This blog was written by Scott Montgomery, McAfee’s previous vice president and chief technology officer of public sector.
It’s hard enough to keep pace with network demands and be able to detect threats in real time. It’s even harder to stay on top of all the information generated about those threats, intrusions and suspicious network behavior. Enter SIEM, Security Information and Event Management, which in an age of big data has become essential for quickly and efficiently correlating security data in government and other enterprises. McAfee has made not only the advanced detection of threats but also the management and rapid analysis of security data a major business priority, and now that’s really paying off. Recently McAfee’s SIEM, known as Enterprise Security Manager, has received two major validations – one from Gartner and one from the U.S. federal government.
In early July Gartner released its Magic Quadrant for SIEM, and McAfee’s product was named as one of the leaders. Gartner noted that McAfee offers both the ability to execute and completeness of vision in its solution. Add to that security intelligence, rapid incident response, seamless log management and extensible compliance reporting. Given this range of benefits, it’s not surprising that Gartner offered this recognition for the second year in a row.
McAfee’s SIEM has also been recognized in the government space in a big way: The product was recently added to the U.S. Department of Defense’s (DoD) Unified Capabilities Approved Product List (UC APL) and is the first and only SIEM product on that list. The UC APL is a list of security vendors and products that have met the extremely stringent criteria the DoD sets for its providers. To achieve approval for UC APL, a company must, among other things, undergo an extensive series of tests against criteria known as the Security Technical Implementation Guides (STIGs) – U.S. Defense Information Systems Agency (DISA) guidelines for how IT products should work. DISA recently added the McAfee Enterprise Security Managerproduct to the Approved Products List under the IPS/IDS and IA Tool device types.
Meeting STIG requirements means that McAfee’s Enterprise Security Manager is seamlessly interoperable with other parts of the DoD network infrastructure and can be purchased and applied by agencies today. Other event management solutions were previously grandfathered in, but McAfee’s was the only SIEM to undergo strict DoD evaluation and win approval. Because of the extensive testing performed by DISA, agencies who need a strong event management system today can implement it without a lengthy certification and accreditation process.
At McAfee we strive to provide the highest levels of quality security to our public and private sector customers. The goal of our overall Security Connected framework is to ensure that enterprise security managers have an interconnected series of solutions that provide protection from the network to the endpoint. SIEM provides the eyes and ears for that framework, then correlates everything from a manager’s perspective. It’s an essential component of network security today, and we’re delighted that McAfee’s Enterprise Security Manager will be the most convenient SIEM available to plug into DoD and their customers’ networks. With top grades from Gartner and DISA, we believe our SIEM is leading the pack.