McAfee Security Information and Event Management
Detect, Prioritize & Manage Incidents with One SIEM Solution
SIEM – It is the evolution and integration of two independent technologies
- Security Event Management (SEM) – The main point of it is collection of aggressive events of security aspects
- Security Information Management (SIM) – Focused on enhancement, normalization and correlation of security events
SIEM allows collecting necessary information about treatments, immediately reacting on incidents, easy to work with all journals of events and generating reports about standard legal correspondence while creating necessary context of controlling security risks.
SIEM is a part of technology for:
- Collection of security journal
- Correlation of events
- Aggregation of information
- Normalization of information
- Achieving policy
- Analysis and technological processes of event control
Three main technology acceptance factors of SIEM:
- Visualizations of treatments in the real time mode
- Operational efficiency of information security
- Requirements of regulators for management of safety journals
McAfee Enterprise Security Manager – is a main product in the SIEM category, provides high level of operation speed and opportunity to take response measures on the basis of information of threats and awareness on the current situation, necessary for identification, the analysis and elimination of the hidden threats. The control mechanism of standard and legal compliances which is gives the chance to simplify process of accomplishment of standard legal requirements.
Additional modules for SIEM:
McAfee Advanced Correlation Engine – McAfee Advanced Correlation Engine monitors real-time data, allowing you to simultaneously use both correlation engines to detect risks and threats before they occur. You can deploy Advanced Correlation Engine with McAfee Enterprise Security Manager to identify and score threat events in real time using both rule – and risks – based logic.
McAfee Application Data Monitor – The McAfee Application Data Monitor appliance decodes an entire application session to Layer 7, providing a full analysis of everything from the underlying protocols and session integrity all the way up to the contents of the application (such as the text of an email or its attachments). This level of detail allows accurate analysis of real application use, while also enabling you to enforce application use policies and detect malicious, covert traffic.
McAfee Database Event Monitor for SIEM – Is the only product of its kind that both consolidates database activity into a central audit repository and provides normalization, correlation, analysis, and reporting of that activity.
McAfee Event Receiver – This product allows you to collect thousands of events in one second and quickly to extract or analyze information with the help of database indexing.
McAfee Enterprise Log Manager – Is automates log management and analysis for all log types, including Windows Event logs, Database logs, Application logs, and Syslogs. Logs are signed and validated, ensuring authenticity and integrity — a necessity for regulatory compliance. Out-of-the-box compliance rule sets and reports make it simple to prove your organization is in compliance and policies are being enforced.
McAfee Global Threat Intelligence for Enterprise Security Manager – This product allows you to expand possibilities of the SIEM system, by adding source of continuously updated information on threats giving the chance quickly to find the events including communication sessions with suspicious or harmful IP addresses and to increase the level of situational awareness.