What is McAfee Security Information and Event Management (SIEM)?
High-performance, powerful security information and event management (SIEM) brings event, threat, and risk data together to provide strong security intelligence, rapid incident response, seamless log management, and extensible compliance reporting. At the core of SIEM offering, Enterprise Security Manager consolidates, correlates, assesses, and prioritizes security events for both third-party and McAfee solutions.
Benefits and Insights
Why use McAfee Security Information and Event Management (SIEM)?
Key differentiators & advantages of McAfee Security Information and Event Management (SIEM)
- McAfee Enterprise Security Manager - McAfee Enterprise Security Manager provides the speed and rich context required to identify critical threats, respond quickly, and easily address compliance requirements. Continuous global threat and enterprise risk feeds deliver adaptive and autonomous risk management, allowing remediation of threats and compliance reporting in minutes instead of hours.
- McAfee Global Threat Intelligence for Enterprise Security Manager - Built for big security data, McAfee Global Threat Intelligence for Enterprise Security Manager (ESM) puts the power of McAfee Labs directly into the security monitoring flow using McAfee’s high-speed, highly intelligent Security Information and Event Management (SIEM).
- McAfee Enterprise Log Manager - McAfee Enterprise Log Manager automates log management and analysis for all log types, including Windows Event logs, Database logs, Application logs, and Syslogs. Logs are signed and validated, ensuring authenticity and integrity — a necessity for regulatory compliance and forensics. Out-of-the-box compliance rule sets and reports make it simple to prove your organization is in compliance with regulations and internal policies.
- McAfee Advanced Correlation Engine - McAfee Advanced Correlation Engine monitors real-time data, allowing you to simultaneously use both rule-based and rule-less correlation engines to detect risks and threats before they occur. You can deploy Advanced Correlation Engine in either real-time or historical modes.
- McAfee Application Data Monitor - McAfee Application Data Monitor decodes an entire application session to Layer 7, providing a full analysis of everything from the underlying protocols and session integrity all the way up to the actual contents of the application (such as the text of an email or its attachments). This level of detail supports accurate analysis of real application use, while also enabling you to enforce application use policies and detect malicious, covert traffic.
- McAfee Database Event Monitor for SIEM - McAfee Database Event Monitor for SIEM delivers non-intrusive, detailed security logging of database transactions by monitoring access to database configurations and data. It not only consolidates database activity into a central audit repository, but integrates with McAfee Enterprise Security Manager to intelligently analyze and detect suspicious activity.
- McAfee Event Receiver - McAfee Event Receiver collects third-party events and logs — and performs native network flow collection — faster and more reliably than any other solution.