Validated Product - Securify Version 6.0Certificate Date: 21 August 2009 Validation Report Number: CCEVS-VR-VID10316-2009 Product Type: IDS/IPS Conformance Claim: EAL2 Augmented with ALC_FLR.2 CC Testing Lab: CygnaCom Solutions, Inc
PRODUCT DESCRIPTIONMcAfee Network User Behavior Analysis v6.0 (SecurifyTM v6.0) is an appliance-based security product which monitors network access and behavior across systems and networks. SecurifyTM provides visibility as to who is doing what and where they are doing it across the network. Securify™ v6.0 combines positive and negative security models to provide more comprehensive security coverage. In broad terms, the former defines what traffic is deemed acceptable on the network whereas the latter defines what is not acceptable. Any traffic different from the positive behavior OR that perfectly matches one of the negative behaviors is considered suspicious. The positive model relies on a proprietary policy language that translates business driven security policies into a formal, machine monitored specification (a “Policy”) describing the “correct” behavior of the network. The negative model is the traditional pattern matching technique that relies in a set of signatures to define known attack patterns (negative behavior). Customers usually rely on Securify Negative Model Subscription Service (NMSS) to provide them with a set of signatures that are relevant to the current state of the network threats. In addition, customers can configure their own set of signatures. Securify™ then evaluates, in real time, the packets flowing through the network at all levels of the protocol stack and makes decisions on whether the traffic is consistent with the policy specification, and whether the traffic matches any configured signature. This information is presented in a Web-based analysis environment in terms that are specific to the business, and actionable for the team running the network. SecurifyTM Version 6.0 consisting of the following components:
Securify™ Studio (Studio) provides management interfaces that allows for the authoring of network security policy at multiple levels. Securify™ Monitor (Monitor) evaluates monitored network traffic according to the security policy translating business requirements. Securify™ Enterprise Manager (Enterprise Manager) combines multiple monitoring points (Monitors) into a single, real-time monitoring and management console. Each Monitor belongs to a single Security Zone (groups of Monitors that run the same policy) and the Enterprise Manager can manage multiple Security Zones. Securify™ Enterprise Reporting Gateway (ERGW or ER Gateway) component of Securify™ Enterprise Reporting solution, is used in providing quantitative network and application trend reporting. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. SecurifyTM Version 6.0 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 R2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2 extended. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in August 2009. ENVIRONMENTAL STRENGTHSThe following security functions are in the scope of the evaluation:
Vendor Information
McAfee, Inc. Luis Chirinos 408-346-3784 408-346-3000 (Fax) luis_chirinos@mcafee.com |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}