McAfee Takes Human-Machine Teaming to Next Level, Transforming Security Operations
McAfee, the device-to-cloud cybersecurity company, today announced an expanded product portfolio that evolves security operations capabilities and allows for rapid response to today’s most advanced cybersecurity threats. McAfee’s updated Enterprise Security Manager (McAfee ESM 11) leverages a new data architecture optimized for scalability, performance, faster search, and collaboration. This new architecture combined with the newly launched McAfee Behavioral Analytics, and enhanced McAfee Investigator, McAfee Advanced Threat Defense, and McAfee Active Response, will help security operation teams optimize their security infrastructure, leverage automation, improve detection, streamline workflows, and ultimately harness the power of human-machine teaming to improve response time and overall security outcomes.
“With companies struggling to keep up with the current threat landscape, the need for human-machine teaming has never been greater,” said Jason Rolleston, vice president of security analytics, McAfee. “Given the difficulty in finding skilled resources, enterprises need advanced analytics- and machine learning-powered solutions to augment the people they have. By combining the strength and speed of these new solutions with the power of human intellect, security operations teams become faster, smarter, more effective, and more efficient.”
McAfee’s enhanced security information and event management (SIEM) combined with advanced analytics will bring human-machine teaming to the next level by enabling security operations teams to more efficiently collect, enrich and share data. Then, the security operations teams can turn the security events into actionable insights that they can act on to confidently detect and correct sophisticated threats faster.
Today’s announcements also build upon McAfee’s leadership position within security information and event management (SIEM) solutions. Gartner named the company a Leader for the seventh consecutive year in the December 2017 “Magic Quadrant for Security Information and Event Management.”¹
Benefits from the updates and enhancements to McAfee ESM 11, McAfee Behavioral Analytics, McAfee Investigator and McAfee Active Response include:
New McAfee ESM 11:
- Flexible Data Architecture: The open and scalable data bus architecture at the heart of McAfee ESM 11 shares huge volumes of raw, parsed and correlated security events to allow threat hunters to easily search recent events, reliably retain data for compliance and forensics, and enable data-hungry analytics applications.
- Scalable Ingestion and Query Performance The new McAfee ESM 11 architecture allows for flexible horizontal expansion with active-active high availability, allowing organizations to rapidly query billions of events. Additional McAfee ESM appliances or virtual machines can be added at any point to add ingestion, query performance and redundancy.
New McAfee Behavioral Analytics:
- Machine Learning to Identify Threats: Big data security analytics and machine learning technology discover new and unusual high-risk security threats without requiring extensive configuration or knowledge.
- Prioritization of Threats: McAfee Behavioral Analytics distills billions of security events down to hundreds of anomalies to produce a handful of prioritized threat leads.
- Collaboration and Integration: McAfee Behavioral Analytics integrates with the McAfee portfolio, including McAfee ESM and McAfee ePolicy Orchestrator, the Data Exchange Layer, and third-party security information and event management (SIEM) solutions.
New McAfee Investigator:
- Activity Feed: Feed shares data with open source and third-party tools to streamline workflows and improve collaboration.
- Shorter Time to Insights: Expanded investigation guides include logon anomalies and new navigation features to multi-select findings for faster case closure.
- New McAfee Active Response:
- New Integrations: Integration between McAfee Investigator and McAfee Active Response enables analysts to scope the impact of a threat across their endpoints in real-time. Enhanced integration between McAfee Active Response and McAfee Advanced Threat Defense enables investigators to view detailed sandbox reports and indicators of compromise (IOC) including a new threat timeline report that visualizes attack execution steps from a single workspace.
- Detection and Remediation: Powerful new capabilities to detect Powershell exploits and remediate by isolating a host.
McAfee ESM 11 and McAfee Behavioral Analytics are available to customers today. McAfee Investigator will be available in April, and enhancements to McAfee Advanced Threat Defense and McAfee Active Response will be available in May.
- Landing page: Intelligent Security Operations
- Blog: Separating signal from noise
- Blog: A Model for Human and Machine Interaction: Human-Machine Teaming Grows up
- Report: Disrupting the Disruptors, Art or Science?
- ESG Report: Automation and Analytics versus the Chaos of Cybersecurity Operations
- 2017 Gartner Magic Quadrant for Security Information and Event Management, Dec. 2017
Gartner, Magic Quadrant for Security Information and Event Management, Kelly M. Kavanagh, Toby Bussa, 4 December 2017.*McAfee was previously listed in the referenced report as Intel Security and NitroSecurity.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.