Solution Brief

Unified Endpoint and Network Security and Compliance

Actionable intelligence for your entire infrastructure NitroSecuritys NitroView security information and event management (SIEM) system extends the visibility of McAfee ePolicy Orchestrator (McAfee ePO) software beyond endpoints to events, flows, and logs from third-party security devices, network equipment, databases, and applications. The integrated McAfee ePO-NitroView platform monitors, analyzes, and reports on the entire IT infrastructurefrom desktop to database and from user to application. McAfee ePO data can be isolated or combined with other IT log, event, geo-location, or flow data in NitroView for comprehensive situational awareness that supports integrated security monitoring, compliance, threat detection, and incident response.
The Business Problem Today, sensitive information is at greater risk than ever before from cybercrime perpetrators who are using more sophisticated attack techniques. Security breaches are far more expensive and damaging now than ever before. And compliance regulations are rapidly evolving, imposing more severe penalties for noncompliance and often requiring years of information storage with near-instant access by auditors. How do you meet these challenges cost effectively and with operational simplicity? How do you collect and analyze all of the required data from all of your systems, provide the granularity of information required to identify and remediate security threats, and not be overwhelmed with millions of data items per hour (or even per minute)? How can you respond to security threats in real time before the damage is done? And how can you secure the organization, meet compliance mandates, and align security with business policy with a shrinking budget and staff? The Solution NitroView integrates SIEM, log management, and database and application data monitoring into a single, cohesive solution using a patented high-speed data management and analysis engine to optimize the breadth of analysis while reducing the mean time to remediate (MTTR) from hours to just seconds. Integrating NitroView and McAfee ePO software provides seamless, two-way transfer of data between both systems (with no additional overhead to McAfee ePO software) and leverages the industry-leading strengths of both solutions. The result is greater visibility into all of the relevant aspects of your information infrastructure:
New

McAfee Compatible Solution NitroSecurity NitroView v8.3x andMcAfee ePolicy Orchestrator 4.0and 4.5.

levels of flexibility to visualize and analyze McAfee ePO data threat detection capabilities to prevent data loss fast forensic and incident response accurate and complete compliance reports

Optimal Highly

Extremely

Instead of deploying multiple solutionslog management, event management, application data monitoring, database activity monitoring, user activity monitoring, and compliance validation

Solution Brief

Unified Endpoint and Network Security and Compliance

NitroView consolidates all these capabilities into a single, tightly integrated security, forensic, and compliance management solution. It provides a single pane of glass interface for administration, policy, analysis, reporting, and alerting, creating operational simplicity and efficiency. McAfee ePO log data is available in custom NitroView reports and context-sensitive dashboards for data analysis and correlation, baselining and trending, and real-time queries. Data can be stored for months or years for future analysis, reporting, and remediation. NitroView provides granular, real-time drill-down into the individual data in each record in seconds, even with years of stored data.

NitroView

McAfee ePO

Network Activity

Event Logs

Network Intrusions

Database Activity

Application Content

User Activity

Figure 1. McAfee-NitroSecurity integration overview.

Benefits Together, McAfee ePO software and NitroView enable comprehensive threat tracking:
By

time and place of exploit (firewall, intrusion prevention system, or router) every switch or router in the network infrastructure a desktop or server (including failed logon attempts and successes) a database (including the number of records and the records accessed)

Through To To By

what is done with stolen data and when (for example, data might be copied to a Microsoft Word document or spreadsheet and emailed with a personal email account) threats occur, with the ability to see in seconds when this set of events has occurred in the past

As

About NitroSecurity NitroSecurity is a leader in high-performance, content-aware security information and compliance management solutions. NitroSecuritys integrated NitroView SIEM solutions provide a single pane of glass visibility into events and logs and monitors networks, databases, and application payload information. Utilizing the industrys fastest analytical tools, NitroSecurity identifies, correlates, and remediates threats in minutes instead of hours, making organizations more secure and efficient. About McAfee ePolicy Orchestrator Software McAfee ePO software is the industry-leading security and compliance management platform. With itssingle agent and single-console architecture, McAfee ePO software provides intelligent protection that is automated and actionable, enabling organizations to reduce costs and improve threat protection and compliance.
McAfee 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee, the McAfee logo, McAfee ePolicy Orchestrator, and McAfee ePO are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2011 McAfee, Inc. 36401brf_nitro-security_1011_fnl_ETMG