McAfee ESM Room for Improvement
Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved.
In general, every SIEM product has that sort of glitch, some partial development. It's like the enrichment of logging level understanding for a SIEM. More enrichment leads to more understanding and use case improvement. That's the gap there, and you will have technical issues already there with all of the products. They keep on fixing that. It's not a problem. They are fast on that point.
I would like to have some sort of automation module and some sort of SOAR module in the next release.View full review »
Cyber Security Consultant at a tech services company with 51-200 employees
We are having trouble migrating our data sources from version 10 to version 11.2. We cannot add new data sources to the most recent version.
I would like to see the Active Response function enhanced.View full review »
Senior Security Specialist at a manufacturing company with 10,001+ employees
It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM.
The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console.
They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee.
Information Security Officer at a tech services company with 51-200 employees
McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support.
It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better.
Technical support for this product could be improved.
I would like to see improvements to the user interface.
It would be helpful to have a diagram in the interface that shows the actions.View full review »
Information Security Engineer at a financial services firm with 51-200 employees
The only drawback is that they don't have any packet capturing or network behavior analysis. Including network behavior analysis in the future would be a good addition.
The speed of technical support can be improved.View full review »
The user interface could be more user-friendly.
Technical support could be improved.View full review »
We acquired the IBM product because McAfee is slightly confusing to use, and it's broader.View full review »
VP Cyber Security & IT at a computer software company with 1,001-5,000 employees
There should be support for multitenancy in the product. Because they don't have it, I think it is the biggest improvement that the vendor could make.View full review »
Assistant Vice President at a financial services firm with 1,001-5,000 employees
When it came to using the solution for a larger organization, we were faced with some troubles attempting to manage the GUI functionality. During some forensic investigations, some of the information was missing from the collected data.
It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI. For Postgre databases, the solution did not collect a lot of information from it. It has some integration problem. Companies, therefore, have to invest twice for collecting logs rather than one SIEM.View full review »