McAfee Network Threat Response on CloudShield CS-4000


In the escalating and increasingly expensive war against advanced malware, customers seeking both to strengthen organizational security while lowering the hardware maintenance and management costs can benefit from deploying CloudShield® technologies that create a compelling solution for McAfee® Network Threat Response™ (NTR).


Powerful cyber tool for security analysts

McAfee Network Threat Response (NTR) is a software package that identifies, captures, deconstructs and analyzes advanced malware attempting to enter or already resident inside your network today. NTR is a powerful cyber tool for security analysts. It automatically identifies malware targeting internal network vulnerabilities, and instantly captures and analyzes it to aid in rapid remediation and ongoing continuous monitoring for network defense.

Reveals what attackers don't want us to see

Network Threat Response combs through PDFs, Microsoft® Office files, and all other network activities looking for attempts to hide or obscure malicious content. NTR is not limited to finding and alerting to the presence of obfuscation; it decodes the traffic, providing analysts with visibility into the attack that is not possible with any tools currently available.

Assembles puzzle pieces together

With the unique ability to uncover slow moving, persistent attacks, NTR identifies and accumulates portions of attacks that trickle in over time. No other malware product in the marketplace can piece together threat puzzles that sneak into networks at a slow, continuous and deliberate pace.

Cuts analysis time down to minutes

Network Threat Response accelerates the complex analysis of captured data via its PCAP (packet capture) import capabilities. As the data is replayed through the advanced analysis engines, hidden traffic is decoded and key indicators are highlighted. As a result, a security or IT analyst has various anchor points from which to start a pre-qualified investigation – eliminating days off of analysis time.

Maximizes security staff effectiveness

Unlike other security devices, which can generate thousands of events a day, analysts can review every event generated by NTR in minutes versus the hours, days, or weeks needed today. A single NTR instance gives any security team the power to significantly reduce both analyst and reverse malware engineering time – making efficient use and quick understanding and isolation of the threat at hand.


Multiple optimizations and solutions

CloudShield Deep Packet Processing Advantage Logo NTR on the CloudShield CS-4000™, NTR optimized by CloudShield, and CloudShield deep packet processing solutions together create multiple options for customers seeking cost-effective defense against advanced malware.

Broaden the sensor base for faster detection

You can deploy McAfee NTR sensors on the CloudShield CS-4000 Trusted Network Security Platform™ (TNSP) in untrusted locations and manage them from trusted or secure networks. Strong physical security features and encrypted management communications of the CS-4000 protects integrity across all McAfee NTR sensor instances, management, and information controls. The diskless CS-4000 confirms that neither proprietary signatures nor software is present on the device when it ships or when power is not present.

CloudShield deep packet processing solutions for NTR now and in the future

CloudShield deep packet processing module (DPPM) solutions to optimize McAfee NTR are available including the DPPM-1500 for the CS-4000 platform and the PN41 DPPM for IBM® BladeCenter®. Today, CloudShield DPPM solutions offer intelligent traffic distribution for NTR sensors delivering up to 4Gps total throughput on the CS-4000 or up to 20Gbps on a single IBM® BladeCenter® chassis.

CloudShield trusted architecture provides an unparalleled and unchallenged environment to quickly offer new countermeasures such as the use of government-provided classified signature sharing.

CloudShield PacketLinux for optimized NTR Sensor performance

CloudShield PacketLinux optimizes the performance of NTR Sensors running on CloudShield CS-4000 Content Processing Accelerator (CPA) blades and IBM® HS2x blades for BladeCenter®, enabling either blade type to offer sensor performance up to 75% faster than using standard Linux.

Bladed solutions for application consolidation

CloudShield solutions for NTR are available on the bladed CS-4000 or IBM BladeCenter. Both platforms:

  • Enable upgrades for both the compute and DPPM blades as chipsets advance, keeping the chassis in place, preserving investments, and preventing forklift upgrades.
  • Deliver split control and data planes, allowing the architecture to scale better than dedicated appliances offering similar capabilities.

The CloudShield architecture enables multiple best-in-class applications, from a range of alliances, to be deployed as security threats and defenses both evolve.

Platform-specific use cases

  • The CS-4000 trusted platform can offer advanced malware detection with NTR combined with comprehensive network perimeter defense with McAfee Firewall Enterprise and Salient Assure6™ IPv6 security deployed in untrusted locations, even collapsing the DMZ for rapid return-on-investment.
  • CloudShield technology, McAfee NTR, and IBM BladeCenter can create a high-scale advanced malware analysis platform as follows:
    • Multiple PacketLinux-optimized NTR Sensors
    • CloudShield PN41 intelligent traffic distribution
    • NTR Manager on an HS2x blade
    • Additional malware analysis engines deployed on HS2x blades


You will gain benefits in three critical areas with McAfee Network Threat Response on CloudShield.


Strengthened posture

Strengthen your security posture by deploying advanced malware defense across your global organization, including untrusted locations.


Choose a bladed solution

Reduce hardware maintenance and management costs associated with dedicated security appliances by replacing short-lived servers or appliances with an integrated, bladed solution with a longer service life.


Evolved architecture

Scale malware identification to up to 20Gbps in a single chassis using CloudShield intelligent traffic distribution and accelerated NTR sensors based on CloudShield PacketLinux.




Deploy solutions on your own or talk to our managed services team.


Our sales team would be happy to answer any questions.

CloudShield is a registered trademark of CloudShield Technologies, Inc. in the U.S. and/or other countries. Assure6 is a trademark of Salient Federal Solutions, Inc. in the U.S. and/or other countries. Linux is a registered trademark of Linus Torvalds in the U.S. and/or other countries. McAfee is a registered trademark of McAfee, an Intel company in the U.S. and/or other countries. IBM and BladeCenter are registered trademarks of International Business Machines Corporation in the U.S. and/or other countries. Microsoft is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.