McAfee SIA SIEM-Integrated Partners

McAfee SIA partner solutions integrated into McAfee Enterprise Security Manager turn billions of “so what?” events into actionable information via context and advanced analytics. One of the biggest pain points of legacy security information and event management (SIEM) solutions is the lack of real-time situational awareness due to manual workflows for incident response. McAfee’s next-generation SIEM solution, McAfee Enterprise Security Manager, integrates not only into the broader McAfee portfolio but also into key SIA partner solutions, providing actionable situational awareness through enhanced data management and intelligence.

Leveraging the value of the Security Connected framework from McAfee allows for faster response, lower TCO, and business-wide visibility across systems, networks, and data — helping organizations respond to attacks more quickly and efficiently than relying solely on SOC staff to drive incident response. The following SIEM-integrated partner solutions provide a variety of workflows across organizations, further increasing SOC staff productivity.

SIA Partner Description McAfee Compatible
Confident Technologies

Confident Technologies, Inc. (CTI) provides image-based, multifactor authentication solutions that are highly secure and easy to use. The company’s unique, image-based approach generates one-time passwords and delivers an entirely out-of-band multifactor authentication solution for strong user authentication that is simple to deploy, easy to use, and cost effective. Users authenticate by simply identifying a few pictures that fit their previously chosen, secret authentication categories. Built with responsive design, CTI’s image-based authentication solutions are ideally suited for use on mobile devices, allowing users to authenticate with just a few quick taps on the touchscreen. CTI’s image-based, multifactor authentication solutions provide strong user authentication, one-time passwords, and out-of-band authentication for secure access to online accounts, web services, applications, and other environments.

CTI’s image-based authentication and verification solutions have been fully integrated with McAfee Enterprise Security Manager (ESM), McAfee’s SIEM platform. CTI’s technologies are used to capture IP addresses and other data of users accessing enterprise systems or online accounts, and feed that data to McAfee ESM for analysis and risk management. With this integration, CTI solutions are able to provide progressive authentication based upon risk factors and security level, and provide McAfee ESM with data that can be used to identify and block malicious IP addresses, brute-force attacks, and other web-borne security threats. Image-based authentication solutions for web, mobile, and multifactor authentication can be inserted as a layer of authentication anywhere in the enterprise that will gain benefit from the additional threat intelligence fed into McAfee ESM.

McAfee Compatible solution:
Confident Image Shield 2.31 and McAfee ESM 9.1.3.

ForeScout

ForeScout is a provider of clientless network access control and policy enforcement that does not require installing a client on endpoints, such as laptops, desktops, VoIP phones, PDAs, printers, and other devices. ForeScout’s CounterACT appliance provides a range of enforcement options when policy violations are detected.

ForeScout has partnered with McAfee to deliver a unique and powerful solution for continuous monitoring and mitigation of enterprise risk. CounterACT is a network appliance (or virtual appliance) which installs out-of-band, therefore adding no latency or potential for failure to the network. Through advanced integration modules, ForeScout CounterACT shares information with McAfee ePolicy Orchestrator (McAfee ePO) and McAfee Enterprise Security Manager (ESM), and both McAfee ePO and McAfee ESM can trigger ForeScout CounterACT to perform network actions such as quarantining a device.

Read the solution brief for more details

McAfee Compatible solution:
ForeScout CounterACT 6.3.4 and McAfee ePO 4.6
ForeScout CounterACT 6.3.4 and McAfee ESM 9.1

GuruCul

GuruCul is a premier security risk intelligence provider, featuring GuruCul Risk Analytics (GRA), an identity-centric behavioral risk intelligence platform. GRA is a Big Data enabled human and machine security analytics solution, providing actionable risk intelligence. GuruCul solutions improve risk, threat, and compliance postures by applying a unique identity-centric approach of correlating identity, activity, and access information to provide actionable data and prioritized alerts. GuruCul has developed the industry's most advanced patent-pending algorithms for behavior risk profiling and analyzing trends to detect threats and anomalous behavior. GRA helps organizations efficiently protect intellectual property and regulate information.

Integrating GRA into McAfee Enterprise Security Manager (ESM) provides a complete view of human and machine risk by correlating advanced SIEM events with identity-centric behavioral risk analytics. For the first time, it is possible to measure, monitor, and report on risk with machine and human behavioral patterns together. The combined McAfee ESM and GRA solution creates a whole new classification of defense-in-depth capability using anomaly detection and logic through risk algorithms that will run over a Big Data (Hadoop) platform. The seamless integration provides an actionable risk intelligence framework to defend against malicious events such as malware, insider threats, and other unforeseen risks. McAfee ESM and GRA creates predictive models to see patterns of emerging risk such as disgruntled employees or an ID that was stolen or hacked and used to steal IP. GRA provides visualizations and metrics directly to non-technical end-users to take immediate action on serious risky events quickly.

McAfee Compatible solution:
GuruCul GRA and McAfee ESM 9.4

iScan Online

iScan Online is a pioneering security firm that enables scanning from the cloud to any device — anytime, anywhere. Remote workers, mobile devices, branch offices, and the bring your own device (BYOD) trend create a gap in vulnerability, compliance, and security scanning. iScan Online closes this gap by providing visibility to every device no matter where it is and when it accesses a network or application. iScan Online can perform traditional vulnerability scans, compliance scans (PCI, HIPAA), and data discovery scans (PAN, PII). Delivered via the cloud and performed on the device, iScan Online can scan thousands of devices simultaneously.

Mutual customers can initiate scans by iScan Online using the McAfee ePolicy Orchestrator (McAfee ePO) console, and the results will be integrated into McAfee Enterprise Security Manager (ESM). This will provide McAfee customers more visibility into their vulnerability, compliance, and risk posture.

McAfee Compatible solution:
iScan Online cloud based and McAfee ESM 9.4

nPulse Technologies

nPulse Technologies is the performance leader in packet capture and connection/session analysis. The flagship product, CPX, delivers cost-effective, indexed packet capture at speeds up to 20 Gbps. Leading companies in the Financial Services, Federal Government, and Telecommunications sectors rely on CPX for protection of network and security operations. Through its innovative Pivot2Pcap API, CPX significantly enhances existing monitoring and security solutions.

nPulse's partnership with McAfee Enterprise Security Manager (ESM) allows network security operations personnel to quickly pivot from security alerts in McAfee ESM to the packets and session-level decodes for the event. Allowing users to quickly locate and decode an entire session provides greater visibility into potential malicious activities and payloads, while also eliminating the time required to manually collate all of the packets within a session. Users can expand searches to view network activities before and after a security event, further enhancing visibility for incident response and forensics activities.

McAfee Compatible solution:
nPulse CPX 3.X, 4.0, and McAfee ESM 9.3

RedSeal Networks

RedSeal Networks develops security posture management software that enables organizations to assess and strengthen their cyberdefenses. Unlike systems that detect attacks once they occur, RedSeal identifies holes in the security infrastructure that could be exploited — before they are discovered by hackers. RedSeal software analyzes and simplifies the complex interaction of firewalls, routers, load balancers, and hosts, delivering an in-depth understanding of overall security posture; continuous compliance with regulations such as PCI, FISMA, and SOX; and actionable steps for risk remediation.

RedSeal Vulnerability Advisor analyzes vulnerabilities discovered by McAfee Vulnerability Manager in the context of network security controls. It identifies which vulnerabilities are exposed to untrustworthy networks and which could be used to launch attacks deeper into the network. It prioritizes vulnerabilities for action based on risk, identifies network mitigation options, and reports on portions of the network that require additional scanning.

Read the solution brief for more details

McAfee Compatible solution:
RedSeal Vulnerability Advisor 6.5 and McAfee Vulnerability Manager 7.5
RedSeal Vulnerability Advisor 6.5 and McAfee Firewall Enterprise 8
RedSeal Vulnerability Advisor 6.5 and McAfee Enterprise Security Manager 9.2
RedSeal Vulnerability Advisor 6.5 and McAfee ePO 4.6
RedSeal Vulnerability Advisor 6.5 and McAfee Next Generation Firewall 5.6

Securonix

Securonix provides a leading information risk intelligence platform for security and compliance professionals. The platform consumes identity, access, and activity information from any source and then uses behavior, access, and identity risk analytics to continuously identify the highest risk users, resources, and activity in the environment for proactive management. At the enterprise application level, such as SAP and Oracle, Securonix goes deeper to automatically and continuously identify and fingerprint sensitive data for data loss protection while monitoring high-risk activity and access.

McAfee DLP, McAfee ePolicy Orchestrator (McAfee ePO), and McAfee Enterprise Security Manager (ESM) customers can use Securonix to extend visibility, monitoring, and critical data protection into key enterprise applications while enriching security management with advanced identity, access, behavior analysis, and dynamic policies. This integrated McAfee-Securonix solution extends valuable coverage to an enterprise’s critical applications while focusing the output down to an actionable set through analytics.

Read the solution brief for more details

McAfee Compatible solution:
Securonix Identity Intelligence 3.1, Securonix Threat & Risk Intelligence 3.1, Securonix Application Intelligence 3.1 and McAfee Data Loss Prevention 9

Topia Technology

Topia Technology is an innovative provider of solutions that securely move and manage data in complex distributed systems. Each solution utilizes proprietary shredding and multilayer encryption to provide military-grade security for data at rest and in transit, ensuring the highest degree of data integrity, availability, performance, and end-to-end data governance. Topia Technology solutions leverage enterprise infrastructure assets and provide secure syncing and sharing across any device and data repository, lowering TCO and maximizing workflows.

Topia Technology’s Enterprise File Sync and Share Platform (EFSS), Skoot, extends the security features of McAfee ePolicy Orchestrator (McAfee ePO) by providing insight into individual files. This powerful combination of McAfee ePO and the Skoot Platform provides event information, analysis, auditing, and reporting on file data as it is shared or synced. As files are securely shared both inside and outside the enterprise, the Skoot Platform reports the source, destination, and selected recipient information that can then be used to enforce policy through McAfee ePO.

Read the solution brief for more details

McAfee Compatible Solution:
McAfee Enterprise Security Manager 9.3 and Skoot 4.3

Trapezoid

Trapezoid is a leader in Trust Data Intelligence (TDI), providing hardware-based security architecture solutions for enterprise cloud environments. Through a portfolio of innovative products and managed services, Trapezoid engineers security infrastructure using Intel Trusted Execution Technology (Intel TXT) for a growing roster of Global 2000 companies. By establishing security policies that take into account hardware data, Trapezoid provides the first-ever actionable and reportable hardware-centric security posture.

Trapezoid has teamed with Intel to use Intel TXT trusted values and incorporate these into real-world use cases. These use cases will highlight the importance of hardware trust as part of an enterprise’s or cloud provider’s overall security posture. Intel TXT, part of Intel Xeon processor E5-family based servers, enables an end user to validate and attest that they are running their applications on both trusted hardware and a trusted hypervisor. In addition, Trapezoid is working with Intel Identity Protection Technology (Intel IPT) and Intel Expressway Cloud Access 360 to help clients work securely on cloud environments. As part of the SIA program, Trapezoid is integrated into McAfee ePolicy Orchestrator (McAfee ePO) and McAfee SIEM technologies (McAfee Enterprise Security Manager) to deliver policy-based management on trusted endpoints.

McAfee Compatible solution:
Trapezoid and McAfee ESM 9.1

Waterfall Security Solutions

Waterfall Security Solutions Ltd. is the leading provider of Unidirectional Security Gateways and data diodes for industrial networks, SCADA systems, remote monitoring systems, and isolated networks. Waterfall Gateways secure industrial networks from network attacks originating from external networks. Waterfall’s security solutions make it straightforward for utilities and critical infrastructures to achieve compliance with NERC-CIP, NRC, NIST, and other regulations, as well as with cybersecurity best practices. Waterfall’s offerings include support for leading industrial applications, such as OSIsoft PI Historian, GE Proficy iHistorian, Siemens SIMATIC, and GE OSM remote monitoring platforms, and leading industrial protocols, such as OPC, Modbus, DNP3, and ICCP.

Waterfall Unidirectional Gateways provide McAfee Enterprise Security Manager (ESM) installations with visibility into security events and other information in segregated critical infrastructure networks. In addition, McAfee and Waterfall have cooperated to test, validate, and support Waterfall for McAfee ESM, a solution which replicates McAfee ESM data out of Waterfall-isolated networks. The solution permits the industry-leading McAfee SIEM solution and other SIEM components inside of security-isolated networks to secure and manage isolated networks, while still providing visibility into those networks.

McAfee Compatible solution:
Waterfall Unidirectional Gateway and McAfee Enterprise Security Manager