We just raised a $30M Series A: Read our story

McAfee Active Response OverviewUNIXBusinessApplication

McAfee Active Response is the #22 ranked solution in our list of EDR tools. It is most often compared to McAfee MVISION Endpoint Detection and Response: McAfee Active Response vs McAfee MVISION Endpoint Detection and Response

What is McAfee Active Response?

Continuous Visibility into Your Endpoints:
Capture and monitor events, files, host flows, process objects, context, and system state changes that may be indicators of attack or dormant attack components.

Identify and Remediate Breaches Faster:
Access tools you need to quickly correct security issues. Send intelligence to analytics, operations, and forensic teams.

Target Critical Threats:
Get preconfigured and customizable actions when triggered, so you can target and eliminate threats.

Buyer's Guide

Download the Endpoint Detection and Response (EDR) Buyer's Guide including reviews and more. Updated: October 2021

McAfee Active Response Customers

Liquor Control Board of Ontario

McAfee Active Response Video

Pricing Advice

What users are saying about McAfee Active Response pricing:
  • "Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US."

McAfee Active Response Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
LeonWessels
IT Security Manager at a comms service provider with 1,001-5,000 employees
Reseller
Top 5Leaderboard
Lighter with good stability and pretty good technical support

Pros and Cons

  • "It's a little lighter compared to the older version, which was mostly signature-based."
  • "There are some components on the cloud that should also reside in the on-prem deployment models but don't."

What is our primary use case?

We use McAfee for our corporate-issued laptops and desktops. We use a different product on the servers, however, our use case is mostly for workstations and laptops.

What is most valuable?

With the ADR parts of it or the Active Response parts of it, we're able to get a little more information compared to the older version. Such as analytics, user behavior analytics, triaging and meaningful reporting. 

It's a little lighter compared to the older version, which was mostly signature-based. It was very CPU intensive. Users used to complain about when the scan is running, that they couldn't do any work. That was one of the reasons which prompted us to upgrade, even though our intention was mostly to go to either Carbon Black or CrowdStrike.

What needs improvement?

It's still not lightweight enough and not as light as they claim to be with the McAfee area of a next-gen AV. They can do some improvements along that line. 

There needs to be some improvement around the white-listing or black-listing.

The product could improve aspects around the removal of blacklisted applications, et cetera. 

This was an exercise to centralize the AV cell, and that's how we ended up upgrading. The truth, however, is that I was really looking for something much more advanced with user behavior analytics and some AI features that the other competitor's next-gen AV does offer. It is okay for what it's doing now, however, it's not the ultimate software.

There are some components on the cloud that should also reside in the on-prem deployment models but don't. They should ensure they are doing parallel development for cloud and on-prem when they are doing R&D. 

For how long have I used the solution?

I've been using the solution for a long time. It's been over a decade. I'd say it's likely been about 12 years at this point. In the last three years, we've updated to the latest version.

What do I think about the stability of the solution?

The stability has been okay so far. The problem that I really have is that, when I was doing the POC, we used Symantec on our servers, and we use McAfee on the desktop and the laptops. I wanted a unified solution, one solution that could have worked for both. A next-gen, lightweight solution that would have given me a lot of analytics.

What do I think about the scalability of the solution?

The engineers that actually administer that platform claim that it's pretty good at scaling. It requires a number of components to be installed, however. It is not very straightforward. They've been deploying it in one or two servers. There were databases and different components that you need to have and they need to communicate. It requires some level of advanced knowledge to deploy the solution itself, just to get the environment up. However, once it's up, it seems to be working fine.

At the time we installed the solution, we had about 3000 users. In the last three years, however, our numbers are now down to somewhere around 1400 or something like that. That said, we still have the same amount of licenses being used as we sometimes have a high influx of consultants with our contact centers that we outsource to partners, retail partners that we have, that we have to deploy systems on their premise. We utilize that difference of the license in those scenarios. We don't see a need to increase usage as we still have so many licenses available.

How are customer service and technical support?

So far, the engineers that manage this solution claim that they're pretty good in terms of technical support. If they need to raise anything through the partner, the local reseller, they haven't had any issues. Prior to the pandemic, we used to have periodic visits from the partner and McAfee directly, however, of course, that has eased up. Things are a bit slow now with the relationship, owing to the pandemic itself, and everybody is just dealing with their own level of crisis.

Overall, I would say we are satisfied with the level of service.

Which solution did I use previously and why did I switch?

No, we have always used McAfee.

How was the initial setup?

We actually had an engineer on-site that came from McAfee. 

We did the rollout using the global policy. We did a combination as well. We used the scan to also push it out. Our company had training as part of that implementation, as a knowledge transfer. For that reason, we really didn't face many difficulties. It was relatively straightforward.

The difficulties we had were more due to the older versions, where they sometimes did not receive an update. Due to that, you could not have pushed the new update to them. One of the challenges we had was that we had to actually go to those systems and uninstall the older model before we could install the newer one. 

The deployment was done in phases. We did a sample of about a hundred, and then after that, we rolled it out within two weeks to the rest of the organization.

We have two staff that actually manage that environment itself. They manage the operations and the upkeep, and liaison with the Defender, and with the staff. If there are any issues, they handle them.  

I also have my team, which is comprised of four of us that actually manage the system more from a governance perspective, handling policies that need to be implemented, or issues where there may be a breach of policy and those kinds of tasks. 

What about the implementation team?

A McAfee engineer assisted us in the implementation process.

We had a reseller help us get someone directly from McAfee. They flew in and came on-site as we also wanted to do in-depth training as well. The reseller didn't do too much work. It was the McAfee engineer that did the heavy lifting.

They only had a three to seven-day window that we had to work with. We had purchased two weeks. We got a one-week on-prem, and the other week where they couldn't install some of the stuff, as far as the rollout, as that was done remotely. The training also was done remotely. The experience was pretty good overall.

What's my experience with pricing, setup cost, and licensing?

We pay for the solution yearly. 

Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US.

There were extra costs around implementation and training.

Which other solutions did I evaluate?

With our long-term goal of getting a unified next-gen AV, I've looked t other options.

I would have looked at Carbon Black, before they were acquired by VMware. Now we also have VMware within our private clouds. We have two cloud environments. We resell cloud solutions, and our virtualized vendor is VMware. We have an active partnership with VMware. And, and now that VMware has acquired Carbon Black, they have approached us to use Carbon Black, and also to resell Carbon Black. That is an ongoing discussion.

We have looked at CrowdStrike, and well, and we have looked at the Check Point solution too. It is my understanding that we may have looked at Cylance as well.

In terms of evaluation criteria, we're looking at the analytics aspects of it, and if there is AI built into it. We want to move away from the old, signature-based type solution. We're looking for a very lightweight solution that was lower CPU resource intensive.

We were looking at features pertaining to quarantining an endpoint, in the event of infection. We want solutions that maintained some level of connection back to the command-and-control, in order for us to remediate, as we didn't have the staff to go out to physical locations. 

We were looking for the white-listing. We were looking for features like being able to remove an app if we find it violates the policy of allowed applications on the endpoint. We were also looking for features that would prevent the users from uninstalling the endpoint itself. 

What other advice do I have?

We're just a customer.

I'm not sure which version of the solution we're using.

This solution is fine for now. However, our long-term goal is really to get a unified next-gen AV.

I'd advise potential new users that they do extensive research. Do some POC among some of the top vendors out there, probably in the Magic Quadrant. They should have developed some sort of criteria as to what they're looking for. As you evaluate each product, you can then tick off requirements and compare options. Ask about support and how fast a solution can get issues resolved. That's important.

I would rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PM
Senior Manager Information Technology at a pharma/biotech company with 10,001+ employees
Real User
Top 20
Provides good security, but technical support should be improved and resource consumption lowered

Pros and Cons

  • "The solution is scalable."
  • "While the product is good, we are currently facing support issues."

What is our primary use case?

We make use of the latest version.

What is most valuable?

I don't consider any one specific feature to be the most valuable, but I look at the advantages inherent in EDR holistically. 

What needs improvement?

While the product is good, we are currently facing support issues. We are working with McAfee on that front.

When it comes to technical support, we face slowdown issues in respect of the EDR with some of our machines.

The consumption of resources should be lower. What I mean is that the product requires a lot of memory. Cloud-based products are much better by comparison.

For how long have I used the solution?

We have been using McAfee Active Response for almost a year.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and technical support?

We are working with McAfee on support issues that we have encountered. 

How was the initial setup?

The initial setup is straightforward.

What other advice do I have?

The product itself is good.

I rate McAfee Active Response as a six out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate