McAfee ESM, a cautionary tale
December 07, 2018

McAfee ESM, a cautionary tale

Anonymous | TrustRadius Reviewer
Score 5 out of 10
Vetted Review
Verified User

Overall Satisfaction with McAfee Enterprise Security Manager

McAfee Enterprise Security Manager (previously called Nitro) is used as an enterprise SIEM across multiple sites and domains. It collects system logs and system events for correlation and alerting. It's a hub for security operations.
  • McAfee Enterprise Security Manager has a large library of pre-made correlations that reduces the amount of work needed to make it functional.
  • This is a core McAfee product that is still getting support.
  • It has a substantial amount of compatibility and integration with other products.
  • The migration off of Flash has been painful. The new interface is very difficult to work with. Even support tends to fall back to the Flash version.
  • The GUI is not intuitive under any version. Finding settings takes a significant amount of learning.
  • While the product is supported, the transitions from various directions have left the future of the product in question. It used to be the interface for IDS, but the new IDS is stand alone.
  • The way McAfee has dropped products with no warning in the past makes us skeptical of trusting any stated roadmap.
  • For a tool that advertises how many correlations come out of the box, the selling point of easy administration is lost in the difficulty of administration.
  • The value of the tool being a significant part of the McAfee portfolio is questionable when integrated products are dropped without warning.
  • I would not put McAfee Enterprise Security Manager in a top three SIEM class, its more like a member of the top 10.
Splunk tends to be the top dog in the space. Everything is compatible and it's capable of anything. You just have to have the time and money to do the work. And if you have a large volume of logs (and who doesn't?), it's not cheap. McAfee Enterprise Security Manager's advantage is supposed to answer Spunk's weakness. You don't have to build everything from scratch. Out of the box, tools are supposed to make the tool valuable from day one. This is true, but, as always, take the sales pitch with a grain of salt. Get a live demo to see the navigation and interface. If your SOC is going to have to live with these screens day in and day out, make sure you're prepared.
I would make a cautionary recommendation. If you're heavily invested in a McAfee product line, the McAfee Enterprise Security Manager is a natural fit and you probably already understand the risk of working with them. If you are greenfield looking for a SIEM, I would advise documenting your use cases very well, because you may find yourself doing a new implementation down the road.

McAfee Enterprise Security Manager Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
Host and network-based intrusion detection