TrustRadius
McAfee Enterprise Security Manager is security information and event management (SIEM) software, from McAfee / Intel Security.https://media.trustradius.com/product-logos/S8/xI/CJEBPRPLFXA2.jpegManage you eventsMcAfee Enterprise Security Manager is a powerful SIEM that offers us the comfort of being in compliance with international standards in the domain of information security and helps us to assure security. Correlation of different events from different platforms is very useful and necessary. The integration with another software from McAfee is also very good (EPO, DLP).,Integration with other software Log sources integration Very user friendly interface Real-time monitoring,Pre-defined reports The system requirements are quite demanding No other tool issue or operational issue was identified,10,Improve security Prevent incidents and attacks Reduce the security and continuity risks Correct and independent management information,IBM QRadar,DenyAll Vulnerability Manager, FortiSIEM, Google AnalyticsBest SIEMMcAfee Enterprise Security Manager is easy to use and to maintain, with great results. We use this SIEM because it offers threat intelligence correlation, analytics, profiling, security alerts, data presentation and compliance. Good integration with log sources, inclusive with other McAfee tools. It is easy to monitor security events and identify incidents and cyber attacks.,Identify brute force attaks Anomalous traffic detection Faster ingestion and query performance Can collect large volumes of events,Operating in all bowsers Documentation detailation Simplify the process of creation core relation rules,10,Identify attack Investigate incidents Be in compliance with international standards Inform manangement about security level,,Google Analytics, FortiDDoS, Rapid7 NexposeMcAfee ESM, a cautionary taleMcAfee Enterprise Security Manager (previously called Nitro) is used as an enterprise SIEM across multiple sites and domains. It collects system logs and system events for correlation and alerting. It's a hub for security operations.,McAfee Enterprise Security Manager has a large library of pre-made correlations that reduces the amount of work needed to make it functional. This is a core McAfee product that is still getting support. It has a substantial amount of compatibility and integration with other products.,The migration off of Flash has been painful. The new interface is very difficult to work with. Even support tends to fall back to the Flash version. The GUI is not intuitive under any version. Finding settings takes a significant amount of learning. While the product is supported, the transitions from various directions have left the future of the product in question. It used to be the interface for IDS, but the new IDS is stand alone. The way McAfee has dropped products with no warning in the past makes us skeptical of trusting any stated roadmap.,5,For a tool that advertises how many correlations come out of the box, the selling point of easy administration is lost in the difficulty of administration. The value of the tool being a significant part of the McAfee portfolio is questionable when integrated products are dropped without warning. I would not put McAfee Enterprise Security Manager in a top three SIEM class, its more like a member of the top 10.,SIEM causing Anger then use Enterprise Security ManagerMcAfee Enterprise Security Manager is used not only for its log collection capabilities but also for its advanced threat intelligence. We are using the product as part of moving into Intel's complete suite of products, where appliance integration will bring a commonality to our incident capabilities and help with faster response times and visibility.,Advanced Threat intelligence gives us the ability to prioritise alerts quickly and efficiently. SIEM log collection allows us to integrate our other Intel products to a centralised point. Physical appliances is one of the areas we have moved away from, so the ability for ESM to be available as a VDI was key.,If there is a requirement to integrate into other vendor products i.e. (log sharing) then this was very cumbersome. Integration of vulnerability scanning that is available in other vendor products would be a good addition. When integrating all of Intel's products a third party consultancy is usually required, where other vendor products can be configured without this additional cost.,8,Centralisation of events form NIDS/IPS/IDS, Firewall(s), Web Proxy and Endpoint Ability to have third party management Actively upgraded product with good vendor support,,AlienVault USM, McAfee Endpoint Protection Suite, Microsoft Office 365, IBM Cognos, Zscaler Web Security,No,Product Features Product Usability Existing Relationship with the Vendor,If we had to evaluate again, we would look more closely at what are we trying to achieve and does it make sense to keep some of the other products we already have. A key element is to have a completely integrated suite of products all working in unison, and though this can be achieved by having a multi-vendor environment it is never as clean as a single vendor solution. Also we would look at the outsourcing of certain IT security functions, in the case of SIEM solutions it can make more sense to have this activity outsourced where the third party has a larger scope and more realtime experience of event s that are happening to other clients and can then apply the incident response to all of their customers.ESM is great, McAfee AV, not so muchMcAfee Enterprise Security Manager was used to deploy full disk encryption to sensitive end points, manage the HIPS, and end point security across the enterprise of 5000 + endpoints.,It is a great central management tool with great reports and dashboards. It can easily show devices out of compliance. ESM is easy to manage and maintain.,Some tools it manages lack features. ESM can have some issues with upgrading. MFA support is needed.,7,McAfee Antivirus is not a leader in the field and I don't recommend this product. HIPS and Encryption are easy to manage. Great tool for enterprise deployments.,,Palo Alto Networks WildFire, HP Arcsight
Unspecified
McAfee Enterprise Security Manager
27 Ratings
Score 7.9 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

McAfee Enterprise Security Manager Reviews

McAfee Enterprise Security Manager
27 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 7.9 out of 101

Do you work for this company? Manage this listing

Show Filters 
Hide Filters 
Filter 27 vetted McAfee Enterprise Security Manager reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-5 of 5)

Do you use this product? Write a Review
Neil Johnson profile photo
May 29, 2019

Manage you events

Score 10 out of 10
Vetted Review
Verified User
Review Source
McAfee Enterprise Security Manager is a powerful SIEM that offers us the comfort of being in compliance with international standards in the domain of information security and helps us to assure security. Correlation of different events from different platforms is very useful and necessary. The integration with another software from McAfee is also very good (EPO, DLP).
  • Integration with other software
  • Log sources integration
  • Very user friendly interface
  • Real-time monitoring
  • Pre-defined reports
  • The system requirements are quite demanding
  • No other tool issue or operational issue was identified
Collect valuable data from hundreds of types of devices. Events correlation and offenses work very well. Notification in case of an incident also works perfectly. The configuration is easy to customize. With the Content Packs (plugins) the system is flexible for new questions or new situations. Helps in improving visibility of threat actors and helps in further prevention.
Read Neil Johnson's full review
No photo available
May 23, 2019

Best SIEM

Score 10 out of 10
Vetted Review
Verified User
Review Source
McAfee Enterprise Security Manager is easy to use and to maintain, with great results. We use this SIEM because it offers threat intelligence correlation, analytics, profiling, security alerts, data presentation and compliance. Good integration with log sources, inclusive with other McAfee tools. It is easy to monitor security events and identify incidents and cyber attacks.
  • Identify brute force attaks
  • Anomalous traffic detection
  • Faster ingestion and query performance
  • Can collect large volumes of events
  • Operating in all bowsers
  • Documentation detailation
  • Simplify the process of creation core relation rules
The solution offers a lot of features. Great threat categorization and classification. Collect very quick a large volumes of events. Working in cluster is very useful. Data source onboarding reduces the time required to configure new data sources. Support includes professional services and training. Good performance and redundancy. High level of security.
Read this authenticated review
No photo available
December 07, 2018

McAfee ESM, a cautionary tale

Score 5 out of 10
Vetted Review
Verified User
Review Source
McAfee Enterprise Security Manager (previously called Nitro) is used as an enterprise SIEM across multiple sites and domains. It collects system logs and system events for correlation and alerting. It's a hub for security operations.
  • McAfee Enterprise Security Manager has a large library of pre-made correlations that reduces the amount of work needed to make it functional.
  • This is a core McAfee product that is still getting support.
  • It has a substantial amount of compatibility and integration with other products.
  • The migration off of Flash has been painful. The new interface is very difficult to work with. Even support tends to fall back to the Flash version.
  • The GUI is not intuitive under any version. Finding settings takes a significant amount of learning.
  • While the product is supported, the transitions from various directions have left the future of the product in question. It used to be the interface for IDS, but the new IDS is stand alone.
  • The way McAfee has dropped products with no warning in the past makes us skeptical of trusting any stated roadmap.
I would make a cautionary recommendation. If you're heavily invested in a McAfee product line, the McAfee Enterprise Security Manager is a natural fit and you probably already understand the risk of working with them. If you are greenfield looking for a SIEM, I would advise documenting your use cases very well, because you may find yourself doing a new implementation down the road.
Read this authenticated review
Philip Clarke profile photo
April 20, 2017

SIEM causing Anger then use Enterprise Security Manager

Score 8 out of 10
Vetted Review
Verified User
Review Source
McAfee Enterprise Security Manager is used not only for its log collection capabilities but also for its advanced threat intelligence. We are using the product as part of moving into Intel's complete suite of products, where appliance integration will bring a commonality to our incident capabilities and help with faster response times and visibility.
  • Advanced Threat intelligence gives us the ability to prioritise alerts quickly and efficiently.
  • SIEM log collection allows us to integrate our other Intel products to a centralised point.
  • Physical appliances is one of the areas we have moved away from, so the ability for ESM to be available as a VDI was key.
  • If there is a requirement to integrate into other vendor products i.e. (log sharing) then this was very cumbersome.
  • Integration of vulnerability scanning that is available in other vendor products would be a good addition.
  • When integrating all of Intel's products a third party consultancy is usually required, where other vendor products can be configured without this additional cost.

McAfee Enterprise Security Manager is well placed when the environment has other Intel products. We operate McAfee Move and the two products work extremely well together. The anti-virus product can be very cumbersome if used with another SIEM solution when log collecting.

We have other areas where intel solutions are not in use and in these circumstances we used another well-known SIEM solution that had an easier implementation phase than Intel's and where remote access was challenging.

Read Philip Clarke's full review
Alex Waitkus, CISSP-ISSAP, OSCP profile photo
April 12, 2017

ESM is great, McAfee AV, not so much

Score 7 out of 10
Vetted Review
Verified User
Review Source
McAfee Enterprise Security Manager was used to deploy full disk encryption to sensitive end points, manage the HIPS, and end point security across the enterprise of 5000 + endpoints.
  • It is a great central management tool with great reports and dashboards.
  • It can easily show devices out of compliance.
  • ESM is easy to manage and maintain.
  • Some tools it manages lack features.
  • ESM can have some issues with upgrading.
  • MFA support is needed.
It is great for deploying and managing enterprise endpoint protection; McAfee Antivirus is still not a leader.
Read Alex Waitkus, CISSP-ISSAP, OSCP's full review

McAfee Enterprise Security Manager Scorecard Summary

Feature Scorecard Summary

Centralized event and log data collection (5)
9.7
Correlation (5)
9.6
Event and log normalization (5)
9.0
Deployment flexibility (5)
7.7
Integration with Identity and Access Management Tools (4)
9.9
Custom dashboards and views (5)
7.7
Host and network-based intrusion detection (4)
8.7

About McAfee Enterprise Security Manager

McAfee Enterprise Security Manager is security information and event management (SIEM) software, from McAfee / Intel Security.

McAfee Enterprise Security Manager Technical Details

Operating Systems: Unspecified
Mobile Application:No