SANS Institute Gives McAfee’s ESM 9.2 A Solid Review

Security teams today need a Security Information and Event Management (SIEM) tool which can identify incidents on the spot and produce quick and accurate analysis from a mass of data. This requires a system which can extract meaningful data from different sources to analyze and correlate events in a small time-frame — and it needs to be easily manageable for the security team or system admin.

The best solution: McAfee’s Enterprise Security Manager (ESM) 9.2.

SANS Institute’s analysis team took a peek into McAfee’s latest ESM software with a particular bent towards SIEM applications, and found an “easy-to-use SIEM system that can perform broad and deep event analysis as well as provide a quick assessment.”

Most organizations, according to SANS, are using security event data to detect and track suspicious behavior, support forensic analysis, and gaining or proving regulatory requirements. But complicating these security goals is the growing number and sophistication of attacks. As the perennial arms-race between security and hackers continues, McAfee has the leverage enterprises need to keep their data secure, and help them to identify attacks and vulnerabilities in an ocean of data.

According to SANS, McAfee’s ESM strength is derived from its ease of use, speed, and its flexibility in setting rules and correlations. Here’s a quick overview of SANS’s analysis:

  • ESM Interface — SANS said McAfee’s ESM interface can be learned within minutes, and feels “almost infinitely customizable.”
  • Rapid Event Analysis — Using their own tests, SANS was able to zoom in on a finely grained level of detail in a matter of seconds — providing security times with the rapid information they need address any breach or attack scenario.
  • Polices and Advanced Correlation Engine — SANS found McAfee’s rule type engine intuitive and exhaustive, as well as easy to use. The ability to drag and drop data and analysis operators makes for easy correlations rules, giving McAfee ESM users the best tools to easily fend off attacks.
  • Situational Awareness — McAfee’s integration of its many products into a central monitoring structure was considered “stood out” to SANS. This integrations allows McAfee’s ESM users to communicate with a huge amount of security data and prepare for the most acute vulnerabilities.

When it comes to security event management tools, McAfee is the gold standard.

You can download the full SANS Analyst report to gain more insights into McAfee’s Enterprise Security Manager, or follow @McAfeeSIEM on Twitter to get the latest information on SIEM solutions.

Leave a Comment

four + eleven =