Download as pdf or txt
Download as pdf or txt
You are on page 1of 3

Data Sheet

SIEM Solutions from


McAfee
Continuously monitor, identify, investigate, and resolve threats.

Security information and event management (SIEM), originally driven by


compliance mandates, has been around for more than a decade and focused
on collecting and storing logs from the network and security infrastructure.
Today, in addition to compliance, SIEM solutions are being used to defend
against malware and attacks that emerge from todays fast-changing threat
landscape. With stealthy actors hiding behind normal enterprise activity,
security organizations are using SIEM to enable actionable insights, smart
decisions, and quick actions by finding threats under mountains of data. SIEM
solutions from McAfee provide the performance, intelligence, and visibility to
protect business assets from these ever-increasing, evasive threats.
Award-winning1 McAfee Enterprise Security situational awareness. By combining and
Manager, the core product of our SIEM solution associating events across network, endpoint,
portfolio, provides key elements for optimizing and security management solutions, McAfee
threat and compliance management, including Enterprise Security Manager delivers
a highly tuned database, advanced risk and understanding of the world outsidethreat
threat detection via contextual enrichment, data, reputation feeds, and vulnerability
policy-aware compliance reporting and statusas well as a real-time view of the
centralized management. McAfee Enterprise systems, data, risks and activities inside your
Security Manager is a next-generation SIEM enterprise. Additionally, by storing billions of
that enables your business with real-time events and flows, combined with rapid security
situational awareness at the speed and data access, security teams gain valuable
scale required to identify critical threats, insights in minutes, not hours. This is critical for
respond intelligently, and provide continuous investigating low-and-slow attacks, searching
compliance monitoring. SIEM appliances are for indicators of compromise, or remediating
available in physical or virtual appliances compliance controls. To optimize security
(stand-alone or all in one) as well as in operations, McAfee Enterprise Security Manager
managed service provider (MSP) offerings. also provides integrated tools for configuration
and change management, case management,
SIEM Foundation and centralized management of policythe
essentials you need to improve workflow and
McAfee Enterprise Security Manager for threat
efficiencies of your security operations team.
management and compliance
McAfee Enterprise Security Manager advances When it comes to compliance, McAfee Enterprise
SIEM by integrating security intelligence Security Manager makes it easy to achieve,
with information management for enterprise maintain, and document compliance with
Data Sheet

SIEM Solution Portfolio from McAfee

Foundation Deeper Insights Integrate and Extend

McAfee Event Receiver McAfee Application


McAfee Data Sources
Collects and correlates Data Monitor
Wide-ranging data sources
security data Application monitoring

McAfee Enterprise McAfee Database McAfee Global


Log Manager Event Monitor Threat Intelligence
Log collection, storage, and Database monitoring Global IP threat feed
data management

McAfee Enterprise McAfee Advanced


Security Connected
Security Manager Correlation Engine
Integrated security and
High performance, Adaptive, dedicated compliance solutions
SIEM engine correlation

Figure 1. Integrated, extensible, high-performance SIEM solutions from McAfee.

hundreds of out-of-the box dashboards, audit a variety of collection methods, including passive
trails, and reports for more than 240 global log collection, authenticated log collection,
regulations. Additionally, pre-defined advanced CEF, OPSEC, SDEE, XML, ODBC, and encrypted
correlation rules can automate workflows for collection validated to FIPS 140-2 Level 2. The
achieving and maintaining compliance. McAfee Event Receiver is offered as part of an all-
in-one SIEM event collection and management
McAfee Enterprise Log Manager for log solution or as part of a fully distributed event
storage and management collection deployment using dedicated McAfee
McAfee Enterprise Log Manager efficiently Event Receiver appliances, which are rated
collects, compresses, signs, and stores all for several thousand to tens of thousands of
original events with a clear audit trail of activity events per second. Deployment models support
that cant be repudiated. Security events are redundancy for continuity of data collection.
collected and linked directly to the original
record stored on McAfee Enterprise Log
Manager, enabling one-click access for event Optional Solutions for Deeper Insights
management, forensic investigations, and McAfee Advanced Correlation Engine for
compliance monitoring. McAfee Enterprise additional, dedicated correlation
Log Manager accommodates different log McAfee Advanced Correlation Engine provides
management needs via flexible storage pools SIEM solutions from McAfee with a dedicated
spanning local or remote storage devices and engine to analyze large volumes of event
configurable retention periods. data. The purpose-built, high-performance
engine houses four correlation types, including
McAfee Event Receiver for scalable log collection rule-based, risk-based, standard deviation,
McAfee Event Receiver appliances are and historical, for a real-time look at a broad
responsible for the collection of event and spectrum of threats against high-value assets,
flow information from hundreds of third-party sensitive data, or by privileged users. Preloaded
devices, including firewalls, intrusion prevention with hundreds of correlation rules and
system (IPS) devices, unified threat management dashboards, the McAfee Advanced Correlation
(UTM) solutions, switches, routers, applications, Engine appliance allows for easy customization
servers and workstations, identity and of existing rules and provides an easy-to-use
authentication systems, vulnerability assessment drag-and-drop interface to create new rules.
scanners, and more. McAfee Event Receiver uses

SIEM Solutions from McAfee 2


Data Sheet

McAfee Application Data Monitor for Security Connected across the IT infrastructure
application layer inspection Integration across security and compliance
As threat activity moves up the stack, the McAfee solutions delivers more than the individual
Application Data Monitor appliance takes solutions alone and enables an unprecedented
security and compliance beyond security event level of real-time visibility into your security
management by monitoring all the way to the posture. While SIEM solutions from McAfee collect
application layer. This fully integrated McAfee valuable data from hundreds of types of security
appliance decodes the application sessions vendors devices, McAfee Enterprise Security
and provides analysis from the underlying Manager also offers active integration with McAfee
protocols and sessions into the content of the products and third-party solutions via a rich set
application itself (such as the text of an email of interfaces. Examples of McAfee product family
or its attachments). This level of detail allows connections include McAfee ePolicy Orchestrator
in-depth analysis of application usage, while also (McAfee ePO) software for policy-based
enabling validation of application use policies management, McAfee Network Security Manager
and detecting malicious or covert traffic. for intrusion prevention, and McAfee Vulnerability
Manager for vulnerability scanning and
McAfee Database Event Monitor for database remediation. SIEM solutions from McAfee leverage
transaction visibility
these integrations for making policy changes at
McAfee Database Event Monitor for SIEM the endpoint, quarantining suspicious systems
delivers non-intrusive visibility into database at the network, and gathering critical intelligence
transactions via detailed logging of databases through vulnerability scanningall from the
and applications, monitoring access to McAfee Enterprise Security Manager console.
sensitive data and with an understanding of
who is accessing your data and how. McAfee The Security Connected platform from McAfee
Database Event Monitor is fully integrated with provides a unified framework for hundreds of
McAfee Enterprise Security Manager to enable products, services, and partners to work with
database transactions for event correlation each other. With Security Connected solutions,
usage and includes predefined rules, reports, such as SIEM, security teams can view context-
and privacy-friendly logging features to specific data in real time, offering immediate
make compliance regulations management visibility into your organizations infrastructure-
easy while helping you strengthen your wide security posture and enabling optimized
organizations overall security posture. response times, from discovery to remediation.

Integrate and Extend Scalable Deployment Options


McAfee Global Threat Intelligence for SIEM solutions from McAfee can be deployed all
enhanced threat feeds in one or distributed over multiple appliances,
McAfee Global Threat Intelligence for McAfee providing flexibility and scalability for your current
Enterprise Security Manager connects the power or future needs. Hybrid delivery choices include
of McAfee Labs directly into the SIEM solution physical and virtual appliances with high-availability
by bringing in reputation data for hundreds of options. McAfee Professional Services is available
millions of IP addresses. This continually updated to help meet your organizations deployment
security feed enhances situational awareness objectives, accelerate time to protection, and
by enabling rapid discovery of events involving enhance your security technology investment.
communications with suspicious or malicious
IPs and allows security administrators to identify Learn More
conditions where a known or suspicious bad For more information on SIEM solutions from
actor was the source of threat activity. McAfee, visit www.mcafee.com/siem.

1. Winner of 2014 SC Magazine Reader Trust Award for Best SIEM Solution.

McAfee. Part of Intel Security. Intel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee, the McAfee logo, ePolicy Orchestrator,
2821 Mission College Boulevard and McAfee ePO are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries. Other marks and brands may
Santa Clara, CA 95054 be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change
888 847 8766 without notice, and are provided without warranty of any kind, express or implied. Copyright 2014 McAfee, Inc. 61244ds_siem-family_0914_fnl_ETMG
www.intelsecurity.com

You might also like