I rate the solution ten out of ten.

Normally, when you set it up, you have to coordinate with the network administrator, system administrators, and database administrators, as well as tech support, because these administrators will be the point persons to configure respective log sources to the central log management (ERC of McAfee SIEM).

I recommend the solution because it has readily available dash boarding which is not available to other SIEM solutions.

I recommend McAfee to others and rate it an eight out of ten.

I recommend Trellix ESM and rate it an eight out of ten. It has good stability.

Based on what I've heard from others, LogRhythm offers numerous excellent features and I would suggest it as a preferable alternative to McAfee ESM.

I rate McAfee ESM a five out of ten.

With Trellix ESM, you should initially go with the default configurations offered by the solution, after which you can use the documentation and other stuff provided by Trellix to help improve your knowledge about the product. The documentation provided by the product is really handy to use. A person needs to have an understanding of the technology to be able to customize the product so that they can fit it into their environment, which will allow Trellix to offer users its capabilities at 100 percent.

I rate the overall tool an eight out of ten.

I recommend this solution to others.

I rate McAfee ESM an eight out of ten.

It is suitable for a medium-sized company but not for a big company. A medium-sized company that has less than a thousand data sources and doesn't need to correlate different use cases with different scenarios can go for McAfee because it is user-friendly and doesn't require many skills. McAfee will also be the right choice for a low-budget solution.

We are almost done with using this solution, and we are not going to use McAfee going forward. McAfee ESM is not able to cope with the advanced features. An army cannot do anything without good weapons in hand, and that's the issue with McAfee. They do not have good weapons to investigate.

McAfee ESM is no longer a leader in the Gartner Magic Quadrant. They should improve its performance and invest more in new features. After that, they will come back to the top position.

I would rate McAfee ESM a five out of ten.

Using it, I haven't noticed any difference in the mean time it takes us to detect and respond to threats.

We've been happy with it so far. McAfee is a company whose products we've used quite a bit in the last 20 years so I'm familiar with them. McAfee is a very strong company; it's used around the world.

I would tell potential customers that ESM has a feature called all in one box. If a customer is full-fledged on an in-house data center model and has extensive products running on Windows, Linux, and Cisco and it's all sitting on-premises, this is a great option to work with all of them. They have a good set of use cases, reports, and dashboards prebuilt.

Right now, people are migrating to different solutions, and security generation is growing very vast, and it's going a step ahead. Everything is coming to the cloud. Everything is fast, and everything is a hybrid network. Because of COVID, everyone is working from home, everyone is accessing data with their own internet line, and everyone is outside the network.

McAfee will fall back a little in this scenario because the cloud integrations aren't extensively available. In this data center, most of the customers will fall back from ESM. They will come and withdraw their existing accounts, and they might move to different SIEM solutions. This is how it could be in the future. If the existing integrations come with the upgrade and if they're able to upgrade, then they might stick back with ESM.

On a scale from one to ten, I would give McAfee ESM a six.

My advice to those wanting to implement this solution is to do a lot of training. I think every solution is complex until you are trained in it. It is best to have some sort of previous training before you start using it.

I rate McAfee ESM a five out of ten.

We have just acquired IBM QRadar. It is still in the implementation process. We have not used it.

Last January, our Adobe has come to its end of life, and we can not use it anymore.

I can recommend this solution. 

I would rate McAfee ESM a seven out of ten.

I would advise others, before upgrading, to make sure they know the product that they're upgrading to.

I would rate this product at six out of 10. To bring it to a 10, the most important thing is - given there are lot of bugs, and I understand that - there should be proper support from the vendor site.

In summary, this is a good product. We have all of the functionality but it needs support for multitenancy and better support.

I would rate this solution an eight out of ten.

I'd rate the solution eight out of ten. If it was more user-friendly, I'd mark it higher. Right now, technical people working on the solution don't understand what it is are trying to communicate in its tabs. As a company, you need to have a certified or experienced McAfee engineer there or on staff to guide you.

I'd recommend the product, however. It's a nice, robust product.

To make a decision you have to really know what your budget is, how much money you have to buy a solution, and what the main reason is that you are looking for a tool like this. You can always find something cheaper for a small company. Everyone has pretty much the same tools. But if you're going to play with the big ones, like McAfee, you have to be willing to spend a lot of money and, obviously, you'll get the service you need. You have to know your company, what your needs are, and then go shopping. Look around. It's important to look at the tools, how they are deployed in your architecture.

I would rate the solution at eight out of ten. It's good enough to do the things that we need done, but I'm not sure if it's the best in the market.

From my perspective, for anyone with a small or medium-sized business, this is the best solution. It is easy to deploy and it is less, from a cost point of view, than others.

I would rate this solution a nine out of ten.

I am working with the free trial version of Trellix ESM. I am very satisfied with Trellix ESM. There are minor additional features that we need to add to it, but for now, I'm very satisfied with it.

I would advise users to learn NQL so that they can understand how the data goes from raw data to normalized data and how to create their custom rules.

Overall, I rate Trellix ESM an eight out of ten.

The suitability of McAfee ESM is based on the requirements. If a customer is specifically looking for log and event analysis, with the correlations, then this solution is a good choice. If instead, they are looking for network behavior analytics then they should consider IBM QRader or something else.

I would rate this solution an eight out of ten.

I recommend trying this product. This is a quality solution at a fair price.

I would rate this solution an eight out of ten.

There is an API available on ESM, which you can use to automate certain tasks to a point. Use the API to pump data into your data warehouse, which you can then start utilizing for data analysis purposes. You can develop your own baselines for user and asset behavior, and start looking at threat-hunting exercises. For the configuration of variables and custom rules, you need to know what you are doing because otherwise you can end up generating more events and useless events.

Make sure you know exactly why you are implementing it and what you are going to monitor. Also, ensure that you have all your use cases way before venturing into buying a solution of this nature.

I rate the product a seven out of ten. 

McAfee ESM is the perfect SIEM tool, and it provides best results based on data intake and rule based configuration.

I would suggest users identify the data sources they want to interject into SIEM for monitoring, correlation, and work with the sales team to understand the total EPS and choose the right set of hardware, especially the ESM which will perform majority of work for your organization. With the right specs for hardware, it will help you achieve your goal.

Most important criteria when selecting a vendor: support.

This is a product that I would recommend to a colleague at another company.

I would rate this solution an eight out of ten.

I would recommend this solution to others who are interested in using it.

I would rate McAfee ESM a five out of ten.

We are quite happy with the product and its stability, but the problem is the lack of support, which is one of the major issues that we are facing. I really look forward to them providing proper technical support.

I would rate McAfee ESM a seven out of ten.

Stay focused, read the documentation, plan it well, and the project will be a success.