Enhanced SIEM

McAfee has announced what it says is the industry’s first “endpoint aware” security information event management (SIEM) solution that adds real time system state information to enhance situational awareness and streamline incident response. This innovative solution brings together big security data management capabilities of McAfee Enterprise Security Manager (ESM) with deep endpoint insight of McAfee Real Time. SIEM event data is combined with the proactive ability to immediately query, collect and analyse extensive endpoint context, including running processes, files, as well as system and security configuration.

  • Monday, 7th October 2013 Posted 11 years ago in by Phil Alsop

Thwarting advanced threats demands greater situational awareness. According to the 2013 Verizon Data Breach Report, 69% of breaches went from initial compromise to data exfiltration within hours. Conversely, over a third of breaches took weeks to months resolve.[i] To minimise the damage of attacks and protect the business, it is essential that security analysts are able to swiftly identify attacks, determine the root cause and remediate the threat.


McAfee ESM integrated with McAfee Real Time is the only solution that goes beyond passive monitoring and provides endpoint aware security analytics about what’s happening within systems at the minute that it’s occurring. Having this real time information provides clarity into any breach, and speeds up response time needed to resolve advanced threats.


Ken Levine, senior vice president and general manager, Security Management at McAfee, commented on McAfee’s situational awareness initiative, “McAfee is continuing to lead the market for situational awareness by redefining security intelligence and turning the tables on attacks. We are able to achieve this by leveraging our big security data management system and the deep system insight only McAfee can provide. We understand this need unlike anyone else and we’re arming our customers with the intelligence, speed and context to win the battle against advanced threats.”


McAfee ESM with McAfee Real Time delivers the industry’s first “endpoint aware” SIEM, which enables organisations to proactively query, collect and analyse in real time information about the internal operations and configuration of endpoints across the enterprise. The ability to gather this important contextual data, previously unavailable to SIEM, allows security analysts to immediately determine the root cause of attacks, identify systems subject to the same compromise, and gain actionable intelligence for precise remediation – all in real time and from a single console. Furthermore, with Security Connected, security analysts can turn this actionable intelligence into intelligent action – issuing policy change, quarantine and vulnerability scan commands directly from the SIEM. This solution is just another proof point of the McAfee Security Connected platform of integrated, intelligent and connected security solutions that are needed in the battle against advanced threats.