidential information

An employee logged in as [email protected] sent an email to [email protected]. The email contained a file called shoo.doc that included the words “secret formula.” The email was sent at 12:20 pm from the host desktop0232 (192.168.0.36) using the SMTP server (10.0.2.13) with this subject: got it.

Use of unauthorized applications

An employee violated policy by transferring music using a peer-to-peer file sharing application that he installed. He sent large files during work hours, consuming valuable bandwidth. More investigation revealed the employee as a regular offender. He uses Jabber and IRC and runs an unauthorized web server on his desktop.

Cyberslacking in the work place

An employee is also a secret day trader. During the workday, she connects to financial trading sites for an average of one hour each morning and afternoon. She also uses the company’s VoIP (SIP) system to make an average of six calls daily and spends hours on Yahoo! Messenger as “traderjoe” talking to “traderbob” and “tradergill.”

User of weak passwords

Your company’s security policy requires the use of strong passwords for all user system and application accounts. Microsoft Active Directory accounts are strictly managed. However, dozens of weak passwords are being used on external-facing FTP servers, mail servers, and critical web applications that don’t use Active Directory.

System Requirements:


Hardware Specifications APM-3460 APM-1260
Throughput 1 Gbps 500 Mbps
Interfaces 4 x 10/100/1000 Mbps Ethernet copper interfaces 4 x 10/100/1000 Mbps Ethernet copper interfaces
More than 500 Supported Applications and Protocols
Low level network protocols TCP/IP, UDP, RTP, RPC, SOCKS, DNS, and others
Email MAPI, NNTP, POP3, SMTP, Microsoft Exchange
Webmail AOL Webmail, Hotmail, Yahoo! Mail, Gmail, Facebook, and MySpace email
Instant messaging AOL,ICQ, Jabber, MSN, SIP, and Yahoo
File transfer protocols FTP, HTTP, SMB, and SSL
Compression and extraction protocols BASE64, GZIP, MIME, TAR, ZIP, and others
Archive files RAR Archives, ZIP, BZIP, GZIP, Bin-hex, and UU-encoded archives
Installation packages Linux packages, InstallShield cabinets, Microsoft cabinets
Image files GIFs, JPEGs, PNGs, TIFFs, AutoCAD, Photoshop, Bitmaps, Visio, Digital RAW, and Windows icons
Audio files WAV, MIDI, RealAudio, Dolby Digital AC-3, MP3, MP4, MOD, RealAudio, SHOUTCast, and more
Video files AVI, Flash, QuickTime, Real Media, MPEG-4 , Vivo, Digital Video (DV), Motion JPEG, and more
Other applications and files Databases, spreadsheets, faxes, web applications, fonts, executable files, Microsoft Office applications, games, and even software development tools
Other protocols Network printer, shell access, VoIP, and peer-to-peer

Documentation:

Download the McAfee Application Data Monitor Datasheet (PDF).

Pricing Notes:

Intel Security Products
McAfee Application Data Monitor Hardware
McAfee Application Data Monitor 1260 Hardware
#APM-1260A
Get a Quote!
McAfee Application Data Monitor 3460 Hardware
#APM-3460A
Get a Quote!
McAfee Advanced Correlation Engine Support
McAfee Application Data Monitor 1260 1 Year Gold Software Support & Advanced RMA Hardware Support - AVAILABLE WORLDWIDE
#APM1260ARMAA
Get a Quote!
McAfee Application Data Monitor 1260 1 Year Gold Software Support & Onsite Next Business Day Hardware Support
#APM1260NBDA
Get a Quote!
McAfee Application Data Monitor 3460 1 Year Gold Software Support & Advanced RMA Hardware Support - AVAILABLE WORLDWIDE
#APM3460ARMAA
Get a Quote!
McAfee Application Data Monitor 3460 1 Year Gold Software Support & Onsite Next Business Day Hardware Support
#APM3460NBDA
Get a Quote!
McAfee Application Data Monitor Software
McAfee Application Data Monitor VM (up to 4 cores) - Perpetual License
Perpetual License with 1 Year McAfee Gold Software Support
#APM04E-AT-AA
Get a Quote!
McAfee Application Data Monitor VM (up to 12 cores) - Perpetual License
Perpetual License with 1 Year McAfee Gold Software Support
#APM16E-AT-AA
Get a Quote!
McAfee Application Data Monitor Software Support
McAfee Application Data Monitor VM (up to 4 cores)
1 Year Gold Software Support
#APMV4M-AT-AA
Get a Quote!
McAfee Application Data Monitor VM (up to 12 cores)
1 Year Gold Software Support
#APMV6M-AT-AA
Get a Quote!