IMcAfee announced McAfee Enterprise Security Manager (formerly NitroView), a “built for Big Security Data” SIEM that includes dynamic threat visibility from McAfee Global Threat Intelligence, and countermeasure awareness through McAfee ePolicy Orchestrator software and McAfee Risk Advisor.
McAfee Enterprise Security Manager provides meaningful intelligence and takes SIEM to a real-time understanding of the global threat landscape by delivering immediate information on events, users, systems, data, risks, and countermeasures for accurate situational awareness. This rich understanding of security - by connecting the dots and pinpointing attacks - reduces time to respond and provides intelligently prioritized security alerts.
Core to increasing situational awareness is the ability to collect, maintain and intelligently process billions of relational data points both in real-time and historically. McAfee's SIEM has a scalable database that was built to handle big security data, which makes it capable of not only processing billions of events per day, but connecting those events with threat, countermeasure and user identity information to provide accurate and actionable intelligence.
It is an essential part of the McAfee Security Connected framework allowing enterprises to connect all their security relevant data and enterprise security management solutions for an clear view of the enterprise.
Two-way integration with McAfee ePolicy Orchestrator software extends visibility and control across the entire security and compliance environment. Integration with Global Threat Intelligence from McAfee Labs provides the ability to correlate real-world source reputation information with security events so organizations can automatically pinpoint probing and active attacks and immediately shut them down.
Through integration with McAfee Risk Advisor, the solution leverages risk, vulnerability and countermeasure context to provide the most accurate risk score available – allowing enterprises to prioritize responses based on the security posture of the target.
The Security Connected Reference Architecture is an open framework supported by McAfee Enterprise Security Manager, providing an easy to use GUI that allows for parsing of security data from custom applications or other third party sources. McAfee currently supports over 300 security data sources as input into Enterprise Security Manager, and is committed to extending support for third party data sources, having added 70 new sources since the Nitro Security acquisition.