McAfee Network Security Platform Review

An easily customizable solution to deploy sensors


What is our primary use case?

The primary use is to deploy sensors. We have two use cases: to predict the anomalous behavior and to predict the normal threshold for our network. 

How has it helped my organization?


What is most valuable?

The most valuable features are the customization of the signature and the unlimited amount of custom signatures in IPS.

What needs improvement?

The solution needs to improve the graphical interface. They had a limitation in some of the sensor modems as well. You probably need to buy a big model to get the solution in line. They don't give you the big model by default. During deployment, since everything goes down, all the traffic will be down. You have high variability compared to others. You need to deploy a lot of sensors and figure out the best practices. This may cost you a lot.

I think they should have a correlation of the IA deployment or IA policies. They should improve their policies to get the correlation and the variables from one policy.

For how long have I used the solution?

I've been using the solution for one year.

How are customer service and technical support?

Technical support was good, but can be improved. You need to send the ticket to a higher authority to get what you need. They need improvement in the first tier of technical support.

If you previously used a different solution, which one did you use and why did you switch?

This is the first IPS solution we are using.

How was the initial setup?

Deployment depends on the environment, on one of our projects, a minimum of four to seven months. You need about three people minimum for the deployment. We are defining service use agreements, and the support comes out and does preventative maintenance for two visits every month. For maintenance, you only need one person.

What about the implementation team?

I have a team, and we handle implementation and deployment ourselves.

Which other solutions did I evaluate?

We looked at the Cisco IPS solution and found that they have multiple issues. If you want to submit or monitor anything in ASA, you should have a route to source the IPS engine. This is too difficult to deploy for most users. 

What other advice do I have?

I would rate this solution eight out of ten. They have inefficient sensor hardware and you need to uninstall a lot of third party software to improve the graphical interface - like JavaScript or something like that.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email