Overall Satisfaction with McAfee Enterprise Security Manager
McAfee Enterprise Security Manager is used not only for its log collection capabilities but also for its advanced threat intelligence. We are using the product as part of moving into Intel's complete suite of products, where appliance integration will bring a commonality to our incident capabilities and help with faster response times and visibility.
- Advanced Threat intelligence gives us the ability to prioritise alerts quickly and efficiently.
- SIEM log collection allows us to integrate our other Intel products to a centralised point.
- Physical appliances is one of the areas we have moved away from, so the ability for ESM to be available as a VDI was key.
- If there is a requirement to integrate into other vendor products i.e. (log sharing) then this was very cumbersome.
- Integration of vulnerability scanning that is available in other vendor products would be a good addition.
- When integrating all of Intel's products a third party consultancy is usually required, where other vendor products can be configured without this additional cost.
- Centralisation of events form NIDS/IPS/IDS, Firewall(s), Web Proxy and Endpoint
- Ability to have third party management
- Actively upgraded product with good vendor support
We looked at a few products, these were AlienVault, ESM, LogRhythm and Alert Logic.
ESM at the time had more functionality and a friendlier and cleaner user interface than LogRhythm
ESM had an ability to integrate easily into Intel's endpoint solution versus AlienVault where a parser would have to be written, though AlienVault's inclusion of vulnerability management and IDS made it stand out from some of the others.
ESM had a better correlation engine and log drill through than Alert Logic, and in our scenario we were not looking for a hosted solution at the time.
ESM has a good network of partners and in the event a managed service is required the transition to this is made very easily.
Trellix Enterprise Security Manager Feature Ratings
Evaluating McAfee Enterprise Security Manager and Competitors
- Product Features
- Product Usability
- Existing Relationship with the Vendor
The feature set was important along with usability, but the integration with our other Intel products was a key purchasing decision
If we had to evaluate again, we would look more closely at what are we trying to achieve and does it make sense to keep some of the other products we already have. A key element is to have a completely integrated suite of products all working in unison, and though this can be achieved by having a multi-vendor environment it is never as clean as a single vendor solution. Also we would look at the outsourcing of certain IT security functions, in the case of SIEM solutions it can make more sense to have this activity outsourced where the third party has a larger scope and more realtime experience of event s that are happening to other clients and can then apply the incident response to all of their customers.