product
- Line up
- Network Security: Trellix (formerly FireEye) Network Security
- Network Security: Trellix (formerly McAfee) Advanced Threat Defense
- Network Security: Trellix (formerly McAfee) Network Security Platform
- Endpoint: Trellix (formerly FireEye) HX
- Endpoint: Trellix (formerly McAfee) Mvision
- Endpoint: Trellix (formerly McAfee) Complete Data Protection
- Email Security: Trellix (formerly FireEye) Server Edition
- Email Security: Trellix (formerly FireEye) Cloud Edition
- Security Operations: Trellix (formerly FireEye) Helix
- Security Operations: Trellix (formerly McAfee) SIEM (Security Information and Event Management)
- Enhanced cloud governance: Trellix (formerly FireEye) Cloudvisory
- File Threat Protection in the Cloud: Trellix (Formerly FireEye) Detection On Demand
- File Security: Trellix (formerly FireEye) Malware File Storage Scanning
- Integrated Management Solution: Trellix (formerly FireEye) Central Management
- NDR Solution: Network Investigator (NI) / Packet Capture (PX)
Specifications/Technical Information
- Trellix (formerly FireEye) Technical Information
- Trellix (formerly FireEye) Specifications
- Network Security: Trellix (formerly FireEye) Network Security Technical Information
- Network Security: Trellix (formerly McAfee) Network Security Platform Technical Information
- Network Security: Trellix (formerly McAfee) Network Security Platform Specifications
- Network Security: Trellix (formerly McAfee) Advanced Threat Defense Technical Information
- Network Security: Trellix (formerly McAfee) Advanced Threat Defense Specification
- Email Security: Trellix (formerly FireEye) Server Edition EX Series Technical Information
- Email Security: Trellix (formerly FireEye) Server Edition EX Series Specifications
- Integrated Management Solution: Trellix (formerly FireEye) Central Management (CM) Series Specifications
- Security Operations: Trellix (formerly McAfee) SIEM (Security Information and Event Management) Technical Information
Trellix
Trellix
Trellix (formerly McAfee) SIEM (Security Information and Event Management)
Trellix (formerly McAfee) SIEM Overview
Trellix (formerly McAfee) SIEM visualizes and centrally manages logs output from various devices on corporate networks, such as security devices, OS, databases, applications, and network devices, and provides real-time analysis and reports.
In addition, correlation analysis linked to the world's largest threat database enables early detection and rapid response to threats.
Security management by Trellix (former McAfee) SIEM
1. Surveillance
- Centralized management and visualization of a wide variety of logs through normalization
-
- Collect event and flow information from various 3rd party devices such as firewalls, IPS, switches, routers, applications and servers
- Rapidly process a large number of events and quickly visualize the security situation
- Dashboard with excellent flexibility and operability
-
- Over 850 dashboard templates come standard and are easily customizable to your needs
- Efficient understanding of security events through monitoring that matches the environment, investigation and analysis according to the scene
2. Detection
- Early detection of potential threats with correlation analysis
-
- Correlation analysis that combines and verifies events from the same device/multiple devices enables early detection of potential threats
- Over 200 pre-installed correlation analysis templates, automatically updated
- Harnessing intelligence
Links with Trellix (formerly McAfee) GTI (Global Threat Intelligence), which investigates and collects more than 64 billion queries of threat information daily from more than 100 million nodes in 120 countries around the world, and captures threat information (IOC) in STIX format. to quickly detect the latest threats
3. Analysis
- Expedite investigation and analysis by drilling down from the dashboard
By simply drilling down on the events on the dashboard, you can narrow down the information you need and quickly identify detailed information and causes. Dramatically shortens incident investigation and analysis, which used to take a long time
- Ability to raise tickets and track incidents
-
- By creating a case for the detected incident and managing the severity, person in charge, response status, etc., it is possible to respond efficiently in an organized manner.
- Realize effective incidents by utilizing past tickets as knowledge
4. Countermeasures
- Actionable SIEM to minimize damage
In addition to issuing alerts and reports when incidents are detected like general SIEM products, it is possible to minimize damage by automatically linking with other security products and immediately blocking threats.
- Analysis method rules to improve detection accuracy
-
- Correlation analysis rules, blacklists, etc. can be easily customized to meet security requirements that vary greatly depending on the IT and business environment.
- Security can be improved through continuous improvement
*Trellix (former McAfee) SIEM Service Delivery Specialization Certified Partner
It is one of the partner programs established by McAfee, and holds certifications that are required when providing some products that require special skills to design and build, such as Trellix (formerly McAfee) SIEM.
Macnica 's Trellix (formerly McAfee) SIEM engineers will support you from proposal to construction to operation.
Inquiry/Document request
In charge of Macnica Trellix Co., Ltd.
- TEL:045-476-2010
Mon-Fri 8:45-17:30
