McAfee Advanced Correlation Engine monitors real-time data, allowing you to simultaneously use both correlation engines to detect risks and threats before they occur. You can deploy Advanced Correlation Engine with McAfee Enterprise Security Manager to identify and score threat events in real time using both rule- and risk-based logic.
Two dedicated correlation engines and purpose-built performance — Advanced Correlation Engine supplements McAfee Enterprise Security Manager event correlation with a risk detection engine that generates a risk score using rule-less risk score correlation, and a threat detection engine that detects threats using traditional rule-based event correlation.
Processing power to support rich event correlation across your enterprise — The standalone Advanced Correlation Engine scales to accommodate even the largest networks.
Alerts and real-time risk assessment — Identify an asset (users or groups, applications, specific servers, or subnets) and Advanced Correlation Engine alerts you if the asset is threatened. Audit trails and historical replays support forensics, compliance, and rule tuning.
Threat identification and scoring — Advanced Correlation Engine deploys alongside McAfee Enterprise Security Manager to identify and score threat events in real time using both rule- and risk-based logic.
Deploy McAfee Advanced Correlation Engine in either real-time or historical modes. In real-time mode, Advanced Correlation Engine analyzes events as they are collected for immediate threat and risk detection. You get rule-based correlation of real-time event data for detection of threats as they occur or rule-less correlation of real-time event data for detection of threats as they develop.
Provide impeccable modeling of your organizations risks by scoring attributes that matter. Develop a baseline and send notifications when normal thresholds are exceeded.
Use both correlation engines simultaneously to detect risks and threats before they occur, so you can use risk scores within traditional correlation logic.
Deploy Advanced Correlation Engine in historical mode and you can replay any historical data set through the traditional and rule-less correlation engines.
|Collection Rates||50,000 events per second1||100,000 events per second1|
|Local Storage||1.8 TB2||1.8 TB2|
Built for big security data, McAfee Global Threat Intelligence for McAfee Enterprise Security Manager (ESM) puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent security information and event management (SIEM) solution.
The security information and event management (SIEM) market is defined by the customer's need to analyze security event data in real time for internal and external threat management, and to collect, store, analyze and report on log data for regulatory compliance and forensics. The vendors that are included in Gartner’s analysis have technologies that have been designed for this purpose, and they actively market and sell these technologies to the security buying center.
The Cologne Bonn Airport is optimizing its IT security with the help of the SIEM solution from McAfee.
McAfee integrates NitroSecurity products into its portfolio, improving its SIEM offering.
Texas Tech University Health Sciences Center (TTUHSC) offers programs in medicine, nursing, pharmacy, biomedicine and health sciences.
Volusion creates comprehensive and scalable security and compliance strategies with McAfee SIEM.
Wüstenrot selected McAfee ESM model ETM-4600-ELM. With the ability to log at least 1,000 events per second (EPS), McAfee ESM was the ideal choice to meet Wüstenrot’s requirements.
Topics : SIEM
McAfee spoke with customers about integrating SIEM with Threat Intelligence and how it helped their effort to mitigate bad actors.
For a technical summary on the McAfee product listed above, please view the product data sheet.
For a technical summary on the McAfee product listed above, please view the product data sheet.
Broad adoption of SIEM technology is being driven by the need to detect threats and breaches, as well as by compliance needs. Early breach discovery requires effective user activity, data access and application activity monitoring. Vendors are improving threat intelligence and security analytics. Leading analyst firm Gartner has placed McAfee as a Leader in the Magic Quadrant for Security Information and Event Management.
[Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.]
This report takes a candid look at triggers for considering a new security management platform, walking through each aspect of the decision, and presenting a process to migrate.
This solution guide addresses the importance of implementing a strategic security and risk management program focused on prevention and protection, reducing incidents and risks across the enterprise, across every device, and across the entire IT infrastructure.
McAfee Enterprise Security Manager offers the advanced scalability, flexibility, and control you need to protect your customers’ business, and grow yours.
The McAfee SIEM solution, Enterprise Security Manager, addresses today’s complex compliance challenges by combining an established unified compliance framework with superior abilities to collect, retrieve, and protect the data required to assess and demonstrate compliance in real time. It’s tightly integrated log collection, management, analysis, and reporting improves an organization’s ability to meet compliance requirements through frameworks, streamlined workflow, and automation.
McAfee spoke with SIEM users and asked them to tell us about their primary issues with SIEM. This brief lists the top five issues along with corresponding customer case studies and use cases.
McAfee enables enterprises to collect, analyze, and preserve security forensic information. With a solution that includes content- and context-aware SIEM, McAfee provides alerts to security events, as well analysis on how the attacked occurred, affected users, and compromised data — so you can better understand the severity of a security breach.
The McAfee solution has two primary components: McAfee ePolicy Orchestrator (McAfee ePO) software and McAfee Enterprise Security Manager, with additional integrations to extend visibility and control across the entire security and compliance management environment.
SANS recently surveyed incident response (IR) teams to get a clearer picture of what they're up against today. The results are in; most organizations lack formalized IR plans, they expressed a need to collect and correlate threat intelligence and SIEM tools are their focus for improving IR capabilities.
This paper will walk you through the entire process — from soup to nuts — of evaluating, selecting, and deploying a SIEM. It offers pragmatic advice on how to get it done based on years working through this process as both consumers and vendors of SIEM technology. The process is not always painless, but we are certain it will help you avoid foundering on bad technology and inter-office politics. You owe it to yourself and your organization to ask the right questions and to get answers. It is time to slay the sacred cow of your substantial SIEM investment, and to figure out your best path forward.
Learn how network attacks can be avoided by utilizing a SIEM platform that combines historical data with real-time data from network sources and security policies to provide context around application usage, user behaviors, and other operations — for better, more accurate reporting.
This is the first part of a six-part series on compliance-driven security. This paper will illustrate how a well-structured security governance program with fully developed and implemented policies, plans, and procedures will strengthen an organization’s security posture.
This paper addresses the Big Security Data challenge and highlights the key criteria organizations need to consider for processing security information in light of today’s dynamic threat landscape.
In this paper, we explore the subject of continuous compliance versus audit-driven compliance, as well as how an ongoing approach to compliance makes compliance a positive force for securing data and systems.
McAfee EDB data management technology handles all of these SIEM/logging requirements. It is designed, implemented, maintained, and tested by our world-class in-house development team to meet the demanding requirements of SIEM/logging and leverage all of the capabilities of appropriate emerging technologies such as modern operating systems, multicore CPUs, solid state and RAM drives, and large amounts of main memory.
I recently wrote a piece in Dark Reading around the notion that Endpoint security is not dead, but instead facing a steadily mounting series of obstacles with relation to the new universe of Internet-connected devices. While there are certainly more challenges to securing corporate networks today, claiming that enforcing Endpoint security policies is basically fighting […]
The post Endpoint Security and the Reality of Ubiquitous Computing appeared first on McAfee.
En junio, Gartner, Inc. publicó su informe Magic Quadrant anual para la categoría de información de seguridad y administración de eventos (SIEM), que evalúa los proveedores que ofrecen productos SIEM en cuanto a su capacidad de ejecución y su visión global. Y este año, McAfee ocupa un lugar en el cuadrante de líderes. En un […]
The post McAfee ocupa un lugar en el cuadrante de líderes para información de seguridad y administración de eventos appeared first on McAfee.
Em junho, o Gartner, Inc. publicou seu relatório anual Quadrante Mágico para Gerenciamento de Eventos e Informações de Segurança (SIEM), o qual avalia fornecedores que oferecem produtos de SIEM, tanto em sua capacidade de execução quanto em abrangência de visão. Neste ano, a McAfee obteve uma colocação no quadrante de líderes. Uma vez que o […]
The post McAfee obteve uma colocação no quadrante de líderes para Gerenciamento de Eventos e Informações de Segurança appeared first on McAfee.
Each year between $2-3 trillion of the global economy is generated via the Internet. With cybercrime expected to extract roughly 15-20% of these funds – a total sum of roughly $500 billion – the impact of cybercrime will undoubtedly be felt in the wallets of businesses and individuals alike. Financial loss is just one component […]
The post September EMEA #SecChat – The Economic Impact of Cybercrime appeared first on McAfee.
Where certain flamboyant IPOs and mergers might lead one to think advanced malware was a solved problem, Black Hat demonstrated just the opposite. This year, we uncovered that security experts are still spending days and weeks of each month dealing with advanced malware. In response to this realization, they acknowledge they need more than a […]