Security events carry important information – but they don’t have the whole story. Left to themselves – without the essential contextual information of who and what – reviewing security events alone can make analysts miss attacks. Also, the faster an organization knows about a potentially threatening interaction, the faster they can contain and minimize the damage.
McAfee Enterprise Security Manager integrates with McAfee Global Threat Intelligence Reputation Feed to maintain an up-to-date understanding of bad actors that exist on the global network. Our solution brings the powerful perspective of external system reputation to perform real-time reputation checks – immediately alerting analysts when any device on their network has interacted with a known bad actor.
There’s been a lot of discussion around reputation feeds and SIEM – but not all are created equal. The implementation of the threat feed in the SIEM, combined with the quality and timeliness of reputation updates dramatically effect the value of these integrations.
Here are a few reasons why McAfee’s offerings stand apart from the rest. Many SIEM solutions have trouble identifying bad actors because they neither have access to the data needed to do so nor the ability to search through high quantities of that data. McAfee SIEM is able to overcome these challenges by leveraging our powerful database to manage tens of millions of reputations.. Through real-time reputation checks, every SIEM connected device has now become a security device – allowing analysts to be alerted immediately on interaction with bad actors. In addition, our ruleless risk scoring engine dynamically adjusts risk based on these interactions – providing an intelligent tracking system for at-risk systems.
Finally, active integration with McAfee ePolicy Orchestrator, Network Security Platform and McAfee Vulnerabilty Manager allow organizations to take automated, intelligent actions to reduce the risk when interaction with a bad actor occurs. These external systems can be automatically quarantined, endpoint security policies can be automatically tightened, and scans can be run on internal systems automatically – reducing time to respond and automating common pieces of the incident response process.
Follow @McAfeeSIEM on Twitter to get the most up-to-date content.