McAfee Advanced Correlation Engine

McAfee Advanced Correlation Engine

Sophisticated, dedicated threat detection based on risk and real-time data

Next Steps:

Overview

McAfee Advanced Correlation Engine monitors real-time data, allowing you to simultaneously use both correlation engines to detect risks and threats before they occur. You can deploy Advanced Correlation Engine with McAfee Enterprise Security Manager to identify and score threat events in real time using both rule- and risk-based logic.

Two dedicated correlation engines and purpose-built performance — Advanced Correlation Engine supplements McAfee Enterprise Security Manager event correlation with a risk detection engine that generates a risk score using rule-less risk score correlation, and a threat detection engine that detects threats using traditional rule-based event correlation.

Processing power to support rich event correlation across your enterprise — The standalone Advanced Correlation Engine scales to accommodate even the largest networks.

Alerts and real-time risk assessment — Identify an asset (users or groups, applications, specific servers, or subnets) and Advanced Correlation Engine alerts you if the asset is threatened. Audit trails and historical replays support forensics, compliance, and rule tuning.

Threat identification and scoring — Advanced Correlation Engine deploys alongside McAfee Enterprise Security Manager to identify and score threat events in real time using both rule- and risk-based logic.

McAfee Positioned in Leaders Quadrant of the Magic Quadrant for SIEM

Features & Benefits

Get real-time and historical threat detection

Deploy McAfee Advanced Correlation Engine in either real-time or historical modes. In real-time mode, Advanced Correlation Engine analyzes events as they are collected for immediate threat and risk detection. You get rule-based correlation of real-time event data for detection of threats as they occur or rule-less correlation of real-time event data for detection of threats as they develop.

Model your enterprise risk

Provide impeccable modeling of your organizations risks by scoring attributes that matter. Develop a baseline and send notifications when normal thresholds are exceeded.

Leverage proactive risk assessments against critical data

Use both correlation engines simultaneously to detect risks and threats before they occur, so you can use risk scores within traditional correlation logic.

Achieve recursive threat assessment

Deploy Advanced Correlation Engine in historical mode and you can replay any historical data set through the traditional and rule-less correlation engines.

System Requirements

Hardware Specifications ACE-2600 ACE-3450
Collection Rates 50,000 events per second1 100,000 events per second1
Local Storage 1.8 TB2 1.8 TB2

  1. Based on typical network environments using average event and flow aggregation.
  2. Represents usable event and flow storage, after RAID configuration.

Demos / Tutorials

Demos

Built for big security data, McAfee Global Threat Intelligence for McAfee Enterprise Security Manager (ESM) puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent security information and event management (SIEM) solution.

Awards / Reviews

Gartner
McAfee Positioned as a Leader by Gartner in MQ for SIEM Based on Completeness of Vision and Ability to Execute

The security information and event management (SIEM) market is defined by the customer's need to analyze security event data in real time for internal and external threat management, and to collect, store, analyze and report on log data for regulatory compliance and forensics. The vendors that are included in Gartner’s analysis have technologies that have been designed for this purpose, and they actively market and sell these technologies to the security buying center.

Customer Stories

McAfee

McAfee integrates NitroSecurity products into its portfolio, improving its SIEM offering.

Highlights
  • Significantly shortens time to analyze security events from four to six days to less than 10 minutes
  • Decreases time to produce PCI compliance reports from eight to 12 hours to 10 minutes
  • Saves administrative time and manual maintenance while eliminating unnecessary activities
  • Facilitates disaster recovery and allows for proper use of virtual machines
  • Improves the organization’s overall security posture in the industry

Resources

Brochures

Focus on 5 - Threat Intelligence SIEM Requirements

McAfee spoke with customers about integrating SIEM with Threat Intelligence and how it helped their effort to mitigate bad actors.

Focus on 5 - SIEM Requirements

Learn about the top five issues with SIEM: Big Security Data, Content and User Awareness, Dynamic Context, Solution Customization, and Business Value.

Data Sheets

McAfee Collector Plug-in

For a technical summary on the McAfee product listed above, please view the product data sheet.

Advanced Correlation Engine

For a technical summary on the McAfee product listed above, please view the product data sheet.

Reports

Security Management 2.0—Time to Replace Your SIEM?

This report takes a candid look at triggers for considering a new security management platform, walking through each aspect of the decision, and presenting a process to migrate.

Pike Pulse Report: Smart Grid Cyber Security Governance, Risk Management, and Compliance

This Pike Pulse report presents an analysis of the current governance, risk management, and compliance (GRC) vendors that are believed to be the best positioned for the future. McAfee scores the highest in assessment of GRC vendors for smart grid security.

McAfee Positioned in Leaders Quadrant of the Magic Quadrant for SIEM

Broad adoption of SIEM technology is being driven by the need to detect threats and breaches, as well as by compliance needs. Early breach discovery requires effective user activity, data access and application activity monitoring. Leading analyst firm Gartner has placed McAfee as a Leader in the Magic Quadrant for Security Information and Event Management.

[Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.]

Technology Blueprints

Achieve Situational Awareness

The McAfee solution has two primary components: McAfee ePolicy Orchestrator (McAfee ePO) software and McAfee Enterprise Security Manager, with additional integrations to extend visibility and control across the entire security and compliance management environment.

White Papers

The Big Security Data Challenge

This paper addresses the Big Security Data challenge and highlights the key criteria organizations need to consider for processing security information in light of today’s dynamic threat landscape.

Security Management 2.5 – Replacing Your SIEM Yet?

This paper will walk you through the entire process — from soup to nuts — of evaluating, selecting, and deploying a SIEM. It offers pragmatic advice on how to get it done based on years working through this process as both consumers and vendors of SIEM technology. The process is not always painless, but we are certain it will help you avoid foundering on bad technology and inter-office politics. You owe it to yourself and your organization to ask the right questions and to get answers. It is time to slay the sacred cow of your substantial SIEM investment, and to figure out your best path forward.

Security Information and Event Management

McAfee EDB data management technology handles all of these SIEM/logging requirements. It is designed, implemented, maintained, and tested by our world-class in-house development team to meet the demanding requirements of SIEM/logging and leverage all of the capabilities of appropriate emerging technologies such as modern operating systems, multicore CPUs, solid state and RAM drives, and large amounts of main memory.

Pike Research: Monitoring and Securing SCADA Networks

This white paper examines cyber security issues for industrial control systems with a specific focus on security event monitoring as it applies to industrial control networks such as SCADA.

Continuous Compliance: Is It a Reality?

In this paper, we explore the subject of continuous compliance versus audit-driven compliance, as well as how an ongoing approach to compliance makes compliance a positive force for securing data and systems.

Community

Blogs

Threats and Risks