You likely use security event management tools to gather, organize and report on security data in your environment. The trick is traditional management processes are manual, costly, and limited in scalability. How does your current solution make it easy for you to work together to diagnose and fix issues? In this post, I discuss why Softchoice likes McAfee’s Enterprise Security Manager, and what you can do to ensure you will react efficiently when threats place your environment under fire.
What is McAfee Enterprise Security Manager (ESM)?
Your security event management solution needs to provide visibility across key business and operational processes. However, over time, that challenges you to maintain affordable, frictionless security and compliance. To reduce a massive data flow into actionable information, security admins are turning to automated Security Information and Event Management (SIEM) tools. McAfee ESM delivers a high-performance, content-aware SIEM that reduces risk exposure and increases network and information security (by removing the scalability and performance limitations of security information management). Utilizing fast analytical tools, McAfee ESM identifies, correlates, and remediates threats in minutes – not hours – allowing organizations to quickly mitigate risks to their information and infrastructure.
Who McAfee Enterprise Security Manager is ideal for
McAfee ESM targets mid-sized to large enterprises, Fortune 1,000 companies, federal, state, and local governments, healthcare and higher education institutions, and critical infrastructure operators. Small businesses may struggle make effective use of SIEM without an in-house security analyst. However, smaller shops are a great fit for a managed SIEM service.
Why you should care
Primarily, if you lack the situational awareness, visibility, and intelligence to understand how both security and non-security events threaten your business. You are essentially tied in to situations where you must act quickly and efficiently. How does this methodology apply in real situations? Read on to learn more.
How would you react?
If you are thinking about implementing a more comprehensive and automated security solution, consider how the following security events would affect your business.
- A Recent Data Breach There were several high-profile security breaches in 2011, “the year of the breach,” including a cyberattack on Sony PlayStation Network. It did not have basic security precautions in place, enabling an authorized user to steal personal information from over 70 million account holders, causing the service to be shut down. In the event of a detected breach, HIPAA and HITECH require a broad public disclosure if patient health information (PHI) for 500 or more individuals is lost; CEOs and legal departments need to be provided with immediate details on the extent of a detected breach.
- Failing a Compliance Audit “We may not get hacked, but we will be fined” is a common phrase at executive and board level meetings. Regulators are stepping up enforcement and significantly increasing fines to motivate adherence to regulations and capture public attention.
- Advanced Persistent Threats Advanced Persistent Threats (APTs) are stealthy, prolonged incursions deep into critical IT systems by deliberate adversaries. They make sensational media headlines and are a critical issue for federal agendas. The United States is carefully evaluating the state of advanced attacks — from recent U.S. Intelligence reports on nation-state sponsored espionage to the Operation Shady RAT and Duqu attacks. It is even adapting a policy to encompass the use of offensive cyberattacks in response to external threats.
- Insider Fraud Insider threats are one of the greatest sources of risk to an organization — 80% of threats are from insiders, especially privileged users with high-level access to a broad range of systems, databases, and applications. The loss of intellectual property, critical customer data, and financial assets due to deliberate acts by trusted insiders are detectable business risks that can be minimized with SIEM technology.
Why we like McAfee Enterprise Security Manager
Simply put, it simplifies processes for ‘check-box’ compliance requirements to avoid fines if you are looking for automation and efficiency in completing predictable tasks. For threat detection, incident response, and forensic analysis, you get a highly responsive and scalable tool to facilitate detailed investigation of a broad range of insider and external threats using current and historical data, as well as advanced correlation tools. McAfee ESM will satisfy both compliance monitoring and reporting needs and minimize overall costs associated with passing annual audits.
What you should do right now
If you are unsatisifed with your current SIEM solution, or you are considering implementing SIEM for the first time, our security experts suggest asking the following questions:
- When an incident/threat is detected, how quickly do you want to remediate it? In hours or seconds?
- Is the detail you need to investigate a threat available in the logs that you’re collecting? “Tuning” logs to accommodate the limitations of a legacy SIEM means compromising your security and compliance efforts.
- How do you protect your data from theft or loss? Are you required to protect it by law, e.g., compliance regulations?
- How long do you need to keep security information available? PCI requires a minimum of 90 days. For optimum security, especially forensics and incident response, the longer data is retained, the better.
- Are you able to effectively secure your data? Are databases and applications out of your departmental control?
- If you could monitor databases and applications using non-obtrusive network monitoring appliances, would you?
- What other IT security projects are you planning? Would it be possible to consolidate budgets?
The Softchoice value
We want to help you take a holistic look at your security environment. If you want to spend more time researching, check out our Ultimate Security Guide. If you want to talk specifics, don’t hesitate to reach out to directly to me.