This blog post was written by Kristen Jacobsen.
If you’ve read our previous blog, “Leveraging UEBA Capabilities in Your Existing SIEM,” you understand how McAfee Enterprise Security Manager can perform many essential UEBA functions leveraging its built-in advanced analytics and behavior modeling.
Doing It Better Together
For several specific use cases, you may find that you need a third-party UEBA product. Fortunately, through the McAfee ecosystem approach to security, you can integrate UEBA solutions from other vendors for expanded visibility of McAfee Enterprise Security Manager’s user monitoring and analytics. Such tight integrations with McAfee Enterprise Security Manager optimize security operations by:
- Adding user and entity threat data to McAfee Enterprise Security Manager’s threat and contextual parameters to trigger rapid response actions, such as policy changes, alerts, and escalations.
- Leveraging response activities for deeper forensic investigations.
- Enabling enhanced reporting, visibility, and management. Data collected by the UEBA solution can be sent to the McAfee Enterprise Security Manager reporting engine, which can then create visualizations of that information and synthesize it within its existing operational reports, dashboards, and workflows.
The McAfee and UEBA Vendor Partnerships
McAfee Security Innovation Alliance partnerships include numerous UEBA vendors that offer an advanced UEBA solution with a flexible analytics engine covering insider threats, targeted attacks, and unknown threats. These smart and powerful platforms utilize machine learning and advanced analytics models that are well suited for large, complex enterprise environments.
McAfee Enterprise Security Manager and UEBA vendor integrations increase visibility to:
- Insider threats across endpoints, servers, networks, and log data: It connects high-risk actions to users and provides clear context.
- Privileged accounts: Time, authentication, access, application usage, and data movement are monitored and compared to baseline behavior parameters.
- Targeted attacks: It quickly surfaces attack paths as they unfold, including malware that propagates laterally.
- Healthcare compliance: Policy violations and risky user behaviors are identified by monitoring users, files, applications, and all types of medical and computing devices.
UEBA solution integrations with both the McAfee Enterprise Security Manager SIEM solution and the McAfee Data Exchange Layer threat intelligence sharing fabric can identify indicators of attack and feed those back into the SIEM to facilitate threat hunting. False positives are minimized, and analysts can focus on high-priority actionable items. In effect, these integrations create a closed-loop system, with continuous interaction between the products. Integration with McAfee Data Exchange Layer enables and accelerates communication of threat intelligence across multiple security solutions. This can dramatically speed detection and remediation across the entire enterprise security ecosystem, supporting the entire threat lifecycle.
Learn more about how McAfee Enterprise Security Manager can be leveraged to perform UEBA functions in our white paper, Entity Behavior Analytics for McAfee Enterprise Security Manager. Also, explore the UEBA vendors who are part of the McAfee Security Innovation Alliance.