McAfee has developed a fully cloud-enabled version of its Enterprise Security Manager. In doing so, the company has essentially ported its security information event management (SIEM) solution to the cloud.
ESM Cloud allows organizations to scale as requirements change while providing the same capabilities as its on-premises counterpart. That includes the ability to collect, process and correlate log events from multiple years with other data streams. These include user behavior analytics and data from the Structured Threat Information eXpression (STIX) framework and MITRE ATT&CK. Advanced analytics and context help users detect and prioritize threats, and then investigate and remediate those threats.
ESM Cloud’s 24/7 system health monitoring helps ensure that organizations are proactively alerted on any environmental changes that may potentially impact their security operations. The solution also includes prebuilt use-case focused content packs that provide fully operational dashboard, reports, watchlists and alarms.
According to McAfee, the solution can process up to 500,000 events per second across 600,000 data sources.
"We have automated the entire deployment and setup process, streamlined data ingestion with faster customer onboarding and taken the guesswork out of SIEM complexity," explained Lana Knop, vice president of product management at McAfee.
Knop said that an organization can become operational on ESM SIEM within a few hours. Businesses that are already using McAfee's Enterprise Security Manager can easily transition their data sources to ESM Cloud from their own premises, she added.
While McAfee isn't reinventing the wheel, taking full advantage of cloud resources and architecture to ease deployment issues and provide continuous updates while increasing performance and scale makes good business sense, said Jon Oltsik, a senior principal analyst with Enterprise Strategy Group.
"It's a good move for McAfee," he said. "Nitro was a very good product, and this gets McAfee back into security operations and analytics, which is a growing market." Oltsik said he expects ESM Cloud to continue to integrate with McAfee controls such as MVision ePO, the company's device security management solution. "The goal is to unify cyber-risk management, security controls and analytics/operations," he added.