McAfee Frees Customers From Hardware With Cloud SIEM Tool

‘Given that SIEM ingests a tremendous amount of data, customers are looking for more scalability and elasticity as they leverage cloud services to their benefit,’ says McAfee’s Anand Ramanathan.


McAfee has extended its longstanding Security Information and Event Management (SIEM) capabilities into the cloud to simplify onboarding and ongoing management for customers.

The Santa Clara, Calif.-based platform security vendor said McAfee Enterprise Security Manager (ESM) Cloud will free customers up from infrastructure management, allowing them to focus solely on security use cases, according to Anand Ramanathan, vice president of enterprise products. The tool builds off the on-premise version of McAfee’s ESM offering, which he said has been around for more than a decade.

“There’s a tendency for all our customers to leverage cloud solutions for manageability,” Ramanathan told CRN. “Given that SIEM ingests a tremendous amount of data, customers are looking for more scalability and elasticity as they leverage cloud services to their benefit.”

Sponsored post

[Related: McAfee Snags Ex-Apple Sales Exec To Be Global Channel Chief]

McAfee traditionally sold its ESM offering as an hardware or virtual appliance that required a large, upfront payment for purchase and much smaller payments in subsequent years for ongoing support, according to Lana Knop, vice president of product management.

But McAfee ESM Cloud is being sold as a one-year or three-year subscription, which Knop said will allow customers to space their payments out more evenly over a longer period. McAfee ESM Cloud is packaged at three different sizes designed to accommodate up to one year of event data: the small package costs $261,000; the medium package costs $559,000; and the large package costs $924,000.

McAfee will continue offering an on-premise version of its ESM so that customers can satisfy regulatory requirements in certain verticals, Ramanathan said. A cloud-based version of ESM should appeal to customers who have installed other McAfee products but aren’t currently using the vendor for SIEM, according to Ramanathan.

Ramanathan said McAfee’s ability to take care of operational management and service monitoring on behalf of customers with ESM Cloud will free up client security analysts to focus on security events. Today, security analysts using the on-premise version of McAfee ESM have to spend some time dealing with administrative tasks, according to Knop.

It typically took McAfee at least two or three days to set a customer up with the on-premise version of its ESM offering, Knop said. But McAfee ESM Cloud has designed a seamless operational flow on the backend so that customers can be up and running in less than two hours, according to Knop.

Several McAfee managed security partners currently host an on-premise version of ESM in their data center, Ramanathan said. ESM Cloud will allow these partners to shift the infrastructure management responsibilities over to McAfee while still retaining control over data flows, fine-tuning the rules, and responding to alerts and incidents, according to Ramanathan.

Freeing partners up from ongoing management will allow them to focus more on the security use cases, allowing them to sell McAfee’s SIEM offering to more customers and maximize their revenue opportunities, Ramanathan said.

From a metrics standpoint, Knop said McAfee plans to track the onboarding of customers, particularly around coverting on-premise SIEM clients to cloud clients as well as cross-selling to existing customers of other McAfee technologies. There will also be performance monitoring of McAfee ESM Cloud itself to ensure operational reliability, performance and scalability, according to Knop.

“This is part of the overall McAfee transformation to the cloud,” Ramanathan said. “As a continuation of that journey, we are now also offering ESM in the cloud.”