Trellix ESM Reviews

The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it. It doesn't just stop everything but actually tells you there's a quarantine, that these files are in quarantine. You have to deal with them. That's good.

If you don't keep up with updates, they pop up until you actually do something. That's a good thing because we want protection.

There are a lot of things that could be part of future editions. One would be to speed up the scanning of email. As emails come in, it takes a lot of time to scan through them, whether you're on your computer or on your phone. If it were a little quicker doing that, that would be helpful. That's not a new feature but speed always counts.

The only issue I have with McAfee is the amount of computer resources that it takes. When you're running the program it really is heavy on the computer resources. It only impacts staff productivity when it's running the updates. However, it's definitely impacting some of the other applications that are running on a computer at the same time.

McAfee has been around for so long. It's a stable product. They've worked out a lot of glitches, a lot of bugs. There are always new bugs introduced with any product, but it's a stable product.

They do pretty well with scalability because McAfee has so many different solutions. There's a personal edition, then you have a small business edition, and there's an enterprise edition. It can be scaled, and I think they've done a good job.

The setup is pretty good. The only problem is when you're trying to remove a certain version It takes a long time because McAfee keeps a lot of files in the source, on the computer, so you really have to make sure that you delete everything when you're removing the software. When you install a different version of McAfee you need to make sure that you grab all the files and clean the computer out.

Using it, I haven't noticed any difference in the mean time it takes us to detect and respond to threats.

We've been happy with it so far. McAfee is a company whose products we've used quite a bit in the last 20 years so I'm familiar with them. McAfee is a very strong company; it's used around the world.

We use McAfee ESM for log storage and audit purposes. Security is the base reason, and we do build content for them.

The most valuable feature in ESM is its search and reporting feature. It's really nice.

Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved.

In general, every SIEM product has that sort of glitch, some partial development. It's like the enrichment of logging level understanding for a SIEM. More enrichment leads to more understanding and use case improvement. That's the gap there, and you will have technical issues already there with all of the products. They keep on fixing that. It's not a problem. They are fast on that point.

I would like to have some sort of automation module and some sort of SOAR module in the next release. 

I have used McAfee ESM over the last 12 months.

Stability is good. I can say that because of the way their reporting is running right now. The reporting, dashboard, or their use cases are running in the field of security in the scope of data centers. In the scope of data centers, they're very stable. There isn't a problem with that.

Scalability is good. You can increase their EPS module as EPS is about events per second. The cost goes to the customer if it wants to charge them. It's very scalable. At any point in time, you can scale it up, and you can scale it down. That's not a problem. 

The tech support is great. The engineering team helped us well at one point, and they're very good.

The initial setup is straightforward. SIEM isn't a single module component. They have different modules, like the receiver and the console, and the two modules switch. Right now, we have a complex module, and it's compatible. It's not a worry to implement it. 

When it comes to infrastructure deployment, it won't take more than two weeks. The first stage would be procuring the software. If you want to deploy it in your own mediums, or if you want to bring in your own box, it could take a few more days. But once the software and the license are there in your hands, it doesn't take more than a week to get it implemented.

The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended.

I would tell potential customers that ESM has a feature called all in one box. If a customer is full-fledged on an in-house data center model and has extensive products running on Windows, Linux, and Cisco and it's all sitting on-premises, this is a great option to work with all of them. They have a good set of use cases, reports, and dashboards prebuilt.

Right now, people are migrating to different solutions, and security generation is growing very vast, and it's going a step ahead. Everything is coming to the cloud. Everything is fast, and everything is a hybrid network. Because of COVID, everyone is working from home, everyone is accessing data with their own internet line, and everyone is outside the network.

McAfee will fall back a little in this scenario because the cloud integrations aren't extensively available. In this data center, most of the customers will fall back from ESM. They will come and withdraw their existing accounts, and they might move to different SIEM solutions. This is how it could be in the future. If the existing integrations come with the upgrade and if they're able to upgrade, then they might stick back with ESM.

On a scale from one to ten, I would give McAfee ESM a six.

We are using this solution primarily for SIEM logs.

The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it.

I have been using this solution for approximately six years.

The stability of this solution has been good.

We have never had an issue with the scalability of this solution.

The technical support could improve from McAfee.

The initial setup is difficult and could improve. 

We have four engineers that do the maintenance for this solution.

My advice to those wanting to implement this solution is to do a lot of training. I think every solution is complex until you are trained in it. It is best to have some sort of previous training before you start using it.

I rate McAfee ESM a five out of ten.

We implement it in our hospital applications.

It has been very helpful to our company. It enables us to detect malicious threats, issues, or vulnerabilities in our network.

We acquired the IBM product because McAfee is slightly confusing to use, and it's broader.

I have used McAfee ESM for three years.

We are using Version 11.

It's scalable, and we can implement our network use cases.

We have five users in our organization.

The technical support is fast and they have been helpful in resolving our issues.

Previously, I did not use another solution. McAfee ESM is the only solution I know.

I was not a part of the installation. It was installed before I joined the company.

We had help from the McAfee teams in Singapore and India. We also had some help from Trend Micro and one colleague from our company.

We renew our license annually.

We have just acquired IBM QRadar. It is still in the implementation process. We have not used it.

Last January, our Adobe has come to its end of life, and we can not use it anymore.

I can recommend this solution. 

I would rate McAfee ESM a seven out of ten.

By having access protection in the policies on the machine, it helps in real-time behavior scenarios, where the policy captures stuff, quite a lot.

VirusScan Enterprise provides protection against real-time malware attacks. 

We use it for logging the network traffic, when required.

It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself.

There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee.

Also, there's no software support from McAfee.

It seems McAfee does not test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs.

After the upgrade, it is stable now. 

It has good scalability.

Tech support is not good. They don't respond to issues in a timely manner. We need to call up the account managers, and then the engineers will work on it.

We have to wait fairly long. Until we escalate the issue, the call will be still in the pending state, or the hold state.

We switched to them because of the pricing.

It is complex, not straightforward. 

For examples, concerning an upgrade, the pre-installer check provided to us before the upgrade was showing the result was "all requirements met." But when we ran the actual installation, it was different.

I would advise others, before upgrading, to make sure they know the product that they're upgrading to.

I would rate this product at six out of 10. To bring it to a 10, the most important thing is - given there are lot of bugs, and I understand that - there should be proper support from the vendor site.

I work with an integration company and implement tools such as McAfee ESM.

We are an MSSP for a lot of clients. We gather their logs, correlate them, create rules, and assume the role of their SOC. We have skilled operators 24/7 who take care of these clients.

The most valuable feature is the correlation rules.

This product is easy to use.

There should be support for multitenancy in the product. Because they don't have it, I think it is the biggest improvement that the vendor could make.

I have been working with McAfee ESM for approximately eight years.

This is a very scalable product.

In the on-premises deployment, we have large enterprise clients. For cloud-based deployment, our clients are small to medium-sized companies.

Although I am satisified with the technical support, there is room for improvement. The support is not as good as it could be because McAfee has moved so many times.

The initial setup is straightforward and easy to do. The deployment is very fast.

In summary, this is a good product. We have all of the functionality but it needs support for multitenancy and better support.

I would rate this solution an eight out of ten.

The security can't be compromised. The security features on offer are the most valuable feature and are why it's really worth having as a product like this in our organization.

The user interface could be more user-friendly.

Technical support could be improved.

I've been using the solution for two or three years.

The solution is 100% stable. We really have had a great time working with it. It hasn't let us down.

We've been satisfied with the level of scalability the solution offers us.

We've had some issues in the past and have had their Pakistani representative here. We've also communicated with foreign branches of technical support. The solution offers okay assistance. It's not a mature solution like Fortinet or Watchguard, but it's still providing okay service. I'd say the help we've received is largely mixed. It's been 50/50 in terms of resolving our issues.

It's a fairly low-cost solution, so the pricing is pretty good.

I'd rate the solution eight out of ten. If it was more user-friendly, I'd mark it higher. Right now, technical people working on the solution don't understand what it is are trying to communicate in its tabs. As a company, you need to have a certified or experienced McAfee engineer there or on staff to guide you.

I'd recommend the product, however. It's a nice, robust product.

As a bank, we have different cases use cases that are typical for the industry.

On the security side, it reduces the time needed to make changes in case of an attack. We have to work on it in real time. If we didn't have the tool, the amount of time would be double or triple. The main reason we have it is that it makes it easier for the engineer who works on the site to realize what is happening. It helps with productivity.

McAfee has always been there for us and it helps with the maturity of our security program.

The most valuable feature is the capability to correlate different events from different platforms that we feed into it. It makes it easier to engineer the box on our side so that we can realize what is happening and do something about it. It gives us the tools to know what's happening and make a change in one of the downstream platforms to reject a connection or the like.

Although we're a South American bank, our products are pretty much the same as North American banks. The types of things they would install in North America are what we have here.

But there are some banking and transactional cases that are local, South American transactions. I would like to see them add features that can be used locally, to make those transactions more reliable.

The stability is really good.

The scalability depends on how much you want to pay for it. If I need a bigger solution, the vendor is going to be able to add more features to the machine, or even change it. It all depends on how much are you willing to spend.

For technical support, we work in two ways. We have a partner that is looking after the platform, and we have the vendor as well. If we have a problem with the partner, we can call McAfee. So overall, support is good.

They should double check what they are doing with customers. I have had some trouble trying improve the use case. I was hoping that they help me with that, show me the way.

The vendor, McAfee, works with a partner and the partner sells to us. We use a partner.

Our company looked at Splunk three years ago. Every couple of years we look around at what's in the market. For us, it's quite difficult to try other ones, because of the time and costs involved. That's why I'm not sure if McAfee is the best solution, but it's good enough for me.

We're always looking to make improvements and if the products we have are not good enough, or we see that another brand is making something better, we will migrate.

To make a decision you have to really know what your budget is, how much money you have to buy a solution, and what the main reason is that you are looking for a tool like this. You can always find something cheaper for a small company. Everyone has pretty much the same tools. But if you're going to play with the big ones, like McAfee, you have to be willing to spend a lot of money and, obviously, you'll get the service you need. You have to know your company, what your needs are, and then go shopping. Look around. It's important to look at the tools, how they are deployed in your architecture.

I would rate the solution at eight out of ten. It's good enough to do the things that we need done, but I'm not sure if it's the best in the market.