McAfee Advanced Correlation Engine
Detect threats based on what you value
Deploy McAfee Advanced Correlation Engine with McAfee Enterprise Security Manager to identify and score threat events in real time, using both rule- and risk-based logic.
Get zero-day threat detection. Analyze events for immediate threat and risk detection to determine if your organization was exposed to a specific attack in the past.
McAfee Advanced Correlation Engine has the processing power required to support rich event correlation across your entire enterprise. Its data engine scales to accommodate even the largest networks.
Correlate all logs, events, and network flows together—along with contextual information such as identity, roles, vulnerabilities, and more—to detect patterns indicative of a larger threat.
In rule-less correlation systems, detection signatures are replaced with a simple, one-time configuration, providing real-time threat detection.
Keep a complete audit trail of risk scores to allow full analysis and investigation of threat conditions over time.
Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.
McAfee Advanced Correlation Engine can be deployed as a physical or virtual appliance. Specific McAfee Advanced Correlation Engine models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed, or implied.
|Model Numbers||Maximum EPS1||Appliance Size||Local Storage2||Network Interfaces (10/100/1000)||System Requirements|
|ACE-VM-12||30,000||VM||Recommended 250GB+480GB SSD3||VM (AWS, ESX, KVM)||12 processor cores, 4GB of memory|
|ACE-VM-32||80,000||VM||Recommended 500GB+480GB SSD3||VM (AWS, ESX, KVM)||32 processor cores, 64GB of memory|
|ACE-3450||100,000||2U||1.8TB+480GB SSD||24||Requires ESM|
1Based on typical network environments using average event and flow aggregation. Depending on aggregation settings, collection type mix, overall SIEM activity, and related activities, the EPS levels for any given appliance, within an environment, may be lower.
2Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
3Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
4IPMI: Please note that all McAfee SIEM appliances, except DAS-50 and DAS-100, have IPMI adapters; for ERC HA, IPMI is used for the HA configuration.
Need additional technical resources? Visit the McAfee Expert Center