Truly Enhance Your Cyber Security Infrastructure
Infomercials are infamous for claiming that their product will replace all other prior products you have, and that it will be the last ones you'll ever need.
Most people, however, react with an eye roll. Along with many government customers, I certainly roll my eyes when I hear the same thing from the latest 'hot' security vendor. So it's refreshing when you find a company and product that aims to actually improve the effectiveness and efficiency of what you have.
McAfee has embraced such a company as a partner in its SIA program. For various reasons, DLP has not been deployed as much as many would expect in the federal government. One of the reasons is that DLP tends to identify threats or violations in overflow.
The data is so immense and difficult to sift through, they'd rather turn it off and find a more precise way to identify threats. While some have claimed this is akin to closing your eyes and pretending the threat isn't there, I think there is some valid resistance that needs to be addressed.
There is already an insufficient supply of cyber warriors inside today's federal agencies. Throw this overload of new alerts at them and it will only make finding the hacker needle in the network haystack even harder.
But there is a solution. I just posted a solution brief jointly produced by McAfee and Securonix that explains how McAfee DLP with Securonix can help prevent the flood of new alerts from drowning the overworked, over stressed cyber warrior.
In fact, it can take data from your IAM, SIEM, NGFW/IPS and more and alleviate some of the alert mania that exists today. The end result will be less to sift through even after adding the DLP alerts. Now that's ROI.
And here's the kicker. Securonix can feed back into your favorite next-gen SIEM too, which McAfee's Enterprise Security Manager (ESM) handles expertly.
Now the cyber warrior can send data from the SIEM console to Securonix and get back actionable intelligence right inside the SIEM, without leaving it. And as mentioned above, it can be data from all kinds of sources. It baselines activity of all this input against both a single user over time and, more impressively, groups of users that have similar functions. The groups can be defined from Active Directory OUs, HR database titles, custom defined groups and more. Once it has all this information it can identify both outliers within a specific group and outlier of access within a specific group.
This is a true insider threat and account take over identification. And it's impressive.
If you'd like to know more about this product, go to our Solution Brief section in our resources and download 'Intelligent DLP.pdf.'