product
service
Specifications/Technical Information
- McAfee Network Security Platform Technical Information - High Performance Intrusion Prevention IPS
- McAfee Network Security Platform Specifications - High Performance Intrusion Prevention IPS
- McAfee Advanced Threat Defense Technical Information - Malware Detection
- McAfee Advanced Threat Defense Specification - Malware Detection
- McAfee SIEM Knowledge Base - Threat Visibility with Log Analysis
McAfee
McAfee
McAfee SIEM(McAfee Security Information and Event Management)
McAfee SIEMの概要
McAfee SIEMは、セキュリティデバイス、OS、データベース、アプリケーション、ネットワーク機器など、企業ネットワーク上のさまざまなデバイスから出力されるログを可視化、一元管理し、リアルタイムで分析・レポートを提供します。
また、世界最大規模の脅威データベースと連動した相関分析によって、脅威の早期発見と迅速対応を可能にします。
McAfee SIEMによるセキュリティマネジメント
1. Surveillance
- Centralized management and visualization of a wide variety of logs through normalization
-
- Collect event and flow information from various 3rd party devices such as firewalls, IPS, switches, routers, applications and servers
- Rapidly process a large number of events and quickly visualize the security situation
- Dashboard with excellent flexibility and operability
-
- Over 850 dashboard templates come standard and are easily customizable to your needs
- Efficient understanding of security events through monitoring that matches the environment, investigation and analysis according to the scene
2. Detection
- Early detection of potential threats with correlation analysis
-
- Correlation analysis that combines and verifies events from the same device/multiple devices enables early detection of potential threats
- Over 200 pre-installed correlation analysis templates, automatically updated
- Harnessing intelligence
世界120ヵ国1億以上のノードから、毎日640億クエリ以上の脅威情報を調査収集しているMcAfee GTI(Global Threat Intelligence)との連携や、STIX形式の脅威情報(IOC)を取り込むことで、最新の脅威もいち早く検知
3. Analysis
- Expedite investigation and analysis by drilling down from the dashboard
By simply drilling down on the events on the dashboard, you can narrow down the information you need and quickly identify detailed information and causes. Dramatically shortens incident investigation and analysis, which used to take a long time
- Ability to raise tickets and track incidents
-
- By creating a case for the detected incident and managing the severity, person in charge, response status, etc., it is possible to respond efficiently in an organized manner.
- Realize effective incidents by utilizing past tickets as knowledge
4. Countermeasures
- Actionable SIEM to minimize damage
In addition to issuing alerts and reports when incidents are detected like general SIEM products, it is possible to minimize damage by automatically linking with other security products and immediately blocking threats.
- Analysis method rules to improve detection accuracy
-
- Correlation analysis rules, blacklists, etc. can be easily customized to meet security requirements that vary greatly depending on the IT and business environment.
- Security can be improved through continuous improvement
※McAfee SIEMサービスデリバリー・スペシャライゼーション認定パートナー
マカフィーが定めるパートナープログラムのうちの一つで、McAfee SIEMなど設計・構築に特別なスキルを必要とするいくつかの製品を提供する際に必須となる認定資格を保有しています。
提案~構築~運用まで一貫して、マクニカのMcAfee SIEM専任エンジニアがお客様をサポートします。
