Product Review: McAfee Enterprise Security Manager (ESM)
Security Information and Event Management (SIEM) is an overarching need to gather and analyze data in real-time for security purposes. Detecting, analyzing and eliminating targeting attacks in a timely manner is one of the biggest problems facing businesses today in an increasingly virtualized world. The stakes are higher with the volume of data generated in the era of Big Data, and with a large percentage of the data being attacked is inherently sensitive it’s more important than ever to choose a security solution that protects its customers.
McAfee ESM’s compliance capabilities is one feature that makes it stand out from its competition. It centralizes and automates compliance monitoring, eliminating the need for and saving time associated with manual compliance monitoring. Hundreds of pre-built dashboards and other compliance features increase the speed and user-friendliness of ESM.
McAfee – now part of Intel Security – looks to address the SIEM needs today’s businesses with its SIEM solution. The total SIEM solutions package has nine components, made up of three tiers: foundation, deeper insights and integrate and extend. One of the foundations of McAfee’s SIEM solution is the McAfee Enterprise Security Manager (along with McAfee Enterprise Log Manager and McAfee Event Receiver), which acts as a high-performance SIEM engine and is offered as a physical, virtual or software appliance. McAfee ESM offers security teams quicker and more complete access to information needed to make real-time risk decisions. The completeness of access for security personnel allows handling of low-and-slow attacks, indicators of compromise (IOCs) and audit findings.
To secure the huge amounts of ever-growing data, McAfee ESM uses a data management system that was specifically designed for high-volume processing. This processing power is one of the reasons ESM is often recognized as the core strength of Intel Security/McAfee’s SIEM solution. Long-term storage of event data is a key part of McAfee ESM’s investigative power. ESM’s appliances can log, store and correlate data from events over multiple years (i.e. billions of events and flows), meaning critical historical facts about a current event can be found in minutes instead of hours. This storage capacity can be utilized for ad hoc queries, forensics, rules validation and compliance.
McAfee ESM’s compliance capabilities is one feature that makes it stand out from its competition. It centralizes and automates compliance monitoring, eliminating the need for and saving time associated with manual compliance monitoring. Hundreds of pre-built dashboards and other compliance features increase the speed and user-friendliness of ESM. Integration with Unified Compliance Framework (UCF) allows users to take advantage of a “collect-once, comply-with-many” methodology, which makes meeting compliance requirements easier. Finally, all the compliance reports, rules and dashboards can be customized for unique user needs.
Key Features and Advantages:
- Real-time and historical visibility shorten time to detect, contain and remedy attacks
- Prioritized actionable information in minutes for fast threat triage
- Advanced analytics and data enrichment turn raw data into an active and consolidated dashboard
- Faster decision making and action cycles increase efficiency, automation and overall output
- Open and modular design drops easily into existing infrastructure and is readily adaptable to new environments
Intel Security ranked as one of Gartner’s leaders in its Magic Quadrant for Security Information and Event Management along with IBM, Splunk, LogRhythm, and HPE. Gartner praises Intel’s SIEM solution for the ESM component, specifically saying, “Enterprise Security Manager has good coverage of operation technology and supervisory control and data acquisition devices.” Gartner and McAfee’s customers would like to see improvements with predictive analytics and integration with third-party tools for Intel Security to remain as one of the leaders in SIEM.
Some of Intel’s upcoming events include CES 2017 in Las Vegas, NV from January 5-8 and RSA Conference 2017 in San Francisco, CA from February 13-17. A full list of upcoming events can be found here. Intel Security also offers free trials for all of the SIEM solution components and conducts a series of webinars for various products and software solutions throughout the year.
McAfee SIEM Data Sheet
McAfee Sustainable Security Operations White Paper
Gartner’s Magic Quadrant for Security Information and Event Management
McAfee SIEM Lab Validation Report