McAfee ESM Overview

McAfee ESM is the #15 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to IBM QRadar: McAfee ESM vs IBM QRadar

What is McAfee ESM?

McAfee Enterprise Security Manager - the foundation of the security information and event management (SIEM) solution family from McAfee delivers the performance, actionable intelligence, and real-time situational awareness at the speed and scale required for security organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.

McAfee ESM is also known as NitroSecurity, McAfee Enterprise Security Manager.

Buyer's Guide

Download the Security Information and Event Management (SIEM) Buyer's Guide including reviews and more. Updated: April 2021

McAfee ESM Customers

San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport

McAfee ESM Video

McAfee ESM Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Carmen Marsh
CEO at Inteligencia
Real User
Top 10
Mar 26, 2019
Quarantines suspect files without stopping everything else

Pros and Cons

  • "The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
  • "The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."

What other advice do I have?

Using it, I haven't noticed any difference in the mean time it takes us to detect and respond to threats. We've been happy with it so far. McAfee is a company whose products we've used quite a bit in the last 20 years so I'm familiar with them. McAfee is a very strong company; it's used around the world.
Security Product Manager at a financial services firm with 5,001-10,000 employees
Real User
Mar 20, 2019
Correlates events from various platforms and reduces our response time in case of attack

What is our primary use case?

As a bank, we have different cases use cases that are typical for the industry.

Pros and Cons

  • "The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
  • "There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."

What other advice do I have?

To make a decision you have to really know what your budget is, how much money you have to buy a solution, and what the main reason is that you are looking for a tool like this. You can always find something cheaper for a small company. Everyone has pretty much the same tools. But if you're going to play with the big ones, like McAfee, you have to be willing to spend a lot of money and, obviously, you'll get the service you need. You have to know your company, what your needs are, and then go shopping. Look around. It's important to look at the tools, how they are deployed in your…
Find out what your peers are saying about McAfee, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: April 2021.
475,208 professionals have used our research since 2012.
IT Manager at a tech services company with 10,001+ employees
Real User
Aug 15, 2018
It has good technical support, but I can't scale it

What is our primary use case?

It has performed well and delivered the results that I have been looking for.

How has it helped my organization?

It does a good job for us.

What is most valuable?

Ease of use. Quick training period.

What needs improvement?

I can't scale it. I would like to see AI play a major role going forward.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is a stable product.

What do I think about the scalability of the solution?

I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore.

How is customer service and technical support?

It has good technical support, which is available around the clock. You can call up anytime and get whatever…
IT Security Analyst at Ingenium Group
Real User
May 23, 2018
A good central viewpoint for issues, but it requires Flash

What is our primary use case?

* To gain transparency into potential vulnerabilities within the network. * To monitor problems, e.g., failure to update packages within the back-end security environment.

Pros and Cons

  • "It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
  • "Product currently requires Flash."
  • "Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
  • "We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
Laeeq Ahmed
IT Security Lead at a tech services company with 10,001+ employees
Jan 15, 2018
Adaptive protection learns for itself, but it seems McAfee does not test its product before releasing

Pros and Cons

  • "It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
  • "There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
  • "It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
  • "There's no software support from McAfee."

What other advice do I have?

I would advise others, before upgrading, to make sure they know the product that they're upgrading to. I would rate this product at six out of 10. To bring it to a 10, the most important thing is - given there are lot of bugs, and I understand that - there should be proper support from the vendor site.
Threat Intelligence Engineer (Security Engineering Team) at a government with 10,001+ employees
Sep 11, 2017
Biggest benefit is its easy scalability. It doesn't restrict you to a particular hardware or storage solution​.

What other advice do I have?

McAfee ESM is the perfect SIEM tool, and it provides best results based on data intake and rule based configuration. I would suggest users identify the data sources they want to interject into SIEM for monitoring, correlation, and work with the sales team to understand the total EPS and choose the right set of hardware, especially the ESM which will perform majority of work for your organization. With the right specs for hardware, it will help you achieve your goal.
Information Security Analyst at a tech services company with 501-1,000 employees
May 11, 2017
Through correlation rules, it finds malware that anti-virus and other security solutions do not find.

What other advice do I have?

Stay focused, read the documentation, plan it well, and the project will be a success.
Information Security Analyst at a tech services company with 501-1,000 employees
Jul 4, 2016
The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available.

Pros and Cons

  • "The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
  • "The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."

What other advice do I have?

Multiple dashboards already created More than 200 correlation rules created and available to use on the Correlation Engine Multiple reports already created, ready to use or you can edit them
ICT Security Officer at a healthcare company with 1,001-5,000 employees
May 31, 2016
We now have a better view of our security posture from an external and internal point of view. The reporting could use some improvement.

What other advice do I have?

Make sure you know exactly why you are implementing it and what you are going to monitor. Also, ensure that you have all your use cases way before venturing into buying a solution of this nature.
Manager of System Security at a tech services company with 10,001+ employees
May 9, 2016
The visualization clearly articulates the current and past state of network traffic and correlation rule hits. The API still needs to develop some maturity.

What other advice do I have?

There is an API available on ESM, which you can use to automate certain tasks to a point. Use the API to pump data into your data warehouse, which you can then start utilizing for data analysis purposes. You can develop your own baselines for user and asset behavior, and start looking at threat-hunting exercises. For the configuration of variables and custom rules, you need to know what you are doing because otherwise you can end up generating more events and useless events.
Amlan Sahoo
Systems-Engineer at a tech services company with 10,001+ employees
Apr 20, 2016
I like the vendor support from McAfee and the overall architecture looks simple. The version I worked on had a bug in the alarm system.
Security Consultant, Presale and System Engineer at a tech services company with 501-1,000 employees
Jan 21, 2016
If you provide it with the Advanced Correlation Engine and Global Threat Intelligence, you can raise your infrastructure to be a complete advanced SOC.
Vinod Shankar
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Feb 27, 2015
One of the biggest strengths of Nitro is the underlying database but stability has been a problem.
At Infosecnirvana, we have quite a number of posts dedicated to SIEM. We have done a detailed comparison of SIEM products in a post titled – SIEM Comparison along with providing a detailed check list for SIEM evaluation. We have also posted about SIEM products from time to time as reflected by our post on IBM QRadar and ArcSight. Following up with those posts, this blog is our take on McAfee Nitro SIEM. So let’s get started Introduction: McAfee in 2011 purchased Nitro Security to enter into the SIEM space and subsequently were taken up by Intel. This period of 2011 actually saw a few things happen in the SIEM market space. This included HP buying ArcSight, IBM buying QRadar and McAfee buying Nitro etc. etc. Each of those SIEM products have taken a different route over the last 3 years.…
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about McAfee, Splunk, IBM, and more!