Monday, 10 November 2014

IBM QRadar and McAfee Nitro SIEM FEATURES

IBM QRADAR AND MCAFEE NITRO ESM COMPARISON

IBM QRadar SIEM FEATURES
The QRadar Integrated Security Solutions (QRadar) Platform is an integrated set of products for collecting, analyzing, and managing enterprise Security Event information. The various components that are part of this Platform are:
  • QRadar Log Manager - log management solution for Event log collection & storage.
  • QRadar SIEM - Correlation engine

  • X-Force Threat Intelligence - Automatically feeds X-Force data into IBM QRadar Security Intelligence Platform analytics to provide deeper insight and greater protection. Provides vulnerability coverage across a wide range of use cases to optimize the value of additional threat intelligence.
  • Vulnerability Manager - Vulnerability scanner and management tool set available to integrate Event data to Vulnerability data. This provides on demand scans, rescans and vulnerability tracking.
  • QFlow - Network Behavior Analysis & Anomaly detection using network flow data. QFlow provides payload information (up to Layer 7) in every detected event which is a great value addition to Netflow data. 
  • vFlow - Application Layer monitoring for both Physical & Virtual environment.
  • Risk Manager - monitors network topology, switch, router, firewall and Intrusion Prevention System (IPS) configurations to reduce risk and increase compliance. It simulates network attacks and models configuration changes to assess their security impact.
  • Incident forensics - Investigate security incidents using packets captured from across an enterprise network. Simplify the query process with an Internet search engine-like interface.

McAfee Nitro ESM FEATURES
Enterprise Security Manager - McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status as well as a view of the systems, data, risks, and activities inside your enterprise.
  • Enterprise Log Manager (ELM) - Log Manager efficiently collects, compresses, and stores all log files.
  • Advanced Correlation Engine (ACE) - The Advanced Correlation Engine solution supplements Enterprise Security Manager Event correlation with two dedicated correlation engines and purpose-built performance:
·         A risk detection engine that generates a risk score using rule-less risk score correlation.
·         A threat detection engine that detects threats using traditional rule-based event correlation

  • Global Threat Intelligence (GTI) - McAfee Global Threat Intelligence constantly updated, rich feed for McAfee Enterprise Security Manager enhances situational awareness by enabling rapid discovery of events involving communications with suspicious or malicious IPs.

  • Vulnerability Manager - Vulnerability Manager with its McAfee Asset Manager feature, delivers unrivaled scalability and performance, actively or passively canvassing everything on your network. Now you can uncover devices hidden on your network as well as smartphones, tablets, and laptops that come and go between scheduled scans.
  • Asset Manager - McAfee Asset Manager uses passive and active scanning techniques to expand coverage to all devices at all times. This continuous asset monitoring integrates with industry-leading vulnerability scanning and incident management workflows to enable continuous asset compliance.
  • Application Data Monitor (ADM) - The Application Data Monitor appliance decodes an entire application session to Layer 7, providing a full analysis of everything from the underlying protocols and session integrity to the contents of the application itself (such as the text of an email or its attachments).
  • Database Event Monitor (DEM) - Database Event Monitor for SIEM delivers non-intrusive, detailed security logging of databases and applications, monitoring all access to sensitive corporate and customer data.
  • Risk Manager – McAfee risk management and security compliance help minimize risk, automate compliance, and optimize security.