McAfee Advanced Correlation Engine
Deploy McAfee Advanced Correlation Engine with McAfee Enterprise Security Manager to identify and score threat events in real time, using both rule- and risk-based logic.
- Customize McAfee Advanced Correlation Engine to receive notifications if specific users, groups, applications, servers, or subnets are threatened.
- Get alerts if threats target your priority users, assets, applications, and activities.
- Simplify event correlation and startup. No rule updates or signature tuning required.
- Use audit trails and historical replays to support forensics, compliance, and rule tuning.
Find threats that defy rules-based detection
Real-time and historical threat detection
Get zero-day threat detection. Analyze events for immediate threat and risk detection to determine if your organization was exposed to a specific attack in the past.
Dedicate performance where it is needed
McAfee Advanced Correlation Engine has the processing power required to support rich event correlation across your entire enterprise. Its data engine scales to accommodate even the largest networks.
Rule-based event correlation
Correlate all logs, events, and network flows together—along with contextual information such as identity, roles, vulnerabilities, and more—to detect patterns indicative of a larger threat.
Risk score correlation without rules
In rule-less correlation systems, detection signatures are replaced with a simple, one-time configuration, providing real-time threat detection.
Real-time tracking and alerting
Keep a complete audit trail of risk scores to allow full analysis and investigation of threat conditions over time.
McAfee Advanced Correlation Engine can be deployed as a physical or virtual appliance. Specific McAfee Advanced Correlation Engine models require McAfee Enterprise Security Manager (ESM). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed, or implied.
|Model Numbers||Maximum EPS||Appliance Size||Local Storage||Network Interfaces (10/100/1000)||System Requirements|
|ACE-VM-12||30,000||VM||Recommended 250GB+480GB SSD||VM (AWS, ESX, KVM)||12 processor cores, 4GB of memory|
|ACE-VM-32||80,000||VM||Recommended 500GB+480GB SSD||VM (AWS, ESX, KVM)||32 processor cores, 64GB of memory|
|ACE-3450||100,000||2U||1.8TB+480GB SSD||2||Requires ESM|
As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.