printer friendly version

Situational and risk aware SIEM

McAfee has announced situational awareness and accuracy for Security Information and Event Management (SIEM). The introduction of McAfee Enterprise Security Manager (formerly NitroView) expands SIEM from simple event analysis to accurate and actionable information through the integration of threat, user and counter measure intelligence. The McAfee ‘built for Big Security Data’ SIEM, includes dynamic threat visibility from McAfee Global Threat Intelligence, and counter measure awareness through McAfee ePolicy Orchestrator software and McAfee Risk Advisor.

McAfee Enterprise Security Manager provides meaningful intelligence and takes SIEM to a real-time understanding of the global threat landscape by delivering immediate information on events, users, systems, data, risks, and counter measures for accurate situational awareness. This rich understanding of security – by connecting the dots and pinpointing attacks – reduces time to respond and provides intelligently prioritised security alerts.

The big data challenge

Core to increasing situational awareness is the ability to collect, maintain and intelligently process billions of relational data points both in real-time and historically. Unlike other SIEMs that are struggling to keep up with exponentially increasing data flows, McAfee Enterprise Security Manager has a scalable database that was built to handle big security data. With this unique capability, the solution is capable of not only processing billions of events per day, but connecting those events with threat, counter measure and user identity information to provide accurate and actionable intelligence.

Two-way integration with McAfee ePolicy Orchestrator software extends visibility and control across the entire security and compliance environment. Integration with Global Threat Intelligence from McAfee Labs provides the ability to correlate real-world source reputation information with security events so organisations can automatically pinpoint probing and active attacks and immediately shut them down. Through integration with McAfee Risk Advisor, McAfee Enterprise Security Manager leverages risk, vulnerability and counter measure context to provide the most accurate risk score available – allowing enterprises to prioritise responses based on the security posture of the target.

The Security Connected Reference Architecture is an open framework supported by McAfee Enterprise Security Manager, providing an easy to use GUI that allows for parsing of security data from custom applications or other third-party sources. McAfee currently supports over 300 security data sources as input into Enterprise Security Manager and is committed to extending support for third-party data sources, having added 70 new sources since the Nitro Security acquisition.

For more information visit http://us/products/siem/index.aspx

Share this article:

Further reading: