McAfee Event Receiver appliances are responsible for the collection of log and event information from hundreds of third-party devices including firewalls, IDS/IPS devices, UTMs, switches, routers, applications, servers and workstations, identity and authentication systems, vulnerability assessment scanners, and more. McAfee Event Receiver uses a variety of collection methods including passive log collection, authenticated log collection, CEF, OPSEC, SDEE, XML, ODBC, as well as an encrypted collection validated to FIPS 140-2 Level 2.
Robust collection, powerful correlation — When a McAfee Event Receiver collects an event, it parses all relevant details into a fully normalized event taxonomy, and then provides full correlation against all events to detect larger incidents. McAfee Event Receiver correlates events collected by other distributed receivers for system-wide threat detection.
Flexible collection architecture — McAfee Enterprise Security Manager supports fully centralized “all-in-one” event collection and management, or fully distributed event collection using dedicated Event Receiver appliances, rated for several thousand to tens of thousands of events per second.
High reliability — Deploy McAfee Event Receiver redundantly for maximum reliability without any risk of data loss.
Preserve and store all details of parsed and correlated events in a highly indexed database for fast retrieval and analysis.
Make highly distributed deployment easier and more cost effective with virtual appliances.
Collect over 20,000 events per second with a single McAfee Event Receiver. Every Event Receiver caches all collected data locally to preserve data in the event of a network communication error or outage.
|Description||McAfee Event Receiver collects third-party logs, events, and data for correlation and analysis by McAfee Enterprise Security Manager||McAfee Event Receiver collects third-party logs, events, and data for correlation and analysis by McAfee Enterprise Security Manager||McAfee Event Receiver collects third-party logs, events, and data for correlation and analysis by McAfee Enterprise Security Manager|
|Collection Rates||20,000 events per second||15,000 events per second||10,000 events per second||5,000 events per second|
|Local Storage||3 TB||1.8 TB||1.8 TB||1 TB|
Built for big security data, McAfee Global Threat Intelligence for McAfee Enterprise Security Manager (ESM) puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent security information and event management (SIEM) solution.
The security information and event management (SIEM) market is defined by the customer's need to analyze security event data in real time for internal and external threat management, and to collect, store, analyze and report on log data for regulatory compliance and forensics. The vendors that are included in Gartner’s analysis have technologies that have been designed for this purpose, and they actively market and sell these technologies to the security buying center.
The McAfee Enterprise Security Manager is able to gather, store, and analyze logs and data from a large amount of sources and then correlate events based on rules, possible risk, or historical trends.
McAfee integrates NitroSecurity products into its portfolio, improving its SIEM offering.
Topics : Risk & Compliance, Security Management, SIEM
Topics : SIEM
McAfee spoke with customers about integrating SIEM with Threat Intelligence and how it helped their effort to mitigate bad actors.
Learn about the top five issues with SIEM: Big Security Data, Content and User Awareness, Dynamic Context, Solution Customization, and Business Value.