McAfee ESM Review

Easy to implement and user-friendly with an easy notification system, but needs better performance, better threat intelligence, and advanced features

What is our primary use case?

We use it for malware detection and authentication or login failures.

How has it helped my organization?

It hasn't been helpful. McAfee is not investing much in this solution to improve it. It cannot cope with the advanced feature that we require, and that's the reason why we are migrating to a new solution.

What is most valuable?

It is user-friendly. The notification part of McAfee ESM is very easy. 

What needs improvement?

It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM.

The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console.

They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee.

For how long have I used the solution?

I have been using this solution for more than six years.

How are customer service and technical support?

Sometimes, they have been helpful, and sometimes, they drag their feet, and it takes days to fix an issue.

Which solution did I use previously and why did I switch?

I have worked on Splunk.

How was the initial setup?

It is easy to implement and not complex. It can be done in a week if the information is ready. Its integration, however, can take a long time depending on the requirements.

What's my experience with pricing, setup cost, and licensing?

McAfee is the right choice for a low-budget solution.

What other advice do I have?

It is suitable for a medium-sized company but not for a big company. A medium-sized company that has less than a thousand data sources and doesn't need to correlate different use cases with different scenarios can go for McAfee because it is user-friendly and doesn't require many skills. McAfee will also be the right choice for a low-budget solution.

We are almost done with using this solution, and we are not going to use McAfee going forward. McAfee ESM is not able to cope with the advanced features. An army cannot do anything without good weapons in hand, and that's the issue with McAfee. They do not have good weapons to investigate.

McAfee ESM is no longer a leader in the Gartner Magic Quadrant. They should improve its performance and invest more in new features. After that, they will come back to the top position.

I would rate McAfee ESM a five out of ten.

Which deployment model are you using for this solution?


Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More McAfee ESM reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about McAfee ESM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
513,594 professionals have used our research since 2012.
Add a Comment
ITCS user