Our high-performance, powerful security information and event management (SIEM) brings event, threat, and risk data together to provide strong security intelligence, rapid incident response, seamless log management, and extensible compliance reporting. At the core of our SIEM offering, Enterprise Security Manager consolidates, correlates, assesses, and prioritizes security events for both third-party and McAfee solutions. As part of the Security Connected framework, McAfee Enterprise Security Manager tightly integrates with McAfee ePolicy Orchestrator (McAfee ePO) software, McAfee Risk Advisor, and Global Threat Intelligence — delivering the context required for autonomous and adaptive security risk management.
McAfee Enterprise Security Manager provides the speed and rich context required to identify critical threats, respond quickly, and easily address compliance requirements. Continuous global threat and enterprise risk feeds deliver adaptive and autonomous risk management, allowing remediation of threats and compliance reporting in minutes instead of hours.
Built for big security data, McAfee Global Threat Intelligence for Enterprise Security Manager (ESM) puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent Security Information and Event Management (SIEM).
McAfee Enterprise Log Manager automates log management and analysis for all log types, including Windows Event logs, Database logs, Application logs, and Syslogs. Logs are signed and validated, ensuring authenticity and integrity — a necessity for regulatory compliance and forensics. Out-of-the-box compliance rule sets and reports make it simple to prove your organization is in compliance with regulations and internal policies.
McAfee Advanced Correlation Engine monitors real-time data, allowing you to simultaneously use both rule-based and rule-less correlation engines to detect risks and threats before they occur. You can deploy Advanced Correlation Engine in either real-time or historical modes.
McAfee Application Data Monitor decodes an entire application session to Layer 7, providing a full analysis of everything from the underlying protocols and session integrity all the way up to the actual contents of the application (such as the text of an email or its attachments). This level of detail supports accurate analysis of real application use, while also enabling you to enforce application use policies and detect malicious, covert traffic.
McAfee Database Event Monitor for SIEM delivers non-intrusive, detailed security logging of database transactions by monitoring access to database configurations and data. It not only consolidates database activity into a central audit repository, but integrates with McAfee Enterprise Security Manager to intelligently analyze and detect suspicious activity.
McAfee Event Receiver collects third-party events and logs — and performs native network flow collection — faster and more reliably than any other solution.
In May, we wrote about the breach discovery gap, which is the time it takes IT security practitioners to discover a data breach after their systems have been compromised in a cyberattack. We made this critical point: Stopping attacks before they breach and narrowing the breach discovery gap require the ability to detect threats at […]