Trellix ESM Reviews

• To gain transparency into potential vulnerabilities within the network. 
• To monitor problems, e.g., failure to update packages within the back-end security environment.

It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints.

Ability to create own views. Statistical (normalised) views help to highlight inconsistencies, which may need further investigation

• Product currently requires Flash. 
• Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface.
• Some filters are still very low level "magic numbers", which do not make sense on the high level user interface. 
• We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioral analytics.

The easy interface is the most valuable feature.

Through correlation rules, it finds malware that compromised the computer that anti-virus and other security solutions do not find.

I had a couple of problems collecting Windows events. The local plugin should be easier to use, because when ESM is collecting through the manager, many performance issues occur.

I have been using McAfee for over three years.

We did have stability issues, but they were resolved by McAfee support.

We have not had scalability issues.

I would give technical support a rating of 8/10.

I used different solutions, but for different clients.

This was the easiest initial setup that I have made.

The product is worth the price. There are other cheaper tools in the market, but it is harder to work with them.

We looked at HPE ArcSight, Splunk, RSA Analytics, and IBM QRadar.

Stay focused, read the documentation, plan it well, and the project will be a success.