SlideShare a Scribd company logo
1 of 30
Download to read offline
McAfee Security Connected
Actionable Situational Awareness

Boubker Elmouttahid, CISSP, CISM, CRISC
Solution Architect, Management Platform
October 17, 2013

Confidential McAfee Internal Use Only
Security Connected Platform
NETWORK SECURITY
Access Control
Identity & Authentication
Intrusion Prevention
Network User Behavior Analysis
Next Generation Firewall

INFORMATION SECURITY

Data Loss Prevention
Email Security
Encryption
Web Security

SECURITY MANAGEMENT
Compliance
Policy Auditing & Management
Risk Management
Security Operations Console
SIEM
Vulnerability Management

ENDPOINT SECURITY
Application Whitelisting
Desktop Firewall
Device Control
Device Encryption
Email Protection
Embedded Device Protection
Endpoint Web Protection
Host Intrusion Protection
Malware Protection
Network Access Control
On Chip (Silicon-Based) Security
Server & Database Protection
Smartphone & Tablet Protection
Virtual Machine & VDI Protection

PARTNER COMMUNITY
Global Strategic Alliance Partners
McAfee Connected
Security Innovation Alliance (SIA)

Confidential McAfee Internal Use Only
Partners and An Open, Full-Featured Platform
Integrated Solutions Deliver

Management

z

3

Confidential McAfee Internal Use Only
McAfee Labs
• Multi-discipline security research
– Malware (viruses, spyware, rootkits, etc.)
– Spam and Phishing
– Web Security
– Network and Host Intrusion Prevention
– Vulnerabilities and Compliance Checks

• 24 x 7 emergency response team

26 cities around the world
400+ researchers

• Holds 118+ patents and 148+ pending patents

Confidential McAfee Internal Use Only
What It Takes to Make An Organization Safe
Global Threat Intelligence

Threat
Reputation

Network IPS

Firewall

Web
Gateway

Mail Gateway

Host AV

Host IPS

3rd Party Feed

.

Confidential McAfee Internal Use Only
112 Reputation Servers in 7 Data Centers

DataStore

London
Chicago

San Jose

Atlanta

Amsterdam
Tokyo
Hong Kong

Confidential McAfee Internal Use Only
McAfee Threat Landscape
The Core Problem

Confidential McAfee Internal Use Only
Key Motivations
Ego

Financial

Espionage

Weaponry

Purpose

Confidential McAfee Internal Use Only
Key Threats
MANUFACTURING

MEDICAL
DEVICE

ENERGY

DATA
BASE
SCADA
MOBILE

EMBEDDED
RSA

CONFICKER

SILICON

NIGHT
DRAGON

SMART CARS

STUXNET

AURORA

SOCIAL
MEDIA

ZEUS

ATM/KIOSK
APPS
ENTERTAINMENT
RF/IR
BLUETOOTH

WEB

VIRTUAL

Confidential McAfee Internal Use Only
Total Malware Samples
The McAfee “zoo” now contains more than 140 million unique malware samples.

Total Malware Samples
160 000 000
140 000 000
120 000 000

100 000 000
80 000 000
60 000 000
40 000 000

20 000 000
0
Jul-12 Aug-12 Sep-12 Oct-12 Nov-12 Dec-12 Jan-13 Feb-13 Mar-13 Apr-13 May-13 Jun-13
16

Confidential McAfee Internal Use Only
Enterprise IT BIG Bets 2013 
…. Enable “Situational Security Awareness” through Big Security Data
•

Situational Security Awareness trough Big Security
Data

•

Less “Matching” more Trending

PROCESSING
DEMANDS

•

Long term analysis for “low and slow”

DATA

•

Continuous compliance monitoring

•

Immediate information access

USE CASES
INSTRUMENTATION

2000

Perimeter
Security

Compliance

Insider
Threat

Data
Security

2013 ……
Confidential McAfee Internal Use Only
Big Data vs. Big Security Data

Big Data

•

Size of security data doubling
annually

•

Advanced threats demand
collecting more data

•

Legacy data management
approaches failing

•

SIEM use shifting from
compliance to security

Datasets whose size and variety is beyond the ability of
typical database software to capture, store, manage &
analyse.

Big SECURITY Data
Understanding security data as big data.
•

How do I gather security context?

•

How do I manage big security information?

•

How do I make security information management work?

Confidential McAfee Internal Use Only
“The Importance” of Big Security Data

Old Attacks
• Amateurs

New

• Noisy

• Professionals

• Curious/Mischievous

• Stealthy

• Script driven

• For profit/intentional damage

• Untargeted

• Professionally developed

• Targeted
• Automated situational awareness
• Global threat intelligence

19

Confidential McAfee Internal Use Only
The Big Security Data Challenge

APTs

Billions of Events
Multi-dimensional Active Trending;
Analysis

Cloud
Data
Insider

Large Volume Analysis

Anomalies

Compliance

Historical Reporting

Thousands of Events
Perimeter

Correlate Events
Consolidate Logs
Confidential McAfee Internal Use Only
The Big Security Data Challenge

October 17, 2013

Confidential McAfee Internal Use Only
THINK FAST…ACT FAST
Actionable Situational Awareness through Enhanced Data Management and Integration

Move Fast

Learn Quickly

Act Decisively

Purpose built data
management
engine that makes
SIEM work, and is
Security ‘Big Data’
ready

Turns billions of
“so what” events
into Actionable
Information via
context, content
and advanced
analytics

Leveraging the
value of Security
Connected for
faster response
whilst lowering
cost of ownership

Confidential McAfee Internal Use Only
MOVE FAST
eDB: Purpose built data management engine that makes SIEM work

McAfee ESM

Extended Schema in 9.2, enabling…
• Improved tracking of assets via GUID;
increases accuracy as IP’s change

eDB

• More custom fields; increasing data collected,
correlated and reported about an event
• Ability to accumulate events (throughput,
packets, URL’s, etc…)
…without compromising performance!

Confidential McAfee Internal Use Only
Learn Quickly
Establishing baselines to identify deviations

Defining abnormal
Rolling Averages patterns of activity

24

Confidential McAfee Internal Use Only
Learn Quickly
Establishing baselines to identify deviations

Sum events and
track averages
Alert based on deviations from norm

ID Anomalies

25

Eliminate the Guesswork

Confidential McAfee Internal Use Only
Learn Quickly,
Global Threat Intelligence and IP Reputation
IP REPUTATION CHECK

GOOD

SUSPECT

AUTOMATIC RISK ANALYSIS VIA
ADVANCED CORRELATION
ENGINE

BAD

Medium Risk

High Risk

EVENT

AUTOMATIC IDENTIFICATION

McAfee Labs
IP Reputation Updates
Botnet/
DDos

Mail/
Spam
Sending

Web Access

Malware
Hosting

Network
Probing

Network
Probing

Presence of
Malware

DNS Hosting
Activity

Intrusion
Attacks

Confidential McAfee Internal Use Only
Learn Quickly
Correlating Both Flows and Events
Correlate Event and
Flow

Flow
1 1 100 010011 10
1 0011 100 011 100 1
1 1 100 010011 100
10010001 1 1 100 010011
011 100 10010001
1 1 100 010011 100 10010001 1 1 100 010011 100 11
1 0011 100 011 100 110101 1 100 011 100 10010001
011 100 10010001
10010001 1 1 100 010011
1 1 100 010011 100
1 0011 100 011 100 1
1 1 100 010011

Advanced Correlation
11 001 100 010011 100 10010001
100110 11 1 110 10 110
00 1001 100110 100 010011 11 100
1 110 10 010011 001 100 110
001 100 010011 100 10010001
100110 11 1 110 10 110

Event

Enhanced with GTI

Identify spikes in
activity

Analyze Behavior of an
Individual Host
Monitor compliance
via analysis of
application data,
protocol and user
Detect zero-day
threats through traffic
profiling

Confidential McAfee Internal Use Only
ACT DECISIVELY
Leverage the power of the platform
Global
Threat
Intelligence

Vulnerability
Manager

Compliance
Reporting

Streamlined
Investigations

1001
100110
01011

ePolicy
Orchestrator

Event
Collection

Policy
Management

Log
Management

Network
Security
Platform

Advanced
Correlation

Integrated Security Platform

Industry Leading Security Information and Event Management
Confidential McAfee Internal Use Only
Organized Chaos
Security Operating in Silo’s (Data interconnection Left & Right)

SIEM

Confidential McAfee Internal Use Only
LEARN QUICKLY & ACT DECISIVELY
Security Connected - Intelligent Orchestration & Integration

DLP

GTI

MAM
Asset Inventory &
On-demand scan

Dynamic Enrichment

MVM
MEG

ADM

ESM
FW
MWG
Endpoint & SIA Alerts
& Policy Enforcement

ePO

Network Alerts
& Quarantine

NTBA

DAM

NSP
Confidential McAfee Internal Use Only
ACT DECISIVELY
Intelligent Orchestration and Integration

NSM

11 001 100 010011 100 10010001
100110 11 1 110 10 110
10010001
100 1001 100110 100 010011 11 100 1
110 10 010011 001 100 110
10010001
11 001 100 010011 100 10010001
100110 11 1 110 10 110

ESM
My Pal
RT@aguyweknow Very Inspiring
article Bit.ly/p0wn3d

!
ePO

!

!

Detect Connection
Attempt
Correlation
Quarantine Endpoint
Trigger Alarm
Launch AV Scan
Quarantine IP
Increase Security
McAfee ESM
• Unmatched Speed
– Industry’s Fastest SIEM
– 100x to 1,000x faster than current solutions
– Queries, correlation and analysis in minutes, not hours

• Unmatched Scale
–
–
–
–

Collect all relevant data, not selected sub-sets
Analyze months and years of data, not weeks
Include higher layer context and content information
Scales easily to billions of data records

• Improves
– Operational efficiencies and optimizes security

• Enhances
– Visibility & control on risk and helps you to stay compliant with regulations

• Demonstrates
– Measurable ROI and reduced TCO by delivering ease of use & Scalable
NG SIEM solution
McAfee ESM
2013 market Leadership and Recognition
 SIEM MQ “Visionary Leader”
– Gartner 2012 & 2013 SIEM Magic Quadrant

 “Fastest database in the business, truly creative front end”
– SC Magazine, Excellent value for the money, February, 2012

 “Best log management solution”
– InfoWorld 2011 Technology of the Year, January, 2011

 “ESM has attained tier-one status alongside larger organizations”
– Ovum, Technology Audit, July, 2011

 “One of the most useful and seamless incident response-focused
SIEM products available today”
– The 451 Group, Impact Report, June, 2010

 “Top performance, 2nd lowest price”
– Info-Tech Research Group Vendor Landscape, June, 2011
Summary
Actionable Situational Awareness from McAfee ESM

ESM ALLOWS YOU TO….

MOVE FAST

LEARN QUICKLY

ACT DECISIVELY

Confidential McAfee Internal Use Only
Demo

35

October 17, 2013

Confidential McAfee Internal Use Only
Confidential McAfee Internal Use Only

More Related Content

What's hot

Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceCamilo Fandiño Gómez
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardEMC
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009johndyson1
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapEric Johansen, CISSP
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalMahmoud Yassin
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapDATA SECURITY SOLUTIONS
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)Osama Ellahi
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalArrow ECS UK
 
Cloud computing security infrastructure
Cloud computing security   infrastructureCloud computing security   infrastructure
Cloud computing security infrastructureIntel IT Center
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Alert Logic
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security IntelligenceAnna Landolfi
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security WebinarAVEVA
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectioninfoLock Technologies
 

What's hot (20)

Whitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security IntelligenceWhitepaper IBM Qradar Security Intelligence
Whitepaper IBM Qradar Security Intelligence
 
From SIEM to SA: The Path Forward
From SIEM to SA: The Path ForwardFrom SIEM to SA: The Path Forward
From SIEM to SA: The Path Forward
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...Extended Detection and Response (XDR)An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
IBM Security QRadar
 IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
 
Siem Overview 2009
Siem Overview 2009Siem Overview 2009
Siem Overview 2009
 
Security Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM GapSecurity Analytics for Data Discovery - Closing the SIEM Gap
Security Analytics for Data Discovery - Closing the SIEM Gap
 
Bulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat LandscapefinalBulding Soc In Changing Threat Landscapefinal
Bulding Soc In Changing Threat Landscapefinal
 
IBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmapIBM Q-radar security intelligence roadmap
IBM Q-radar security intelligence roadmap
 
SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)SIEM (Security Information and Event Management)
SIEM (Security Information and Event Management)
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_final
 
Cloud computing security infrastructure
Cloud computing security   infrastructureCloud computing security   infrastructure
Cloud computing security infrastructure
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
IBM Security Intelligence
IBM Security IntelligenceIBM Security Intelligence
IBM Security Intelligence
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
SCADA Security Webinar
SCADA Security WebinarSCADA Security Webinar
SCADA Security Webinar
 
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat ProtectionSymantec Cyber Security Solutions | MSS and Advanced Threat Protection
Symantec Cyber Security Solutions | MSS and Advanced Threat Protection
 

Similar to MID_SIEM_Boubker_EN

Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DaySymantec
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Decisions
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionBlue Coat
 
Fernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando M. Imperiale
 
IBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESIBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESFernando M. Imperiale
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CloudIDSummit
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & ResponseHarry McLaren
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overviewxband
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorFMA Summits
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Responsexband
 

Similar to MID_SIEM_Boubker_EN (20)

Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015Scalar Security Roadshow April 2015
Scalar Security Roadshow April 2015
 
Revolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat ProtectionRevolutionizing Advanced Threat Protection
Revolutionizing Advanced Threat Protection
 
Fernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMES
 
IBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESIBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMES
 
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
Symantec Webinar: What Cyber Threats Are Lurking in Your Network?
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
XG Firewall
XG FirewallXG Firewall
XG Firewall
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
 
Cisco Security Presentation
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
 
Bezpečnost není jen antivirus
Bezpečnost není jen antivirusBezpečnost není jen antivirus
Bezpečnost není jen antivirus
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Big Data For Threat Detection & Response
Big Data For Threat Detection & ResponseBig Data For Threat Detection & Response
Big Data For Threat Detection & Response
 
IBM Security Strategy Overview
IBM Security Strategy OverviewIBM Security Strategy Overview
IBM Security Strategy Overview
 
IBM Security Strategy
IBM Security StrategyIBM Security Strategy
IBM Security Strategy
 
IBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy SectorIBM: Cognitive Security Transformation for the Enrgy Sector
IBM: Cognitive Security Transformation for the Enrgy Sector
 
Security Operations and Response
Security Operations and ResponseSecurity Operations and Response
Security Operations and Response
 

More from Vladyslav Radetsky

Сам собі sandbox або як перевіряти файли
Сам собі sandbox або як перевіряти файлиСам собі sandbox або як перевіряти файли
Сам собі sandbox або як перевіряти файлиVladyslav Radetsky
 
2й фактор для телефону
2й фактор для телефону2й фактор для телефону
2й фактор для телефонуVladyslav Radetsky
 
Безпека телефонів для ЗСУ, ТРО та волонтерів
Безпека телефонів для ЗСУ, ТРО та волонтерівБезпека телефонів для ЗСУ, ТРО та волонтерів
Безпека телефонів для ЗСУ, ТРО та волонтерівVladyslav Radetsky
 
Cybersecurity during real WAR [English version]
Cybersecurity during real WAR [English version]Cybersecurity during real WAR [English version]
Cybersecurity during real WAR [English version]Vladyslav Radetsky
 
Кіберзахист в умовах війни
Кіберзахист в умовах війниКіберзахист в умовах війни
Кіберзахист в умовах війниVladyslav Radetsky
 
"Мистецтво захисту бар'єрів"
"Мистецтво захисту бар'єрів""Мистецтво захисту бар'єрів"
"Мистецтво захисту бар'єрів"Vladyslav Radetsky
 
Практичні рецепти захисту
Практичні рецепти захистуПрактичні рецепти захисту
Практичні рецепти захистуVladyslav Radetsky
 
McAfee – конструктор Lego для ІБ
McAfee – конструктор Lego для ІБMcAfee – конструктор Lego для ІБ
McAfee – конструктор Lego для ІБVladyslav Radetsky
 
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatBasic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatVladyslav Radetsky
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Vladyslav Radetsky
 
Як не стати жертвою ?
Як не стати жертвою ?Як не стати жертвою ?
Як не стати жертвою ?Vladyslav Radetsky
 
Логи (анти)вірусних війн 2019-2020
Логи (анти)вірусних війн 2019-2020Логи (анти)вірусних війн 2019-2020
Логи (анти)вірусних війн 2019-2020Vladyslav Radetsky
 
McAfee ENS 10.7 - що нового ?
McAfee ENS 10.7 - що нового ?McAfee ENS 10.7 - що нового ?
McAfee ENS 10.7 - що нового ?Vladyslav Radetsky
 
Типові помилки при впровадженні DLP #2
Типові помилки при впровадженні DLP #2Типові помилки при впровадженні DLP #2
Типові помилки при впровадженні DLP #2Vladyslav Radetsky
 
Типові помилки при впровадженні DLP
Типові помилки при впровадженні DLPТипові помилки при впровадженні DLP
Типові помилки при впровадженні DLPVladyslav Radetsky
 
Невивчені уроки або логи антивірусних війн
Невивчені уроки або логи антивірусних війнНевивчені уроки або логи антивірусних війн
Невивчені уроки або логи антивірусних війнVladyslav Radetsky
 
NSP та MWG - захист мережевого трафіку
NSP та MWG - захист мережевого трафікуNSP та MWG - захист мережевого трафіку
NSP та MWG - захист мережевого трафікуVladyslav Radetsky
 
Робота із malware. McAfee ATD+TIE+DXL/OpenDXL
Робота із malware. McAfee ATD+TIE+DXL/OpenDXLРобота із malware. McAfee ATD+TIE+DXL/OpenDXL
Робота із malware. McAfee ATD+TIE+DXL/OpenDXLVladyslav Radetsky
 
Історії з практики. Боротьба із malware.
Історії з практики. Боротьба із malware. Історії з практики. Боротьба із malware.
Історії з практики. Боротьба із malware. Vladyslav Radetsky
 
Практики застосування рішень McAfee. Історії успіху.
Практики застосування рішень McAfee. Історії успіху.Практики застосування рішень McAfee. Історії успіху.
Практики застосування рішень McAfee. Історії успіху.Vladyslav Radetsky
 

More from Vladyslav Radetsky (20)

Сам собі sandbox або як перевіряти файли
Сам собі sandbox або як перевіряти файлиСам собі sandbox або як перевіряти файли
Сам собі sandbox або як перевіряти файли
 
2й фактор для телефону
2й фактор для телефону2й фактор для телефону
2й фактор для телефону
 
Безпека телефонів для ЗСУ, ТРО та волонтерів
Безпека телефонів для ЗСУ, ТРО та волонтерівБезпека телефонів для ЗСУ, ТРО та волонтерів
Безпека телефонів для ЗСУ, ТРО та волонтерів
 
Cybersecurity during real WAR [English version]
Cybersecurity during real WAR [English version]Cybersecurity during real WAR [English version]
Cybersecurity during real WAR [English version]
 
Кіберзахист в умовах війни
Кіберзахист в умовах війниКіберзахист в умовах війни
Кіберзахист в умовах війни
 
"Мистецтво захисту бар'єрів"
"Мистецтво захисту бар'єрів""Мистецтво захисту бар'єрів"
"Мистецтво захисту бар'єрів"
 
Практичні рецепти захисту
Практичні рецепти захистуПрактичні рецепти захисту
Практичні рецепти захисту
 
McAfee – конструктор Lego для ІБ
McAfee – конструктор Lego для ІБMcAfee – конструктор Lego для ІБ
McAfee – конструктор Lego для ІБ
 
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatBasic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threat
 
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
Перевірка роботи McAfee ENS. MVISION Insights SUNBURST.
 
Як не стати жертвою ?
Як не стати жертвою ?Як не стати жертвою ?
Як не стати жертвою ?
 
Логи (анти)вірусних війн 2019-2020
Логи (анти)вірусних війн 2019-2020Логи (анти)вірусних війн 2019-2020
Логи (анти)вірусних війн 2019-2020
 
McAfee ENS 10.7 - що нового ?
McAfee ENS 10.7 - що нового ?McAfee ENS 10.7 - що нового ?
McAfee ENS 10.7 - що нового ?
 
Типові помилки при впровадженні DLP #2
Типові помилки при впровадженні DLP #2Типові помилки при впровадженні DLP #2
Типові помилки при впровадженні DLP #2
 
Типові помилки при впровадженні DLP
Типові помилки при впровадженні DLPТипові помилки при впровадженні DLP
Типові помилки при впровадженні DLP
 
Невивчені уроки або логи антивірусних війн
Невивчені уроки або логи антивірусних війнНевивчені уроки або логи антивірусних війн
Невивчені уроки або логи антивірусних війн
 
NSP та MWG - захист мережевого трафіку
NSP та MWG - захист мережевого трафікуNSP та MWG - захист мережевого трафіку
NSP та MWG - захист мережевого трафіку
 
Робота із malware. McAfee ATD+TIE+DXL/OpenDXL
Робота із malware. McAfee ATD+TIE+DXL/OpenDXLРобота із malware. McAfee ATD+TIE+DXL/OpenDXL
Робота із malware. McAfee ATD+TIE+DXL/OpenDXL
 
Історії з практики. Боротьба із malware.
Історії з практики. Боротьба із malware. Історії з практики. Боротьба із malware.
Історії з практики. Боротьба із malware.
 
Практики застосування рішень McAfee. Історії успіху.
Практики застосування рішень McAfee. Історії успіху.Практики застосування рішень McAfee. Історії успіху.
Практики застосування рішень McAfee. Історії успіху.
 

Recently uploaded

How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 

Recently uploaded (20)

How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 

MID_SIEM_Boubker_EN

  • 1. McAfee Security Connected Actionable Situational Awareness Boubker Elmouttahid, CISSP, CISM, CRISC Solution Architect, Management Platform October 17, 2013 Confidential McAfee Internal Use Only
  • 2. Security Connected Platform NETWORK SECURITY Access Control Identity & Authentication Intrusion Prevention Network User Behavior Analysis Next Generation Firewall INFORMATION SECURITY Data Loss Prevention Email Security Encryption Web Security SECURITY MANAGEMENT Compliance Policy Auditing & Management Risk Management Security Operations Console SIEM Vulnerability Management ENDPOINT SECURITY Application Whitelisting Desktop Firewall Device Control Device Encryption Email Protection Embedded Device Protection Endpoint Web Protection Host Intrusion Protection Malware Protection Network Access Control On Chip (Silicon-Based) Security Server & Database Protection Smartphone & Tablet Protection Virtual Machine & VDI Protection PARTNER COMMUNITY Global Strategic Alliance Partners McAfee Connected Security Innovation Alliance (SIA) Confidential McAfee Internal Use Only
  • 3. Partners and An Open, Full-Featured Platform Integrated Solutions Deliver Management z 3 Confidential McAfee Internal Use Only
  • 4. McAfee Labs • Multi-discipline security research – Malware (viruses, spyware, rootkits, etc.) – Spam and Phishing – Web Security – Network and Host Intrusion Prevention – Vulnerabilities and Compliance Checks • 24 x 7 emergency response team 26 cities around the world 400+ researchers • Holds 118+ patents and 148+ pending patents Confidential McAfee Internal Use Only
  • 5. What It Takes to Make An Organization Safe Global Threat Intelligence Threat Reputation Network IPS Firewall Web Gateway Mail Gateway Host AV Host IPS 3rd Party Feed . Confidential McAfee Internal Use Only
  • 6. 112 Reputation Servers in 7 Data Centers DataStore London Chicago San Jose Atlanta Amsterdam Tokyo Hong Kong Confidential McAfee Internal Use Only
  • 7. McAfee Threat Landscape The Core Problem Confidential McAfee Internal Use Only
  • 10. Total Malware Samples The McAfee “zoo” now contains more than 140 million unique malware samples. Total Malware Samples 160 000 000 140 000 000 120 000 000 100 000 000 80 000 000 60 000 000 40 000 000 20 000 000 0 Jul-12 Aug-12 Sep-12 Oct-12 Nov-12 Dec-12 Jan-13 Feb-13 Mar-13 Apr-13 May-13 Jun-13 16 Confidential McAfee Internal Use Only
  • 11. Enterprise IT BIG Bets 2013  …. Enable “Situational Security Awareness” through Big Security Data • Situational Security Awareness trough Big Security Data • Less “Matching” more Trending PROCESSING DEMANDS • Long term analysis for “low and slow” DATA • Continuous compliance monitoring • Immediate information access USE CASES INSTRUMENTATION 2000 Perimeter Security Compliance Insider Threat Data Security 2013 …… Confidential McAfee Internal Use Only
  • 12. Big Data vs. Big Security Data Big Data • Size of security data doubling annually • Advanced threats demand collecting more data • Legacy data management approaches failing • SIEM use shifting from compliance to security Datasets whose size and variety is beyond the ability of typical database software to capture, store, manage & analyse. Big SECURITY Data Understanding security data as big data. • How do I gather security context? • How do I manage big security information? • How do I make security information management work? Confidential McAfee Internal Use Only
  • 13. “The Importance” of Big Security Data Old Attacks • Amateurs New • Noisy • Professionals • Curious/Mischievous • Stealthy • Script driven • For profit/intentional damage • Untargeted • Professionally developed • Targeted • Automated situational awareness • Global threat intelligence 19 Confidential McAfee Internal Use Only
  • 14. The Big Security Data Challenge APTs Billions of Events Multi-dimensional Active Trending; Analysis Cloud Data Insider Large Volume Analysis Anomalies Compliance Historical Reporting Thousands of Events Perimeter Correlate Events Consolidate Logs Confidential McAfee Internal Use Only
  • 15. The Big Security Data Challenge October 17, 2013 Confidential McAfee Internal Use Only
  • 16. THINK FAST…ACT FAST Actionable Situational Awareness through Enhanced Data Management and Integration Move Fast Learn Quickly Act Decisively Purpose built data management engine that makes SIEM work, and is Security ‘Big Data’ ready Turns billions of “so what” events into Actionable Information via context, content and advanced analytics Leveraging the value of Security Connected for faster response whilst lowering cost of ownership Confidential McAfee Internal Use Only
  • 17. MOVE FAST eDB: Purpose built data management engine that makes SIEM work McAfee ESM Extended Schema in 9.2, enabling… • Improved tracking of assets via GUID; increases accuracy as IP’s change eDB • More custom fields; increasing data collected, correlated and reported about an event • Ability to accumulate events (throughput, packets, URL’s, etc…) …without compromising performance! Confidential McAfee Internal Use Only
  • 18. Learn Quickly Establishing baselines to identify deviations Defining abnormal Rolling Averages patterns of activity 24 Confidential McAfee Internal Use Only
  • 19. Learn Quickly Establishing baselines to identify deviations Sum events and track averages Alert based on deviations from norm ID Anomalies 25 Eliminate the Guesswork Confidential McAfee Internal Use Only
  • 20. Learn Quickly, Global Threat Intelligence and IP Reputation IP REPUTATION CHECK GOOD SUSPECT AUTOMATIC RISK ANALYSIS VIA ADVANCED CORRELATION ENGINE BAD Medium Risk High Risk EVENT AUTOMATIC IDENTIFICATION McAfee Labs IP Reputation Updates Botnet/ DDos Mail/ Spam Sending Web Access Malware Hosting Network Probing Network Probing Presence of Malware DNS Hosting Activity Intrusion Attacks Confidential McAfee Internal Use Only
  • 21. Learn Quickly Correlating Both Flows and Events Correlate Event and Flow Flow 1 1 100 010011 10 1 0011 100 011 100 1 1 1 100 010011 100 10010001 1 1 100 010011 011 100 10010001 1 1 100 010011 100 10010001 1 1 100 010011 100 11 1 0011 100 011 100 110101 1 100 011 100 10010001 011 100 10010001 10010001 1 1 100 010011 1 1 100 010011 100 1 0011 100 011 100 1 1 1 100 010011 Advanced Correlation 11 001 100 010011 100 10010001 100110 11 1 110 10 110 00 1001 100110 100 010011 11 100 1 110 10 010011 001 100 110 001 100 010011 100 10010001 100110 11 1 110 10 110 Event Enhanced with GTI Identify spikes in activity Analyze Behavior of an Individual Host Monitor compliance via analysis of application data, protocol and user Detect zero-day threats through traffic profiling Confidential McAfee Internal Use Only
  • 22. ACT DECISIVELY Leverage the power of the platform Global Threat Intelligence Vulnerability Manager Compliance Reporting Streamlined Investigations 1001 100110 01011 ePolicy Orchestrator Event Collection Policy Management Log Management Network Security Platform Advanced Correlation Integrated Security Platform Industry Leading Security Information and Event Management Confidential McAfee Internal Use Only
  • 23. Organized Chaos Security Operating in Silo’s (Data interconnection Left & Right) SIEM Confidential McAfee Internal Use Only
  • 24. LEARN QUICKLY & ACT DECISIVELY Security Connected - Intelligent Orchestration & Integration DLP GTI MAM Asset Inventory & On-demand scan Dynamic Enrichment MVM MEG ADM ESM FW MWG Endpoint & SIA Alerts & Policy Enforcement ePO Network Alerts & Quarantine NTBA DAM NSP Confidential McAfee Internal Use Only
  • 25. ACT DECISIVELY Intelligent Orchestration and Integration NSM 11 001 100 010011 100 10010001 100110 11 1 110 10 110 10010001 100 1001 100110 100 010011 11 100 1 110 10 010011 001 100 110 10010001 11 001 100 010011 100 10010001 100110 11 1 110 10 110 ESM My Pal RT@aguyweknow Very Inspiring article Bit.ly/p0wn3d ! ePO ! ! Detect Connection Attempt Correlation Quarantine Endpoint Trigger Alarm Launch AV Scan Quarantine IP Increase Security
  • 26. McAfee ESM • Unmatched Speed – Industry’s Fastest SIEM – 100x to 1,000x faster than current solutions – Queries, correlation and analysis in minutes, not hours • Unmatched Scale – – – – Collect all relevant data, not selected sub-sets Analyze months and years of data, not weeks Include higher layer context and content information Scales easily to billions of data records • Improves – Operational efficiencies and optimizes security • Enhances – Visibility & control on risk and helps you to stay compliant with regulations • Demonstrates – Measurable ROI and reduced TCO by delivering ease of use & Scalable NG SIEM solution
  • 27. McAfee ESM 2013 market Leadership and Recognition  SIEM MQ “Visionary Leader” – Gartner 2012 & 2013 SIEM Magic Quadrant  “Fastest database in the business, truly creative front end” – SC Magazine, Excellent value for the money, February, 2012  “Best log management solution” – InfoWorld 2011 Technology of the Year, January, 2011  “ESM has attained tier-one status alongside larger organizations” – Ovum, Technology Audit, July, 2011  “One of the most useful and seamless incident response-focused SIEM products available today” – The 451 Group, Impact Report, June, 2010  “Top performance, 2nd lowest price” – Info-Tech Research Group Vendor Landscape, June, 2011
  • 28. Summary Actionable Situational Awareness from McAfee ESM ESM ALLOWS YOU TO…. MOVE FAST LEARN QUICKLY ACT DECISIVELY Confidential McAfee Internal Use Only
  • 29. Demo 35 October 17, 2013 Confidential McAfee Internal Use Only