McAfee looks to make a splash in the SIEM space following its integration of NitroSecurity
McAfee has built on last year’s acquisition of NitroSecurity by introducing a fresh Security Information and Events Management (SIEM) offering, killing off the NitroView name.
McAfee Enterprise Security Manager brings in 300 sources to amalgamate valuable threat information for customers, whether that be historical or real-time data, the security giant announced at InfoSecurity 2012 today.
That’s not as many sources as one of McAfee’s big SIEM rivals, IBM, which built on its own acquisition of Q1 Labs earlier this year in releasing a product with over 400 sources.
The SIEM market is now a hugely competitive one, with HP’s products based on its Arcsight acquisition and other smaller independent players like LogLogic still performing well. Major security names like Symantec and RSA have also scored well with analysts.
Intel-owned McAfee didn’t have much to say in the SIEM space until it bought NitroSecurity, which was seen as one of the more innovative players in the industry by Gartner.
“Less than six months after acquisition we are already taking major steps to advance situational awareness with our security management solutions,” said Stuart McClure, worldwide chief technology officer and general manager of the security management business unit at McAfee. “McAfee customers receive the most intelligent and fastest SIEM on the market and receive greater value from the McAfee solutions they have already invested in.”
McAfee thinks its biggest differentiator is the scalable database at the core of the product, which has been designed to cope with big data tasks. According to the security giant, the database is capable of processing billions of events per day. Tied into other McAfee products, it will be able to take actions on the information, just as in other SIEM offerings.
McAfee’s SIEM Security Manager uses a patented data management technology known as NitroEDB. The NitroEDB is a fully relational database management system (RDBMS). “The NitroEDB represents a current investment of several hundred thousand development hours of effort and tens of millions of dollars invested,” Mohan Ramanathan, enterprise solutions architect at McAfee, told TechWeekEurope.
“There are a multitude of NitroEDB-specific enhancements over standard RDBMS’s which result in significantly higher performance on insert and query (even compared to other data management schemes including clusters, flatfiles, nosql, etc.), all while handling extremely large data sets.
“In the SIEM world, the NitroEDB excels at functionality that end users leverage to make sense of their ‘big
data’ security and operations environments.
“As an example, a function called N-Tree aggregation allows the NitroEDB to calculate sums averages and standard deviations almost instantaneously. This translates to a security operator who can immediately identify variation from ‘normal’ behavior in his environment.”
McAfee believes other SIEM vendors are “struggling to keep up with exponentially increasing data flows”.
Think you know security? Try our quiz!