One of the more uncomfortable realities of IT security today is that it’s not so much about prevention as much as it is remediating the inevitable security breach.
Security vendors across the board are starting to recognize this, the latest of which is McAfee. The company has released an upgrade to its ePO security management system that allows security administrators to query thousands of assets across their enterprise in seconds.
Gretchen Hellman, director of product marketing for SIEM at McAfee, says McAfee Real-Time for ePo not only gives IT organizations access to more predictive analytics than ever, it provides insights into the overall incident response process.
That analytics capability has now also been tightly integrated with a new version of McAfee Enterprise Security Manager, which is the security information event management (SIEM) platform that McAfee gained with its acquisition of NitroSecurity in 2011.
Hellman says that what differentiates McAfee’s approach to SIEM most is a correlation engine that allows the SIEM to better understand the overall IT environment, resulting in not only fewer false positives over time but also better identification of risks to the business that are based on the actual business value of any given system or application. In fact, with this release Hellman contends that SIEM is transforming from being passive monitoring into an automated incident response platform that can automatically send policy commands to McAfee software and integrated partner solutions.
A lot of IT organizations are suffering from security fatigue that results directly from having to constantly defend against an ever-increasing number of sophisticated attacks. The only way to overcome that fatigue is to rely on more automation to manage the security process. At the rate things are going, most IT organizations should be coming to that conclusion shortly.