McAfee's ESM collects and provides situational awareness of the enterprise by actively looking for behavior that could indicate an attack in progress. Within minutes, it then delivers not only the information that defines the attack but the suggested response. Critically, it can also access the systems that need to be adjusted to stop the attack. Instead of putting a target on the CIO's back, ESM instead provides the tools to turn the hacker into the target and eliminate the attack.
With Good SIEM Tools, It's All About Remediation
The company using an old-school SIEM product reminds me of the patient whose doctor provides a comprehensive list of all the things wrong with him, then pats him on the head and say "Good luck!" without discussing how to lower his blood pressure, lose weight and so on. Most companies already know they have a lot of exposures they don't have the funding to correct. What they need to know is which ones are being exploited and what tools to use to stop the attack.
This is far from the end-game. Future tools will likely not only provide the comprehensive exposures but an automated process to eliminate them before they can even attack. Until then, McAfee's ESM offering appears to be best in class and well worth checking out.
The lasting lesson: Just as backup should be mostly about recovery, SIEM should be mostly about remediation. That's the process that justifies the purchase.
Sign up for CIO Asia eNewsletters.