Review: McAfee Enterprise Security Manager

Product Review: McAfee Enterprise Security Manager (ESM)

Security Information and Event Management (SIEM) is an overarching need to gather and analyze data in real-time for security purposes. Detecting, analyzing and eliminating targeting attacks in a timely manner is one of the biggest problems facing businesses today in an increasingly virtualized world. The stakes are higher with the volume of data generated in the era of Big Data, and with a large percentage of the data being attacked is inherently sensitive it’s more important than ever to choose a security solution that protects its customers.

McAfee ESM’s compliance capabilities is one feature that makes it stand out from its competition. It centralizes and automates compliance monitoring, eliminating the need for and saving time associated with manual compliance monitoring. Hundreds of pre-built dashboards and other compliance features increase the speed and user-friendliness of ESM.

McAfee – now part of Intel Security – looks to address the SIEM needs today’s businesses with its SIEM solution. The total SIEM solutions package has nine components, made up of three tiers: foundation, deeper insights and integrate and extend. One of the foundations of McAfee’s SIEM solution is the McAfee Enterprise Security Manager (along with McAfee Enterprise Log Manager and McAfee Event Receiver), which acts as a high-performance SIEM engine and is offered as a physical, virtual or software appliance. McAfee ESM offers security teams quicker and more complete access to information needed to make real-time risk decisions. The completeness of access for security personnel allows handling of low-and-slow attacks, indicators of compromise (IOCs) and audit findings.

To secure the huge amounts of ever-growing data, McAfee ESM uses a data management system that was specifically designed for high-volume processing. This processing power is one of the reasons ESM is often recognized as the core strength of Intel Security/McAfee’s SIEM solution. Long-term storage of event data is a key part of McAfee ESM’s investigative power. ESM’s appliances can log, store and correlate data from events over multiple years (i.e. billions of events and flows), meaning critical historical facts about a current event can be found in minutes instead of hours. This storage capacity can be utilized for ad hoc queries, forensics, rules validation and compliance.

Product Review: McAfee Enterprise Security Manager - YourDailyTech
Figure 1. McAfee Enterprise Security Manager’s all-encompassing and centralized security management approach.

McAfee ESM’s compliance capabilities is one feature that makes it stand out from its competition. It centralizes and automates compliance monitoring, eliminating the need for and saving time associated with manual compliance monitoring. Hundreds of pre-built dashboards and other compliance features increase the speed and user-friendliness of ESM. Integration with Unified Compliance Framework (UCF) allows users to take advantage of a “collect-once, comply-with-many” methodology, which makes meeting compliance requirements easier. Finally, all the compliance reports, rules and dashboards can be customized for unique user needs.

 

Product Review: McAfee Enterprise Security Manager - YourDailyTech
Figure 2. User dashboard for McAfee ESM.

Key Features and Advantages:

  • Real-time and historical visibility shorten time to detect, contain and remedy attacks
  • Prioritized actionable information in minutes for fast threat triage
  • Advanced analytics and data enrichment turn raw data into an active and consolidated dashboard
  • Faster decision making and action cycles increase efficiency, automation and overall output
  • Open and modular design drops easily into existing infrastructure and is readily adaptable to new environments

Intel Security ranked as one of Gartner’s leaders in its Magic Quadrant for Security Information and Event Management along with IBM, Splunk, LogRhythm, and HPE. Gartner praises Intel’s SIEM solution for the ESM component, specifically saying, “Enterprise Security Manager has good coverage of operation technology and supervisory control and data acquisition devices.” Gartner and McAfee’s customers would like to see improvements with predictive analytics and integration with third-party tools for Intel Security to remain as one of the leaders in SIEM.

Some of Intel’s upcoming events include CES 2017 in Las Vegas, NV from January 5-8 and RSA Conference 2017 in San Francisco, CA from February 13-17. A full list of upcoming events can be found here. Intel Security also offers free trials for all of the SIEM solution components and conducts a series of webinars for various products and software solutions throughout the year.


Additional Resources: 

McAfee SIEM Data Sheet

McAfee Sustainable Security Operations White Paper

Gartner’s Magic Quadrant for Security Information and Event Management

McAfee SIEM Lab Validation Report

Rebecca Seasholtz

Rebecca is a senior Materials Science and Engineering major at Georgia Tech. She specializes in soft materials (i.e. plastics and textiles) and has also worked extensively with functional materials for electrical applications. Rebecca is originally from Grayson, GA and likes to spend her free time running, cycling, drinking coffee, or hanging around the campus house of a ministry she attends at Georgia Tech. Contact Rebecca at [email protected]