McAfee Enterprise Security Manager (McAfee ESM) Review

The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available.


Valuable Features

The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use.

Improvements to My Organization

It's easy to create reports for compliance and for detecting different kinds of attacks and breaches through correlations. This makes the client devices to be more secure.

Room for Improvement

The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use.

Use of Solution

I've used it for two-and-a-half years.

Deployment Issues

The disk space sizing is very hard and when the version was updated to 9.4 the space needed to store events was cut by half, making it harder to explain to clients who now needed twice as much disk space, with no explanation from the vendor what happened. This was not even in the release notes.

I suggest that you configure the data archive prior to deployment because once the partition is detached, it will be deleted and you can lose a weeks-worth of events. You don't know when it will be deleted because even with a lot of space disk the partition is detached.

Stability Issues

There have been no issues with the stability.

Scalability Issues

There have been no issues scaling.

Customer Service and Technical Support

Customer Service:

I give customer service a 7 out of 10.

Technical Support:

I give technical support a 7 out of 10.

Previous Solutions

We used HP ArcSight, IBM Q1 Labs, Splunk, and we chose McAfee Enterprise Security Manager because it’s very easy to deploy.

Initial Setup

The initial setup is simple and descriptive. It was very straightforward.

Implementation Team

We implemented it with our in-house team.

ROI

The in-house sales team said McAfee has the best ROI on the market.

Pricing, Setup Cost and Licensing

You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points.

Other Advice

Multiple dashboards already created
More than 200 correlation rules created and available to use on the Correlation Engine
Multiple reports already created, ready to use or you can edit them
Disclosure: My company has a business relationship with this vendor other than being a customer: We're partners.
Add a Comment
Guest

Sign Up with Email