Specification Sheet McAfee SIEM Appliances

Product Recommended Appliance Network Interfaces System

Solution Description Model Number Storage**
EPS Capacity* Size (10/100/1000) Requirements
ESM, ELM, ERC Provides SIEM, Log Management, and ELU8 1000 VM Recommended 250GB VM VMware ESX/ESXi Server v.5.x + 8 Processor Cores, 4GB of Memory
Network Analysis functions. Includes McAfee ELU12 5000 VM Recommended 500GB + 480GB SSD*** VM VMware ESX/ESXi Server v.5.x + 12 Processor Cores, 64GB of Memory
“All-In-One” / ETM-ELM Event Receiver. Provides compliant Log ETM4600-ELM, ERC 1200 2U 3TB + 480GB SSD*** 2 N/A
Management and collects data for correlation ETM5600-ELM, ERC 3000 2U 8TB + 480GB SSD*** 2 N/A
and analysis by McAfee Enterprise Security ETM6000-ELM, ERC 6000 2U 14TB + 480GB SSD*** 2 N/A
Manager.

Enterprise Security McAfee Enterprise Security Manager, ENU8 1500 VM Recommended 250GB VM VMware ESX/ESXi Server v.5.x + 8 Processor Cores, 4GB of Memory
provides Log Analysis, SIEM and Network ENU12 40,000 VM Recommended 500GB + 480GB SSD*** VM VMware ESX/ESXi Server v.5.x + 12 Processor Cores, 64GB of Memory
Manager (ESM)
Analysis functions. ENU32 85,000 VM Recommended 2TB + 800GB SSD*** VM VMware ESX/ESXi Server v.5.x + 32 Processor Cores, 96GB of Memory
ETM5600 60,000 2U 8TB + 480GB SSD*** 2 N/A
ETM6000 84,000 2U 14TB + 480GB SSD*** 2 N/A
ETMX4 180,000 2U 14TB + 800GB SSD*** 2 N/A
ETMX6 360,000 2U 14TB +3.2TB SSD*** 2 N/A

Enterprise Log McAfee Enterprise Log Manager, provides ELM8 1500 VM Recommended 250GB VM VMware ESX/ESXi Server v.5.x + 8 Processor Cores, 4GB of Memory
Manager (ELM) Compliant Log Management functions. ELM12 30,000 VM Recommended 500GB + 240GB SSD*** VM VMware ESX/ESXi Server v.5.x + 12 Processor Cores, 64GB of Memory
Requires an ESM and ERC. ELM32 70,000 VM Recommended 2TB + 480GB SSD*** VM VMware ESX/ESXi Server v.5.x + 32 Processor Cores, 96GB of Memory
ELM4600 48,000 2U 3TB 2 Requires an ESM and ERC
ELM5600 60,000 2U 8TB + 240GB SSD*** 2 Requires an ESM and ERC
ELM6000 90,000 2U 14TB + 240GB SSD*** 2 Requires an ESM and ERC

Direct Attached McAfee Direct Attached Storage, provides DAS-50 N/A 4U 50TB N/A Only for ESM, ELM, ETM-ELM
Storage (DAS) high performance storage array for ESM DAS-100 N/A 4U 90TB N/A Only for ESM, ELM, ETM-ELM
and/or ELM, redundant architecture with
RAID controller, mirrored cache, and IO
multi-pathing.

Event Receiver (ERC) McAfee Event Receiver, collects 3rd party EV8 500 VM Recommended 250GB VM VMware ESX/ESXi Server v.5.x + 8 Processor Cores, 4GB of Memory
logs, events and flow data for correlation and EV12 5000 VM Recommended 500GB VM VMware ESX/ESXi Server v.5.x + 12 Processor Cores, 64GB of Memory
analysis by McAfee Enterprise Security EV32 15,000 VM Recommended 2TB + 480GB SSD*** VM VMware ESX/ESXi Server v.5.x + 32 Processor Cores, 96GB of Memory
Manager. ERC1260 6000 1U 1TB 2 + HA Ports Requires an ESM
ERC2600 12,000 2U 1.8TB 2 + HA Ports Requires an ESM
ERC3450 18,000 2U 1.8TB + 240GB SSD*** 2 + HA Ports Requires an ESM
ERC4600 24,000 2U 3TB + 480GB SSD*** 2 + HA Ports Requires an ESM

Event Receiver with McAfee Enterprise Log Manager and Event ELMERCVM8 1500 VM Recommended 250GB VM VMware ESX/ESXi Server v.5.x + 8 Processor Cores, 4GB of Memory
ELM Receiver, provides compliant Log ELMERCVM12 5000 VM Recommended 500GB VM VMware ESX/ESXi Server v.5.x + 12 Processor Cores, 64GB of Memory
Management and collects data for correlation ERC2600-ELM 6000 2U 1.8TB 2 Requires an ESM
(ELM-ERC) and analysis by McAfee ESM. ERC3450-ELM 9600 2U 1.8TB + 240GB SSD*** 2 Requires an ESM
ERC4600-ELM 12,000 2U 3TB + 480GB SSD*** 2 Requires an ESM

Advanced Provides McAfee RSC and Enterprise ACV12 <30000 VM Recommended 250GB + 480GB SSD*** VM VMware ESX/ESXi Server v.5.x + 12 Processor Cores, 4GB of Memory
Correlation Engine correlation - identify and score threat events ACV32 <80,000 VM Recommended 500G + 480GB SSD*** VM VMware ESX/ESXi Server v.5.x + 32 Processor Cores, 64GB of Memory
in real time or historical mode, using both ACE2600 <50,000 2U 1.8TB 2 Requires an ESM or ETM-ELM
(ACE)
rule- and risk-based logic, for McAfee ACE3450 <100,000 2U 1.8TB + 480GB SSD*** 2 Requires an ESM or ETM-ELM
Enterprise Security Manager.

Application Data McAfee Application Data Monitor decodes an APM8 250 Mbps VM Recommended 250GB VM VMware ESX/ESXi Server v.5.x + 8 Processor Cores, 4GB of Memory
Monitor (ADM) application session to Layer 7, providing APM12 500 Mbps VM Recommended 500GB + 240GB SSD*** VM VMware ESX/ESXi Server v.5.x + 12 Processor Cores, 64GB of Memory
analysis of everything from the protocols and APM1260 500 Mbps 1U 1TB 2 + 4 Monitoring Ports Requires an ESM or ETM-ELM
session integrity to the contents of the APM3460 1 Gbps 2U 1.8TB + 240GB SSD*** 2 + 4 Monitoring Ports Requires an ESM or ETM-ELM
application itself (such as the text of an email
or its attachments).

Database Event McAfee Database Event Monitor delivers DSM-2600 5000 2U 1.8TB 2 + 4 Monitoring Ports Requires an ESM or ETM-ELM
Monitor (DEM) non-intrusive, detailed security logging of DSM-4600 15,000 2U 3TB 2 + 8 Monitoring Ports Requires an ESM or ETM-ELM
databases and applications, monitoring all
access to sensitive corporate and customer
data.

*Based on typical network environments using average event and flow aggregation. **Represents usable event and flow storage at 100 IOPS, after RAID configuration. ***Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
McAfee SIEM appliance specifications and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, expressed or implied.