After top three ranking in 2012 and 2013, McAfee Enterprise Security Manager won last week the TechTarget Security Reader’s 2014 SIEM award. The product received high marks for event correlation, data archiving, and flexible policy definition; all key capabilities to accomplish actionable intelligence out of mountains of collected event, flow and log data. The mentioned criteria also indicates further evolution in the popularity of SIEM use cases especially toward advanced threat detection and remediation. McAfee ESM offers users a comprehensive way to leverage traditional archiving and correlation capabilities via the unique “Advanced Correlation Engine” (ACE) enabling rule and risk based correlation against real time feeds as well as historical event data already stored in the SIEM. These use cases provide security analysts not only ad-hoc detection of recent discovered attacks but allows them to go back in time and discover if the threat may already have impacted their environment. In addition to the time and flexibility dimension, ESM also offers more in depth, less intrusive monitoring. For instance, via the agent less, Database Event Monitoring appliance, users can watch all access to critical business databases or via the Application Data Monitor appliance, customers can inspect application content to achieve deep visibility.
McAfee Enterprise Security Manager is one of four McAfee products to receive this year’s TechTarget Reader’s Choice award next to the next-generation Firewall which can be integrated into the SIEM together with many other McAfee and third party products offering users the option to take action and remediate discovered threats directly from the SIEM console. Readers lauded these and many other SIEM’s integration and compatibility with existing systems, devices and applications always a key factor when considering SIEM technology.