McAfee ESM Review

The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available.


What is most valuable?

The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use.

How has it helped my organization?

It's easy to create reports for compliance and for detecting different kinds of attacks and breaches through correlations. This makes the client devices to be more secure.

What needs improvement?

The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use.

For how long have I used the solution?

I've used it for two-and-a-half years.

What was my experience with deployment of the solution?

The disk space sizing is very hard and when the version was updated to 9.4 the space needed to store events was cut by half, making it harder to explain to clients who now needed twice as much disk space, with no explanation from the vendor what happened. This was not even in the release notes.

I suggest that you configure the data archive prior to deployment because once the partition is detached, it will be deleted and you can lose a weeks-worth of events. You don't know when it will be deleted because even with a lot of space disk the partition is detached.

What do I think about the stability of the solution?

There have been no issues with the stability.

What do I think about the scalability of the solution?

There have been no issues scaling.

How are customer service and technical support?

Customer Service:

I give customer service a 7 out of 10.

Technical Support:

I give technical support a 7 out of 10.

Which solution did I use previously and why did I switch?

We used HP ArcSight, IBM Q1 Labs, Splunk, and we chose McAfee Enterprise Security Manager because it’s very easy to deploy.

How was the initial setup?

The initial setup is simple and descriptive. It was very straightforward.

What about the implementation team?

We implemented it with our in-house team.

What was our ROI?

The in-house sales team said McAfee has the best ROI on the market.

What's my experience with pricing, setup cost, and licensing?

You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points.

What other advice do I have?

Multiple dashboards already created
More than 200 correlation rules created and available to use on the Correlation Engine
Multiple reports already created, ready to use or you can edit them

Disclosure: My company has a business relationship with this vendor other than being a customer: We're partners.

Add a Comment
Guest