Trellix ESM Reviews

Doing Incident analysis in my opinion with ESM is easier than other solutions. There are a lot of ways to build queries and a great filter engine; if you provide ESM with the Advanced Correlation Engine and Global Threat Intelligence you can raise your infrastructure to be a complete advanced SOC.

I work for a System Integrator.

I have almost no complaints with this solution because it's almost a complete solution, but I do hope to have more stability in the next upgrade and to have the interface re-engineered to be HTML5-based rather than Flash-based.

I'd also like some Splunk-like ELM (Log Manager) enterprise functions.

I've used it for three years, from versions 9.1 to 9.5

Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected deployment.

Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected stability.

It has scaled to our needs.

Customer service is very good and very professional.

Technical support is very good and very professional.

I also work with with RSA and McAfee SIEM solutions.

If you buy the all-in-one solution (Virtual or Hardware), the setup takes a couple of hours.

SIEM is not a Log Manager; ESM is meant for people who need advanced SOC functionality and not only to satisfy compliance rules.

We are using the solution for log analyzing endpoints and investigating all types of applications, files or network devices login collection.

McAfee as a whole is a good solution.

When it came to using the solution for a larger organization, we were faced with some troubles attempting to manage the GUI functionality. During some forensic investigations, some of the information was missing from the collected data. 

It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI. For Postgre databases, the solution did not collect a lot of information from it. It has some integration problem. Companies, therefore, have to invest twice for collecting logs rather than one SIEM.

I have been using the solution for two years.

The initial setup was a bit complex.

The local partner we had was not very experienced in implementing the solution. However, the solution was first implemented in our country.

It has performed well and delivered the results that I have been looking for.

It does a good job for us.

• Ease of use.
• Quick training period.

I can't scale it.

I would like to see AI play a major role going forward.

It is a stable product.

I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore.

It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved.

I was not involved in the initial setup, but it was straightforward.

We are currently evaluating ArcSight and LogRhythm.

At the time we previously purchased McAfee, I had fewer requirements and it catered to my needs.

Most important criteria when selecting a vendor: support.

My primary use case for this solution is to secure the data on my laptop.

If I lost my computer somewhere then hopefully the software will protect my data from anyone.

The ability to secure my data is the most important feature.

It is easy to use. I just need to enter the username and the password and it protects my data.

I would like to see fingerprint recognition included in the next release of this solution.

I have not used technical support for the product.

My company did use another product previous to this one but I do not know why they switched.

The installation and setup of this solution is straightforward.

I handled the deployment myself.

This is a product that I would recommend to a colleague at another company.

I would rate this solution an eight out of ten.

We use this solution for correlation, alerting, and log management.

We are integrators.

I like the ease of deployment.

I would like to see good analytics in future releases.

McAfee has many issues with integration. I am looking for an end-to-end integration such as EDR, and Next-Generation SOC 2.0. 

I have been working with McAfee ESM for 20 years.

We are looking for horizontal and verticle expansion. McAfee has issues with scalability. Other ESM solutions, don't have the same issues.

We have not contacted technical support in quite some time. We had issues with the parsing.

The deployment is easy, but because it is a hybrid deployment which makes it complex. It is partly in the cloud and partly an on-premises deployment. The device will have to access the cloud and on-premises data.

We have an internal team to maintain this solution.

The pricing is fair.

I would recommend this solution to others who are interested in using it.

I would rate McAfee ESM a five out of ten.

We use McAfee ESM for IT operations and a few security-related things. 

It is easy to use and deploy. It comes with user-friendly manuals.

McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support.

It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better.

I have been using McAfee ESM for maybe the last six years. 

It has very good stability.

So far, we haven't tried scaling. Because it is on-premises, it is almost a setup environment. We don't do any major changes on the same site because it is quite critical and gets alerts. We don't want to mess up with our configuration.

They take a long time, and the technical person who comes from support doesn't seem to be knowledgeable. When something goes wrong on the hardware or the application side, or we need some technical support in filling up use cases, it takes a long time.

We always struggle to get proper support from their technical support team. It seems that there is only one person who is handling the Middle East technical support, and when we don't get that person, we struggle a lot.

The initial setup was straightforward. There were no complications in its deployment.

Its deployment was done by an engineer in our company. 

We are a security team of five members. Whoever a ticket is assigned to handles the cases.

The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it.

We are quite happy with the product and its stability, but the problem is the lack of support, which is one of the major issues that we are facing. I really look forward to them providing proper technical support.

I would rate McAfee ESM a seven out of ten.

This is the first SIEM product that I have used. My impressions so far are that I like the vendor support from McAfee and the overall architecture looks simple.

I helped a client of ours implement and deploy it.

The product documentation is good, but could be better. Also a bug-free version would be nice as the version I worked on had a bug in the alarm system.

I've used it for five months.

We had bug alarm issues during deployment. The bug, I think, was part of the product.

We had no issues with the stability.

We have had no issues scaling it for our needs.

Customer service is very good.

Technical support is very good.

The initial setup was straightforward.

You will have a better implementation if you get support from the vendor.

Overall, it was expensive, as it has split components.

We have now started using ArcSigh as well. I don't have much experienced with it, but the overall architecture looks similar to McAfee.

The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use.

It's easy to create reports for compliance and for detecting different kinds of attacks and breaches through correlations. This makes the client devices to be more secure.

The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use.

I've used it for two-and-a-half years.

The disk space sizing is very hard and when the version was updated to 9.4 the space needed to store events was cut by half, making it harder to explain to clients who now needed twice as much disk space, with no explanation from the vendor what happened. This was not even in the release notes.

I suggest that you configure the data archive prior to deployment because once the partition is detached, it will be deleted and you can lose a weeks-worth of events. You don't know when it will be deleted because even with a lot of space disk the partition is detached.

There have been no issues with the stability.

There have been no issues scaling.

I give customer service a 7 out of 10.

I give technical support a 7 out of 10.

We used HP ArcSight, IBM Q1 Labs, Splunk, and we chose McAfee Enterprise Security Manager because it’s very easy to deploy.

The initial setup is simple and descriptive. It was very straightforward.

We implemented it with our in-house team.

The in-house sales team said McAfee has the best ROI on the market.

You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points.