McAfee ESM Review

A security information and event management solution with a useful search and reporting feature, but cloud integration could be better


What is our primary use case?

We use McAfee ESM for log storage and audit purposes. Security is the base reason, and we do build content for them.

What is most valuable?

The most valuable feature in ESM is its search and reporting feature. It's really nice.

What needs improvement?

Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved.

In general, every SIEM product has that sort of glitch, some partial development. It's like the enrichment of logging level understanding for a SIEM. More enrichment leads to more understanding and use case improvement. That's the gap there, and you will have technical issues already there with all of the products. They keep on fixing that. It's not a problem. They are fast on that point.

I would like to have some sort of automation module and some sort of SOAR module in the next release. 

For how long have I used the solution?

I have used McAfee ESM over the last 12 months.

What do I think about the stability of the solution?

Stability is good. I can say that because of the way their reporting is running right now. The reporting, dashboard, or their use cases are running in the field of security in the scope of data centers. In the scope of data centers, they're very stable. There isn't a problem with that.

What do I think about the scalability of the solution?

Scalability is good. You can increase their EPS module as EPS is about events per second. The cost goes to the customer if it wants to charge them. It's very scalable. At any point in time, you can scale it up, and you can scale it down. That's not a problem. 

How are customer service and technical support?

The tech support is great. The engineering team helped us well at one point, and they're very good.

How was the initial setup?

The initial setup is straightforward. SIEM isn't a single module component. They have different modules, like the receiver and the console, and the two modules switch. Right now, we have a complex module, and it's compatible. It's not a worry to implement it. 

When it comes to infrastructure deployment, it won't take more than two weeks. The first stage would be procuring the software. If you want to deploy it in your own mediums, or if you want to bring in your own box, it could take a few more days. But once the software and the license are there in your hands, it doesn't take more than a week to get it implemented.

What's my experience with pricing, setup cost, and licensing?

The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended.

What other advice do I have?

I would tell potential customers that ESM has a feature called all in one box. If a customer is full-fledged on an in-house data center model and has extensive products running on Windows, Linux, and Cisco and it's all sitting on-premises, this is a great option to work with all of them. They have a good set of use cases, reports, and dashboards prebuilt.

Right now, people are migrating to different solutions, and security generation is growing very vast, and it's going a step ahead. Everything is coming to the cloud. Everything is fast, and everything is a hybrid network. Because of COVID, everyone is working from home, everyone is accessing data with their own internet line, and everyone is outside the network.

McAfee will fall back a little in this scenario because the cloud integrations aren't extensively available. In this data center, most of the customers will fall back from ESM. They will come and withdraw their existing accounts, and they might move to different SIEM solutions. This is how it could be in the future. If the existing integrations come with the upgrade and if they're able to upgrade, then they might stick back with ESM.

On a scale from one to ten, I would give McAfee ESM a six.

Which deployment model are you using for this solution?

On-premises

Which version of this solution are you currently using?

11.1
**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More McAfee ESM reviews from users
...who work at a Financial Services Firm
...who compared it with Splunk
Learn what your peers think about McAfee ESM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
513,091 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest