Introducing McAfee Investigator: Automated, Expert System-Based Analytics to Transform the SOC

By on

This blog was written by Barbara Kay.

SOC analysts are getting beaten up by both commodity attacks and sophisticated ones, with many companies taking far more than a day or a week to close a case and few consistently digging all the way to root cause. McAfee research collected in May 2017 documented this dilemma and showed that companies are investing in advanced analytics and automation as a way to fight back:

  • 85% of SOCS want to use more analytics
  • 84% of SOCs want to use automation to move up the maturity scale
  • Mature SOCs automate more than 3X more often than new SOC teams, but almost everyone is investing
  • Mature SOCs automate more than 50% of investigation processes, and want to automate more
  • Top active automation areas include real-time endpoint analysis, triage, forensics, and remediation.

We’re eager to help. As part of our expanding portfolio of automated threat and malware analytics based on machine learning, McAfee is proud to announce McAfee Investigator, a SaaS analytics subscription that transforms novice analysts into expert investigators. Rather than adding complexity with yet another product silo, it leverages the data sources and alerts of a SIEM and includes real-time endpoint visibility via McAfee ePolicy Orchestrator and a dissoluble agent.

McAfee Investigator automates data collection, organization, and case management within an expert system-driven workspace. Starting with prioritized triage, automation, Foundstone expertise, and machine learning (in fact, artificial intelligence as well) come together to guide analysts to consider the right questions and hypotheses for the specific situation. Insights with drill downs and visualizations help them explore the most relevant details and subtle indicators as they move rapidly through scoping, validation, documentation, and disposition.

Scott Howitt, senior vice president in the CISO organization of MGM International, says that McAfee Investigator helps them to spend more time on actual investigations:

“The way Investigator helps me mature my organization is with the automated playbooks, with the easier ability to go find like problems in my environment and things like that. My team spends less time switching between tools and focusing on how to make the tool work and actually focusing on the investigation than they did before.”

This service helps SOC teams mature operations as they fulfill several goals:

If you have an overworked SOC and a yen to try a new model that makes the most of the strengths of both humans and machines, this new service is worth a look. Visit or contact your sales manager to learn more.

For more news on McAfee Investigator and updates from MPOWER17 follow us on Twitter at @McAfee.

Leave a Comment

Similar articles

Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered ...
Read Blog

Analytics 101

By on
From today’s smart home applications to autonomous vehicles of the future, the efficiency of automated decision-making is becoming widely embraced. Sci-fi concepts such as “machine learning” and “artificial intelligence” have been realized; however, it is important to understand that these terms are not interchangeable but evolve in complexity and knowledge to drive better decisions. Distinguishing ...
Read Blog