According to McAfee’s Cloud Adoption & Risk Report – Work-from-Home Edition, which looked at cloud security trends during the COVID-19 pandemic, external attacks on cloud accounts grew 630 percent and the overall enterprise use of cloud services increased by 50 percent. These attacks come from constantly evolving threats hiding behind normal enterprise activity. Security Information Event Management (SIEM) solutions need to be able to identify and defend against attacks within an ever-increasing volume of events, sophistication of threats and cloud infrastructures.
“Today’s SecOps teams face a multitude of issues, including the need to take on new efforts such as digital transformation, the convergence of internet technology and operation technology, and the sudden shift to remote working,” said Anand Ramanathan, vice president of enterprise products, McAfee. “ESM Cloud helps McAfee take its next step towards XDR functionality with highly scalable event collection, normalisation, enrichment and analytics, along with customisable dashboards and reporting, so customers can rapidly reduce the signal to noise ratio and prioritise detected threats in hours as opposed to days.”
McAfee ESM Cloud frees customers from the burden of SIEM hardware maintenance, hardware refresh lifecycles, and software updates and hotfixes, allowing organisations to stay focused on their security operations. McAfee ESM Cloud offers:
· Automatic installation—the system comes installed and ready to ingest customers data from day one. ESM Cloud uses real-time advanced analytics and rich context to detect and prioritise threats, along with out-of-the-box support for 100’s of data sources.
· Time to value—accelerates time to value for SecOps centres with pre-built, use-case focused content packs, which provide fully operational dashboard, reports, watchlists and alarms
· Continuous Improvement—McAfee handles all updates to ESM Cloud, so that customers are free from the burden of software updates and upgrades
· Consistent Performance - the performance customers experience on day one will be consistent even as their SecOps requirements grow
· Scalability—removes the dependence on data centres. Customers can increase their capacity and compute power with a few clicks of the mouse.
· Open Platform—provides a flexible platform for third party integration, security incident response and threat containment