This has been quite a challenging year for McAfee, as they not only roll out their vision but also start to fulfill that particular vision.
McAfee has established the world view: cloud and endpoint as the critical control points for cybersecurity and the Center of Security Operations (SOC) as the situation room and the central analytics hub. While McAfee has talked a lot about cloud and endpoint over the last year, they have only recently started exposing our innovation and our thinking in the SOC, and we would like to delve a little bit deeper. For more information, You can visit McAfee.com/Activate.
SOCs give dedicated resources for incident investigation, detection, and final response. For much of the past decade, the SOC has revolved around only a single particular tool, the Event Manager and Security Incident (or SIEM). The SIEM was used to retain and collect log data, to correlate events and generate a major amount of alerts, to monitor, to investigate, to report, and to respond. In many of the ways, the Event Manager and Security Incident has been the SOC.
However, in the past couple of years, McAfee technologies have seen extensive innovation in the center of security operations. This latest innovation is being fueled by an industry-wide acceptance of the majorly increased importance of security operations, powerful technical innovations (machine learning, analytics), and the ever-evolving landscape of the security. The quite old ways of doing things are no longer quite sufficient to handle increasingly attacks that are quite sophisticated. We require to do something different.
McAfee technologies believe this next generation SOC will be open, modular, and completely content-driven.
And automated. Integration of data, machine learning and analytics are the foundations of the advanced SOC.
The reason for this is quite simple, i.e. increased volume. In the past two years, organizations polled in a survey of McAfee said the amount of data and information they collect to support activities of cybersecurity has increased substantially (28%) or somewhat about a little more(49%). There are some important clues in all that information or data, but the different and new attacks get lost in the noise. Individual alerts are not especially quite meaningful – context, patterns, and correlations are generally required to determine potential importance, and these constructs need analytics – at high sophistication and speed, with a model for always remaining up-to-date as threat patterns and actors change. We require all the machines to do more of the work, freeing all the humans to understand patterns that are business-specific, processes that are design efficient, and manage the policies that protect the risk posture of every organization.
The Security Incident and Event Manager remain a crucial part of the SOC. The use cases for Security Incident and Event Manager are fundamental and quite extensive to SOC success: data ingestion, threat monitoring, parsing, threat analysis, and incident response. The McAfee Security Incident and Event Manager are especially effective at correlations of high performance and real-time monitoring that are now quite mainstream for all the security operations. McAfee software program is pleased to announce that it has been recognized for the seventh consecutive time as a great leader in the Gartner Magic Quadrant for Event Management and Security Information. And McAfee is not stopping there — they are continuing to evolve their Security Incident and Event Manager with quite a high volume, open data pipeline that enables organizations to collect more data and information without breaking the bank.
A SOC that is quite advanced builds on a Security Incident and Event Manager to further optimize analytics, integrating information or data, and process several elements of infrastructure to facilitate interpretation, identification, and automation. An open and modular architecture helps teams of SOC add in the advanced inspection and analytics elements that take SOCs quite efficiently from initial alert triage through to active and scoping response.
Robert Williams is a self-professed security expert; he has been making the people aware of the security threats. His passion is to write about Cybersecurity, malware, social engineering, Games,internet and new media. He writes for mcafee products at mcafee.com/activate and www.mcafee.com/activate