It provides threat monitoring from the Internet and if there is malicious activity on the end-point, the ESM can provide us what host is affected. 

It hasn't been helpful. McAfee is not investing much in this solution to improve it. It cannot cope with the advanced feature that we require, and that's the reason why we are migrating to a new solution.

It has been very helpful to our company. It enables us to detect malicious threats, issues, or vulnerabilities in our network.

By having access protection in the policies on the machine, it helps in real-time behavior scenarios, where the policy captures stuff, quite a lot.

On the security side, it reduces the time needed to make changes in case of an attack. We have to work on it in real time. If we didn't have the tool, the amount of time would be double or triple. The main reason we have it is that it makes it easier for the engineer who works on the site to realize what is happening. It helps with productivity.

McAfee has always been there for us and it helps with the maturity of our security program.

This solution helps us to provide services for our clients and integrates well with their other technologies.

We are now able to completely monitor our environment so we can review what is there, which is a big win for us. This solution helps with the maturity of our environment.

Using the out-of-the-box rules has made our work more relaxing.

The best way to describe the improvement is within the following areas:

1. Network Operations. Without visibility of network related issues, we have discovered many routing issues and network noise that could have otherwise been left to consume capacity on our clients networks. We have complete visibility of what has changed and who made changes to network related infrastructure.
2. Security Operations. We have almost real-time visibility, and with the manner in which we configure alarms, including the processes that we have implemented, we can easily initiate the security incident handling procedures. The threat feeds add a load of value in terms of investigations and through that procedure, we can quite easily remedy web filtering, endpoints, and perimeter firewalls.

A specific note on Botnets and Beaconing -- using watchlist for malicious IP addresses, it doesn’t take us long to block communication and clean endpoints.

We now have a better view of our security posture from an external and internal point of view. We are able to do forensic investigations and stop attacks before they occur.

We perform security event monitoring for over 700 individual servers, firewalls, and applications. It's not possible to monitor over 500 million events per day with SIEM.

I work for a System Integrator.

It does a good job for us.

If I lost my computer somewhere then hopefully the software will protect my data from anyone.

I helped a client of ours implement and deploy it.

It's easy to create reports for compliance and for detecting different kinds of attacks and breaches through correlations. This makes the client devices to be more secure.

It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints.

Through correlation rules, it finds malware that compromised the computer that anti-virus and other security solutions do not find.