McAfee brings ML to Enterprise Security

By Jyoti Nigania |Email | Mar 27, 2018 | 11091 Views

Cyber security company McAfee is announcing an expanded product portfolio that evolves security operations capabilities and allows for rapid response to today's threats.

McAfee's updated Enterprise Security Manager uses a new data architecture optimized for scalability, performance, faster search, and collaboration. This is combined with the newly launched McAfee Behavioral Analytics, and enhanced McAfee Investigator, McAfee Advanced Threat Defense, and McAfee Active Response. All of this is aimed at helping security operation teams to optimize their security infrastructure, leverage automation, improve detection, streamline workflows, and harness the power of human-machine teaming to improve response time and overall security outcomes.

"With companies struggling to keep up with the current threat landscape, the need for human-machine teaming has never been greater." Given the difficulty in finding skilled resources, enterprises need advanced analytics- and machine learning-powered solutions to augment the people they have. By combining the strength and speed of these new solutions with the power of human intellect, security operations teams become faster, smarter, more effective, and more efficient.

McAfee ESM 11 uses an open and scalable data bus architecture that shares huge volumes of raw, parsed and correlated security events to allow threat hunters to easily search recent events, reliably retain data for compliance and forensics, and enable data-hungry analytics applications. It also allows for flexible horizontal expansion with active-active high availability, allowing organizations to rapidly query billions of events. Additional McAfee ESM appliances or virtual machines can be added at any point to add ingestion, query performance and redundancy.

McAfee Behavioral Analytics uses machine learning to discover new and unusual high-risk security threats without requiring extensive configuration or knowledge. It can distill billions of security events down to hundreds of anomalies to produce a handful of prioritized threat leads. The Investigator tool uses an activity feed that shares data with open source and third-party tools to streamline workflows and improve collaboration.