Solution Brief

McAfee Compatible Solution

NitroSecurity NitroView v8.3x and McAfee ePolicy Orchestrator 4.0 and 4.5.

Unified Endpoint and Network Security and ComplianceActionable intelligence for your entire infrastructure

NitroSecurity’s NitroView security information and event management (SIEM) system extends the visibility of McAfee® ePolicy Orchestrator® (McAfee ePO™) software beyond endpoints to events, flows, and logs from third-party security devices, network equipment, databases, and applications. The integrated McAfee ePO-NitroView platform monitors, analyzes, and reports on the entire IT infrastructure—from desktop to database and from user to application. McAfee ePO data can be isolated or combined with other IT log, event, geo-location, or flow data in NitroView for comprehensive situational awareness that supports integrated security monitoring, compliance, threat detection, and incident response.

The Business ProblemToday, sensitive information is at greater risk than ever before from cybercrime perpetrators who are using more sophisticated attack techniques. Security breaches are far more expensive and damaging now than ever before. And compliance regulations are rapidly evolving, imposing more severe penalties for noncompliance and often requiring years of information storage with near-instant access by auditors.

How do you meet these challenges cost effectively and with operational simplicity? How do you collect and analyze all of the required data from all of your systems, provide the granularity of information required to identify and remediate security threats, and not be overwhelmed with millions of data items per hour (or even per minute)? How can you respond to security threats in real time before the damage is done? And how can you secure the organization, meet compliance mandates, and align security with business policy with a shrinking budget and staff?

The SolutionNitroView integrates SIEM, log management, and database and application data monitoring into a single, cohesive solution using a patented high-speed data management and analysis engine to optimize the breadth of analysis while reducing the mean time to remediate (MTTR) from hours to just seconds. Integrating NitroView and McAfee ePO software provides seamless, two-way transfer of data between both systems (with no additional overhead to McAfee ePO software) and leverages the industry-leading strengths of both solutions.

The result is greater visibility into all of the relevant aspects of your information infrastructure:

•New levels of flexibility to visualize and analyze McAfee ePO data•Optimal threat detection capabilities to prevent data loss•Highly accurate and complete compliance reports•Extremely fast forensic and incident response

Instead of deploying multiple solutions—log management, event management, application data monitoring, database activity monitoring, user activity monitoring, and compliance validation—

McAfee, the McAfee logo, McAfee ePolicy Orchestrator, and McAfee ePO are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright © 2011 McAfee, Inc. 36401brf_nitro-security_1011_fnl_ETMG

McAfee 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com

NitroView consolidates all these capabilities into a single, tightly integrated security, forensic, and compliance management solution.

It provides a “single pane of glass” interface for administration, policy, analysis, reporting, and alerting, creating operational simplicity and efficiency. McAfee ePO log data is available in custom NitroView reports and context-sensitive dashboards for data analysis and correlation, baselining and trending, and real-time queries. Data can be stored for months or years for future analysis, reporting, and remediation. NitroView provides granular, real-time drill-down into the individual data in each record in seconds, even with years of stored data.

NitroView McAfee ePO

Network Intrusions

User Activity

Event Logs

Application Content

Network Activity

Database Activity

Figure 1. McAfee-NitroSecurity integration overview.

BenefitsTogether, McAfee ePO software and NitroView enable comprehensive threat tracking:

•By time and place of exploit (firewall, intrusion prevention system, or router) •Through every switch or router in the network infrastructure •To a desktop or server (including failed logon attempts and successes)•To a database (including the number of records and the records accessed)•By what is done with stolen data and when (for example, data might be copied to a Microsoft Word

document or spreadsheet and emailed with a personal email account)•As threats occur, with the ability to see in seconds when this set of events has occurred in the past

About NitroSecurityNitroSecurity is a leader in high-performance, content-aware security information and compliance management solutions. NitroSecurity’s integrated NitroView SIEM solutions provide a “single pane of glass” visibility into events and logs and monitors networks, databases, and application payload information. Utilizing the industry’s fastest analytical tools, NitroSecurity identifies, correlates, and remediates threats in minutes instead of hours, making organizations more secure and efficient.

About McAfee ePolicy Orchestrator SoftwareMcAfee ePO software is the industry-leading security and compliance management platform. With its single agent and single-console architecture, McAfee ePO software provides intelligent protection that is automated and actionable, enabling organizations to reduce costs and improve threat protection and compliance.

Solution Brief Unified Endpoint and Network Security and Compliance