McAfee Advanced Correlation Engine

Sophisticated, dedicated threat detection based on risk and real-time data

Deploy McAfee Advanced Correlation Engine with McAfee Enterprise Security Manager to identify and score threat events in real time, using both rule- and risk-based logic.

  • Customize McAfee Advanced Correlation Engine to receive notifications if specific users, groups, applications, servers, or subnets are threatened.
  • Get alerts if threats target your priority users, assets, applications, and activities.
  • Simplify event correlation and startup. No rule updates or signature tuning required.
  • Use audit trails and historical replays to support forensics, compliance, and rule tuning.

Find threats that defy rules-based detection

Real-time and historical threat detection

Get zero-day threat detection. Analyze events for immediate threat and risk detection to determine if your organization was exposed to a specific attack in the past.

Dedicate performance where it is needed

McAfee Advanced Correlation Engine has the processing power required to support rich event correlation across your entire enterprise. Its data engine scales to accommodate even the largest networks.

Rule-based event correlation

Correlate all logs, events, and network flows together—along with contextual information such as identity, roles, vulnerabilities, and more—to detect patterns indicative of a larger threat.

Risk score correlation without rules

In rule-less correlation systems, detection signatures are replaced with a simple, one-time configuration, providing real-time threat detection.

Real-time tracking and alerting

Keep a complete audit trail of risk scores to allow full analysis and investigation of threat conditions over time.


Resources


System Requirements

McAfee Advanced Correlation Engine can be deployed as a physical or virtual appliance. Specific McAfee Advanced Correlation Engine models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed, or implied.

Model Numbers Maximum EPS Appliance Size Local Storage Network Interfaces (10/100/1000) System Requirements
ACE-VM-12 30,000 VM Recommended 250GB+480GB SSD VM (AWS, ESX, KVM) 12 processor cores, 4GB of memory
ACE-VM-32 80,000 VM Recommended 500GB+480GB SSD VM (AWS, ESX, KVM) 32 processor cores, 64GB of memory
ACE-2600 50,000 2U 1.8TB 2 Requires ESM
ACE-3450 100,000 2U 1.8TB+480GB SSD 2 Requires ESM

Related Products

McAfee Enterprise Security Manager, the core product in our SIEM portfolio, seamlessly integrates with our other SIEM solutions, offering deeper insights in data management, advanced correlation, dedicated database and application monitoring, as well as McAfee Global Threat Intelligence.

McAfee Enterprise Security Manager

McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.

As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.
 
McAfee Advanced Correlation Engine

McAfee Advanced Correlation Engine

Deploy McAfee Advanced Correlation Engine with McAfee Enterprise Security Manager to identify and score threat events in real time using both rule- and risk-based logic. You tell McAfee Advanced Correlation Engine what you value—users or groups, applications, specific servers, or subnets—and it will alert you if the asset is threatened.

Read more

McAfee Application Data Monitor

McAfee Application Data Monitor

Advance security and compliance beyond log management by monitoring all the way to the application layer to detect fraud, data loss, and advanced threats. This SIEM tool supports accurate analysis of real application use, while enforcing policies and detecting malicious, covert traffic.

Read more

McAfee Database Event Monitor for SIEM

McAfee Database Event Monitor for SIEM

Get a complete audit trail of all database activities, including queries, results, authentication activity, and privilege escalations, widening your visibility into who’s accessing your data and why.

Read more

McAfee Event Receiver

McAfee Event Receiver

Collect up to tens of thousands of events per second with a single receiver, and use a highly indexed database to quickly retrieve data and analysis.

Read more

McAfee Enterprise Log Manager

McAfee Enterprise Log Manager

Reduce compliance costs with automated log collection, storage, and management. Collect, compress, sign, and store all original events with a clear audit trail of activity that can’t be repudiated.

Read more

McAfee Global Threat Intelligence for Enterprise Security Manager

McAfee Global Threat Intelligence for Enterprise Security Manager

Enhance your SIEM deployment with a constantly updated threat intelligence feed that broadens situational awareness by enabling rapid discovery of events involving communications with suspicious or malicious IPs.

Read more