IBM QRADAR AND MCAFEE NITRO ESM COMPARISON
IBM QRadar SIEM FEATURES
IBM QRadar SIEM FEATURES
The QRadar Integrated
Security Solutions (QRadar) Platform is an integrated set of products for
collecting, analyzing, and managing enterprise Security Event information. The
various components that are part of this Platform are:
- QRadar Log Manager - log management solution for Event log
collection & storage.
- QRadar SIEM - Correlation engine
- X-Force Threat Intelligence - Automatically
feeds X-Force data into IBM QRadar Security Intelligence Platform
analytics to provide deeper insight and greater protection. Provides
vulnerability coverage across a wide range of use cases to optimize the
value of additional threat intelligence.
- Vulnerability Manager - Vulnerability scanner and
management tool set available to integrate Event data to Vulnerability
data. This provides on demand scans, rescans and vulnerability tracking.
- QFlow - Network Behavior Analysis & Anomaly detection using network
flow data. QFlow provides payload information (up to Layer 7) in every
detected event which is a great value addition to Netflow data.
- vFlow - Application Layer monitoring for both Physical & Virtual
environment.
- Risk
Manager - monitors
network topology, switch, router, firewall and Intrusion Prevention System
(IPS) configurations to reduce risk and increase compliance. It simulates
network attacks and models configuration changes to assess their security
impact.
- Incident
forensics - Investigate
security incidents using packets captured from across an enterprise
network. Simplify the query process with an Internet search engine-like
interface.
McAfee Nitro ESM FEATURES
Enterprise Security Manager
- McAfee
Enterprise Security Manager delivers a real-time understanding of the world
outside—threat data, reputation feeds, and vulnerability status as well as a
view of the systems, data, risks, and activities inside your enterprise.
- Enterprise Log Manager (ELM) - Log Manager efficiently collects, compresses, and stores all log
files.
- Advanced Correlation Engine (ACE) - The Advanced Correlation Engine solution supplements Enterprise
Security Manager Event correlation with two dedicated correlation engines
and purpose-built performance:
·
A risk detection engine that generates a
risk score using rule-less risk score correlation.
·
A threat detection engine that detects threats using traditional
rule-based event correlation
- Global Threat Intelligence (GTI) - McAfee
Global Threat Intelligence constantly updated, rich feed for McAfee
Enterprise Security Manager enhances situational awareness by enabling
rapid discovery of events involving communications with suspicious or
malicious IPs.
- Vulnerability Manager -
Vulnerability Manager with its McAfee
Asset Manager feature, delivers unrivaled scalability and
performance, actively or passively canvassing everything on your network.
Now you can uncover devices hidden on your network as well as smartphones,
tablets, and laptops that come and go between scheduled scans.
- Asset Manager - McAfee
Asset Manager uses passive and active scanning techniques to expand
coverage to all devices at all times. This continuous asset monitoring
integrates with industry-leading vulnerability scanning and incident
management workflows to enable continuous asset compliance.
- Application Data Monitor (ADM) - The Application
Data Monitor appliance decodes an entire application session to Layer 7, providing
a full analysis of everything from the underlying protocols and session
integrity to the contents of the application itself (such as the text of
an email or its attachments).
- Database Event Monitor (DEM) - Database
Event Monitor for SIEM delivers non-intrusive, detailed security logging
of databases and applications, monitoring all access to sensitive
corporate and customer data.
- Risk Manager – McAfee
risk management and security compliance help minimize risk, automate
compliance, and optimize security.