McAfee SIA SIEM-Integrated Partners

McAfee SIA partner solutions integrated into McAfee Enterprise Security Manager turn billions of “so what?” events into actionable information via context and advanced analytics. One of the biggest pain points of legacy security information and event management (SIEM) solutions is the lack of real-time situational awareness due to manual workflows for incident response. McAfee’s next-generation SIEM solution, McAfee Enterprise Security Manager, integrates not only into the broader McAfee portfolio but also into key SIA partner solutions, providing actionable situational awareness through enhanced data management and intelligence.

Leveraging the value of the Security Connected framework from McAfee allows for faster response, lower TCO, and business-wide visibility across systems, networks, and data — helping organizations respond to attacks more quickly and efficiently than relying solely on SOC staff to drive incident response. The following SIEM-integrated partner solutions provide a variety of workflows across organizations, further increasing SOC staff productivity.

View a list of McAfee SIEM supported devices.


SIA Partner Description McAfee Compatible
Aruba Networks

Aruba Networks is a leading provider of next-generation network access solutions for the mobile enterprise. The company's Mobility-Defined Networks empower IT departments to support #GenMobile, a new generation of tech-savvy users who rely on mobile devices for every aspect of work and personal communication. Aruba delivers a secure mobility experience by automating infrastructure-wide performance optimization and security actions that previously required manual IT intervention. The results are dramatically improved security, higher productivity, and lower operating costs.

Aruba has partnered with McAfee to deliver an end-to-end enterprise risk mitigation and management solution by integrating with the McAfee SIEM solution. Aruba's ClearPass, a security and management solution, is a McAfee SIEM supported device. ClearPass is an ultra-scalable, high-availability AAA solution with policy management, guest network access, device on-boarding, and device health checks, with a complete understanding of context. It leverages a user's role, device, location, application-use, and time-of-day to execute custom security policies, accelerate device deployments, and streamline network operations across wired, wireless and VPNs. Both the McAfee SIEM solution and ClearPass are positioned as Leaders in Gartner Magic Quadrants, and used together deliver enterprise-class network access.

McAfee Compatible solution:
Aruba Networks ClearPass 5.x and McAfee ESM 9.1.

Confident Technologies

Confident Technologies, Inc. (CTI) provides image-based, multifactor authentication solutions that are highly secure and easy to use. The company’s unique, image-based approach generates one-time passwords and delivers an entirely out-of-band multifactor authentication solution for strong user authentication that is simple to deploy, easy to use, and cost effective. Users authenticate by simply identifying a few pictures that fit their previously chosen, secret authentication categories. Built with responsive design, CTI’s image-based authentication solutions are ideally suited for use on mobile devices, allowing users to authenticate with just a few quick taps on the touchscreen. CTI’s image-based, multifactor authentication solutions provide strong user authentication, one-time passwords, and out-of-band authentication for secure access to online accounts, web services, applications, and other environments.

CTI’s image-based authentication and verification solutions have been fully integrated with McAfee Enterprise Security Manager (ESM), McAfee’s SIEM platform. CTI’s technologies are used to capture IP addresses and other data of users accessing enterprise systems or online accounts, and feed that data to McAfee ESM for analysis and risk management. With this integration, CTI solutions are able to provide progressive authentication based upon risk factors and security level, and provide McAfee ESM with data that can be used to identify and block malicious IP addresses, brute-force attacks, and other web-borne security threats. Image-based authentication solutions for web, mobile, and multifactor authentication can be inserted as a layer of authentication anywhere in the enterprise that will gain benefit from the additional threat intelligence fed into McAfee ESM.

McAfee Compatible solution:
Confident Image Shield 2.31 and McAfee ESM 9.1.3.

DG Technology

DG Technology provides security and compliance solutions that allow customers to integrate their z/OS mainframe computing environment directly into McAfee Enterprise Security Manager and McAfee ePolicy Orchestrator (ePO) platforms. The double-patented Mainframe Event Acquisition System (MEAS) captures events and metrics in real time on each mainframe logical partition (LPAR) and forwards selected events to McAfee Enterprise Security Manager and McAfee ePO. The types of mainframe events that can be monitored, filtered and sent include security, database, CICS, datasets and load libraries, TCPIP, FTP, WebSphere, SMP/E, master console and more.

MEAS listens for events on the mainframe within each LPAR, selecting only those required by the customer. When a desired event is detected, MEAS will capture the event details and convert the data to the appropriate format for McAfee Enterprise Security Manager or McAfee ePO. This allows customers to apply all of the features and functionality of McAfee Enterprise Security Manager and McAfee ePO to mainframe data, such as real-time dashboards, real-time notifications of critical events, out of the box and customized reporting, cross-platform event correlation, and more.

McAfee Compatible solutions:
MEAS 8.x and McAfee Enterprise Security Manager 9.3
MEAS 8.x and McAfee ePO 4.6

Fidelis Security

General Dynamics Fidelis Cybersecurity Solutions provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today’s sophisticated advanced threats and prevents data breaches. Its commercial enterprise and government customers around the globe can face advanced threats with confidence with Network Defense and Forensics Services, delivered by an elite team of security professionals with decades of hands-on experience, and award-winning Fidelis XPS Advanced Threat Defense Products, which provide visibility and control over the entire threat life cycle.

Fidelis XPS integrates with McAfee Enterprise Security Manager to deliver actionable intelligence and real-time situational awareness at the speed and scale required for security organizations to identify, understand, and respond to advanced threats quickly and efficiently. This is accomplished through a customized McAfee Enterprise Security Manager export method defined in the Fidelis XPS CommandPost enterprise management solution. The export method provided in the Fidelis XPS CommandPost is a predefined syslog format designed for use with McAfee Enterprise Security Manager. The operator does not need to enter keywords, but only specify the McAfee Enterprise Security Manager destination, event criteria for alerts and malware events, and export frequency. The Fidelis XPS CommandPost can then deliver a Fidelis XPS generated alert and recorded object data for correlation in the McAfee SIEM solution.

McAfee Compatible solution:
Fidelis XPS 7.7 and McAfee Enterprise Security Manager 9.3


ForeScout is a provider of clientless network access control and policy enforcement that does not require installing a client on endpoints, such as laptops, desktops, VoIP phones, PDAs, printers, and other devices. ForeScout’s CounterACT appliance provides a range of enforcement options when policy violations are detected.

ForeScout has partnered with McAfee to deliver a unique and powerful solution for continuous monitoring and mitigation of enterprise risk. CounterACT is a network appliance (or virtual appliance) which installs out-of-band, therefore adding no latency or potential for failure to the network. Through advanced integration modules, ForeScout CounterACT shares information with McAfee ePolicy Orchestrator (McAfee ePO) and McAfee Enterprise Security Manager (ESM), and both McAfee ePO and McAfee ESM can trigger ForeScout CounterACT to perform network actions such as quarantining a device.

Read the solution brief for more details

McAfee Compatible solution:
ForeScout CounterACT 6.3.4 and McAfee ePO 4.6
ForeScout CounterACT 6.3.4 and McAfee ESM 9.1


GuruCul is a premier security risk intelligence provider, featuring GuruCul Risk Analytics (GRA), an identity-centric behavioral risk intelligence platform. GRA is a Big Data enabled human and machine security analytics solution, providing actionable risk intelligence. GuruCul solutions improve risk, threat, and compliance postures by applying a unique identity-centric approach of correlating identity, activity, and access information to provide actionable data and prioritized alerts. GuruCul has developed the industry's most advanced patent-pending algorithms for behavior risk profiling and analyzing trends to detect threats and anomalous behavior. GRA helps organizations efficiently protect intellectual property and regulate information.

Integrating GRA into McAfee Enterprise Security Manager (ESM) provides a complete view of human and machine risk by correlating advanced SIEM events with identity-centric behavioral risk analytics. For the first time, it is possible to measure, monitor, and report on risk with machine and human behavioral patterns together. The combined McAfee ESM and GRA solution creates a whole new classification of defense-in-depth capability using anomaly detection and logic through risk algorithms that will run over a Big Data (Hadoop) platform. The seamless integration provides an actionable risk intelligence framework to defend against malicious events such as malware, insider threats, and other unforeseen risks. McAfee ESM and GRA creates predictive models to see patterns of emerging risk such as disgruntled employees or an ID that was stolen or hacked and used to steal IP. GRA provides visualizations and metrics directly to non-technical end-users to take immediate action on serious risky events quickly.

McAfee Compatible solution:
GuruCul GRA and McAfee ESM 9.4


HyTrust is a leader in policy management and access control delivering automated controls and visibility that allow its customers to scale their cloud infrastructure, virtualize even Tier 1 applications, achieve compliance, and enable multi-tenancy.

HyTrust CloudControl is the only product that captures highly detailed, real-time logs of every attempted, denied, and approved administrator action in the virtualized datacenter, while enforcing security policies based on those activities. HyTrust CloudControl is integrated with McAfee ePolicy Orchestrator, and the McAfee Enterprise Security Manager solution has been adapted to parse HyTrust log data. Without HyTrust log data, every SIEM solution has a blind spot that prevents it from capturing and analyzing actions (and attempted actions) of admins in VMware datacenters. Not all blind spots are created equal, and the consequences can range from audit failure, to the theft of virtualized applications and data, to entire datacenter outages.

McAfee Compatible solution:
HyTrust CloudControl 3.6 and McAfee Enterprise Security Manager 9.4


Invincea is a premier innovator in secure virtualization of desktop applications, protecting enterprise networks from Internet-based threats, such as spear phishing. The company’s solutions offer a unique ability to protect networks against all types of threats directed at end users including zero-day threats by seamlessly moving applications that render untrusted content into controlled, secure, virtual environments that automatically detect and terminate threats in real time. Invincea seamlessly moves the browser, PDF reader, complete Office Suite, .zip and .exe file types from the native operating system into fully virtualized and secure environments, harnessing desktop resources without changing the user experience or requiring additional network bandwidth or footprint.

Invincea's integration with McAfee ePolicy Orchestrator (ePO) and McAfee Enterprise Security Manager enables joint customers to automatically import Invincea threat data generated at the desktop point-of-attack into McAfee ePO dashboards and the McAfee Enterprise Security Manager console. This information provides an extensive forensic footprint of the attempted breach, providing unparalleled visibility into the methods, targets, and frequency of attacks. This data is available in real time for administrators to gather electronic intelligence to support broader incident response, discovery, and corporate investigations.

McAfee Compatible solutions:
Invincea Management Server 1.0, 2.0 and McAfee Enterprise Security Manager 9.3
Invincea Management Server 1.0, 2.0 and McAfee ePO 4.6

iScan Online

iScan Online is a pioneering security firm that enables scanning from the cloud to any device — anytime, anywhere. Remote workers, mobile devices, branch offices, and the bring your own device (BYOD) trend create a gap in vulnerability, compliance, and security scanning. iScan Online closes this gap by providing visibility to every device no matter where it is and when it accesses a network or application. iScan Online can perform traditional vulnerability scans, compliance scans (PCI, HIPAA), and data discovery scans (PAN, PII). Delivered via the cloud and performed on the device, iScan Online can scan thousands of devices simultaneously.

Mutual customers can initiate scans by iScan Online using the McAfee ePolicy Orchestrator (McAfee ePO) console, and the results will be integrated into McAfee Enterprise Security Manager (ESM). This will provide McAfee customers more visibility into their vulnerability, compliance, and risk posture.

McAfee Compatible solution:
iScan Online cloud based and McAfee ESM 9.4

Lieberman Software

Lieberman Software Corporation provides privileged identity management solutions to more than 1,400 customers worldwide, including half of the U.S. Fortune 50. By automatically discovering and managing privileged accounts that appear whenever enterprises deploy and change IT resources, the company's products help secure privileged access to systems, devices, databases, and applications. The company's agentless software, Enterprise Random Password Manager (ERPM) helps organizations reduce internal and external security vulnerabilities, improve IT productivity, ensure regulatory compliance, and mitigate risks associated with privilege access.

ERPM offers out-of-the-box integration with McAfee Enterprise Security Manager. ERPM works with McAfee Enterprise Security Manager to correlate security and event data, and provide oversight control of elevated privileged accounts. ERPM password check-out/check-in actions and credential changes are seen in the McAfee Enterprise Security Manager console, along with successful and failed password verifications. The McAfee Enterprise Security Manager system tracks and correlates privileged account activities, letting users monitor and respond to issues from within the McAfee Enterprise Security Manager interface. Customers can observe the actions taken by privileged users and pass this information along to security auditors. The combined technologies provide enterprises with enhanced monitoring, visibility, and management of their powerful privileged accounts.

McAfee Compatible solution:
Enterprise Random Password Manager 4.8.3 and McAfee Enterprise Security Manager 9.3


LOGbinder sends application audit logs for Microsoft Exchange, Microsoft SharePoint, and SQL Server to McAfee Enterprise Security Manager. It collects audit log data trapped inside those applications, translates it to meaningful information, and delivers this enriched data via syslog and many other output options. Founded by Randy Franklin Smith of Ultimate Windows Security, LOGbinder software preserves audit log integrity, uses least privilege, makes little impact on the monitored environment, and is focused on getting audit logs where they belong quickly and automatically.

With LOGbinder and McAfee Enterprise Security Manager, there is no need to build rules and alerts for handling the audit events because the McAfee Enterprise Security Manager developers have already prepared them, minimizing in-house work.

McAfee Compatible solution:
LOGbinder and McAfee Enterprise Security Manager 9.3


The Netfort LANGuardian ensures organizations always have a unified visibility into what is actually happening across their network. It is the industry’s leading out-of-band software for monitoring, troubleshooting, and reporting on both network security and operational issues. The LANGuardian software can be downloaded and installed on standard server hardware, VMware, or hypervisor. It captures traffic passively (usually from a SPAN or mirror port) and using Deep Packet Inspection accurately identifies and extracts the critical detail for the most common applications including Internet, SMB, SQL, and email. This valuable network metadata includes summary details on every traffic flow and granular information dependent on the application such as IP address, user name, file name, file size, domain name, URI, or SQL query. This metadata is subsequently stored in the built-in long life database for real time or historical troubleshooting.

LANGuardian integrates seamlessly into the McAfee Enterprise Security Manager environment to provide an additional complementary data source — network and user activity data — to be integrated into dashboards, graphs, and timelines. With the LANGuardian data integrated into McAfee Enterprise Security Manager, security managers have unified visibility and a single point of access to information about every aspect, including usage of the IT environment. It enables security managers to also see network activity data in context. For example, they can see traffic activity for a user to and from an internal file share including files accessed when investigating suspicious activity.

McAfee Compatible solution:
Netfort LANGuardian 10.0 or greater and McAfee Enterprise Security Manager 9.3


NIKSUN is a world leader in real-time and forensics-based cyber security and network performance monitoring solutions. The cooperation between McAfee and NIKSUN is expected to create new insights into networks by making network security flaws, which may have been unknown, visible to network administrators for instantaneous remediation.

McAfee Network Threat Behavior Analysis, an integrated component of McAfee Network Security Platform, incorporates NIKSUN. By leveraging the integration of NIKSUN's flagship appliances NetDetector or NetDetectorLive, a rich retrospective time-lapsed view of an attack across the entire infrastructure is available when a security event occurs. You can lock onto an event of interest and directly query all data flows from the last few minutes, hours, or days — all with nanosecond precision. NIKSUN products leverage features like bounce diagrams to examine command response flows, or dynamic application recognition (DAR) to quickly identify what applications are being used across the infrastructure and how they are performing. In the case of a security breach, NIKSUN allows you to instantly determine who attacked, what was taken, when it happened, and how it was accomplished.

McAfee Compatible solution:
NIKSUN and McAfee Enterprise Security Manager 9.3

nPulse Technologies

nPulse Technologies is the performance leader in packet capture and connection/session analysis. The flagship product, CPX, delivers cost-effective, indexed packet capture at speeds up to 20 Gbps. Leading companies in the Financial Services, Federal Government, and Telecommunications sectors rely on CPX for protection of network and security operations. Through its innovative Pivot2Pcap API, CPX significantly enhances existing monitoring and security solutions.

nPulse's partnership with McAfee Enterprise Security Manager (ESM) allows network security operations personnel to quickly pivot from security alerts in McAfee ESM to the packets and session-level decodes for the event. Allowing users to quickly locate and decode an entire session provides greater visibility into potential malicious activities and payloads, while also eliminating the time required to manually collate all of the packets within a session. Users can expand searches to view network activities before and after a security event, further enhancing visibility for incident response and forensics activities.

McAfee Compatible solution:
nPulse CPX 3.X, 4.0, and McAfee ESM 9.3


Most large and medium-sized companies have a multi-platform computing environment and need a SIEM solution such as McAfee Enterprise Security Manager to integrate real-time security-related events originating in their diverse computing environments. Generating real-time security events from the IBM i (AS/400) environment requires in-depth technical knowledge of its security aspects and of how it interfaces with syslog to send these alerts to a specific IP address.

McAfee Enterprise Security Manager and Raz-Lee Security IBM i (AS/400) security give customers a single-console analysis of security-related events originating on the IBM i, whether they are infrastructure-related (e.x., network access, system journal monitoring, user profile management, etc.) or related to application security (e.x., alerting when business-critical field-level data exceeds a pre-defined threshold). The joint McAfee Enterprise Security Manager and Raz-Lee solution integrates any security-related event originating on the IBM i (AS/400) into the cross-platform McAfee Enterprise Security Manager in real time, allowing customers to easily analyze security-related events originating on all platforms in the customer’s environment.

McAfee Compatible solution:
Raz-Lee iSecurity suite of security 17 and McAfee Enterprise Security Manager 9.3

RedSeal Networks

RedSeal Networks develops security posture management software that enables organizations to assess and strengthen their cyberdefenses. Unlike systems that detect attacks once they occur, RedSeal identifies holes in the security infrastructure that could be exploited — before they are discovered by hackers. RedSeal software analyzes and simplifies the complex interaction of firewalls, routers, load balancers, and hosts, delivering an in-depth understanding of overall security posture; continuous compliance with regulations such as PCI, FISMA, and SOX; and actionable steps for risk remediation.

RedSeal Vulnerability Advisor analyzes vulnerabilities discovered by McAfee Vulnerability Manager in the context of network security controls. It identifies which vulnerabilities are exposed to untrustworthy networks and which could be used to launch attacks deeper into the network. It prioritizes vulnerabilities for action based on risk, identifies network mitigation options, and reports on portions of the network that require additional scanning.

Read the solution brief for more details

McAfee Compatible solution:
RedSeal Vulnerability Advisor 6.5 and McAfee Vulnerability Manager 7.5
RedSeal Vulnerability Advisor 6.5 and McAfee Firewall Enterprise 8
RedSeal Vulnerability Advisor 6.5 and McAfee Enterprise Security Manager 9.2
RedSeal Vulnerability Advisor 6.5 and McAfee ePO 4.6
RedSeal Vulnerability Advisor 6.5 and McAfee Next Generation Firewall 5.6


Securonix provides a leading information risk intelligence platform for security and compliance professionals. The platform consumes identity, access, and activity information from any source and then uses behavior, access, and identity risk analytics to continuously identify the highest risk users, resources, and activity in the environment for proactive management. At the enterprise application level, such as SAP and Oracle, Securonix goes deeper to automatically and continuously identify and fingerprint sensitive data for data loss protection while monitoring high-risk activity and access.

McAfee DLP, McAfee ePolicy Orchestrator (McAfee ePO), and McAfee Enterprise Security Manager (ESM) customers can use Securonix to extend visibility, monitoring, and critical data protection into key enterprise applications while enriching security management with advanced identity, access, behavior analysis, and dynamic policies. This integrated McAfee-Securonix solution extends valuable coverage to an enterprise’s critical applications while focusing the output down to an actionable set through analytics.

Read the solution brief for more details

McAfee Compatible solution:
Securonix Identity Intelligence 3.1, Securonix Threat & Risk Intelligence 3.1, Securonix Application Intelligence 3.1 and McAfee Data Loss Prevention 9


TITUS is a leading provider of security and compliance software that helps organizations share information securely while meeting policy and compliance requirements. TITUS solutions raise awareness and meet regulatory compliance by visually alerting end users to the sensitivity of information. Products include TITUS Classification, a leading message, document, and file classification and labeling solution; TITUS Aware, products that enhance data loss prevention by detecting sensitive information at the desktop; and the TITUS family of security solutions for Microsoft SharePoint. TITUS solutions are deployed to more than 1.5 million users within more than 300 military, government, and enterprise customers worldwide.

The integration of TITUS Classification solutions with McAfee Data Loss Prevention (DLP) and McAfee Enterprise Security Manager reduces the risk of data loss by capturing users’ inherent knowledge about the sensitivity of information. These applications work together to make that information available to McAfee host- and network-based DLP and enable the DLP solutions to take action based on the user classification labels and metadata. Users are empowered to classify information sensitivity, so organizations don’t have to rely solely on automated content scanning to determine what is sensitive. The originator, who knows the content best, can proactively indicate that the information is sensitive, for more intelligent and accurate DLP decisions. The individual and combined activities (e.x., event logs) of both TITUS and McAfee DLP can then be captured and aggregated by McAfee Enterprise Security Manager situational analysis and corresponding actions so required.

McAfee Compatible solutions:
TITUS Message Classification 3.5, TITUS Classification for Microsoft Office 3.5, TITUS Classification for Desktop 1.3 and McAfee Enterprise Security Manager 9.3, McAfee DLP 9.3

Topia Technology

Secure Fabric Platform, a Topia Technology solution, extends McAfee Enterprise Security Manager features by providing insight into the access, sharing, transfer, and storage of individual files. This powerful combination of McAfee Enterprise Security Manager and the Secure Fabric Platform provides event information, analysis, auditing, and reporting on file data as files are shared or synced within and beyond traditional enterprise borders.

McAfee Enterprise Security Manager uses global threat intelligence to proactively determine threats to the enterprise and provides security information and event management. McAfee Enterprise Security Manager mines log data related to file sharing, including email logs, and tracks data flow by IP address. The Secure Fabric Platform greatly extends the utility of the McAfee Enterprise Security Manager by feeding log data and full-audit trails with much greater granularity. The McAfee-compatible solution aggregates the audit logs and tracking information allowing security administrators to predict and prevent unauthorized sharing of sensitive information. This includes the insecure storage of corporate files as well as ensuring compliance with corporate data security policies.

McAfee Compatible Solution:
Secure Fabric Platform 4.3 and McAfee Enterprise Security Manager 9.3


Trapezoid is a leader in Trust Data Intelligence (TDI), providing hardware-based security architecture solutions for enterprise cloud environments. Through a portfolio of innovative products and managed services, Trapezoid engineers security infrastructure using Intel Trusted Execution Technology (Intel TXT) for a growing roster of Global 2000 companies. By establishing security policies that take into account hardware data, Trapezoid provides the first-ever actionable and reportable hardware-centric security posture.

Trapezoid has teamed with Intel to use Intel TXT trusted values and incorporate these into real-world use cases. These use cases will highlight the importance of hardware trust as part of an enterprise’s or cloud provider’s overall security posture. Intel TXT, part of Intel Xeon processor E5-family based servers, enables an end user to validate and attest that they are running their applications on both trusted hardware and a trusted hypervisor. In addition, Trapezoid is working with Intel Identity Protection Technology (Intel IPT) and Intel Expressway Cloud Access 360 to help clients work securely on cloud environments. As part of the SIA program, Trapezoid is integrated into McAfee ePolicy Orchestrator (McAfee ePO) and McAfee SIEM technologies (McAfee Enterprise Security Manager) to deliver policy-based management on trusted endpoints.

McAfee Compatible solution:
Trapezoid and McAfee ESM 9.1


Vormetric is the industry leader in data security solutions that span physical, virtual, and cloud environments. Data is the new currency and Vormetric helps over 1,400 customers, including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The scalable Vormetric Data Security Platform protects any file, any database, and any application data — anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation, and security intelligence.

Vormetric security-intelligence log data provides granular information on file-level access of sensitive data and administrative users attempting to imitate another user. This log data provides rich contextual information to the McAfee Enterprise Security Manager platform to generate compliance reports and alert on suspicious and unusual file-level access of sensitive data.

McAfee Compatible solution:
Vormetric Data Security Manager 5.2.1, Vormetric Transparent Encryption 5.2.1, Vormetric Application Encryption 5.2.1, and McAfee Enterprise Security Manager 9.4

Waterfall Security Solutions

Waterfall Security Solutions Ltd. is the leading provider of Unidirectional Security Gateways and data diodes for industrial networks, SCADA systems, remote monitoring systems, and isolated networks. Waterfall Gateways secure industrial networks from network attacks originating from external networks. Waterfall’s security solutions make it straightforward for utilities and critical infrastructures to achieve compliance with NERC-CIP, NRC, NIST, and other regulations, as well as with cybersecurity best practices. Waterfall’s offerings include support for leading industrial applications, such as OSIsoft PI Historian, GE Proficy iHistorian, Siemens SIMATIC, and GE OSM remote monitoring platforms, and leading industrial protocols, such as OPC, Modbus, DNP3, and ICCP.

Waterfall Unidirectional Gateways provide McAfee Enterprise Security Manager (ESM) installations with visibility into security events and other information in segregated critical infrastructure networks. In addition, McAfee and Waterfall have cooperated to test, validate, and support Waterfall for McAfee ESM, a solution which replicates McAfee ESM data out of Waterfall-isolated networks. The solution permits the industry-leading McAfee SIEM solution and other SIEM components inside of security-isolated networks to secure and manage isolated networks, while still providing visibility into those networks.

McAfee Compatible solution:
Waterfall Unidirectional Gateway and McAfee Enterprise Security Manager


ZeroFOX, a social risk-management company, is pioneering security technology that enables organizations to detect and prevent social media-based cyberthreats, including targeted malware, phishing, social engineering, impersonations, and other fraudulent or malicious activity. Its proprietary Security Analysis Engine (SAE) analyzes social networks and distills threat intelligence through ZeroFOX Enterprise — a centralized, cloud-based platform empowering users to take action on alerts and incoming threats. By combating social media risk exposure, ZeroFOX increases an organization’s security posture, while reducing incident response and crisis communications costs.

ZeroFOX raw social media attack data is integrated with McAfee Enterprise Security Manager, parsed, and displayed. The attack data can then be correlated with existing event data to provide a new layer of context within the SIEM solution. This added layer of social media attack intelligence is critical in effectively providing a proactive defense-in-depth security posture — detecting attacks before they hit your network, correlating threats in real time to stop attacks in progress, and understanding the genesis of an attack after it has occurred.

McAfee Compatible solution:
ZeroFox solution and McAfee Enterprise Security Manager 9.4