McAfee ESM, a cautionary tale
December 07, 2018
McAfee ESM, a cautionary tale

Score 5 out of 10
Vetted Review
Verified User
Overall Satisfaction with McAfee Enterprise Security Manager
McAfee Enterprise Security Manager (previously called Nitro) is used as an enterprise SIEM across multiple sites and domains. It collects system logs and system events for correlation and alerting. It's a hub for security operations.
Pros
- McAfee Enterprise Security Manager has a large library of pre-made correlations that reduces the amount of work needed to make it functional.
- This is a core McAfee product that is still getting support.
- It has a substantial amount of compatibility and integration with other products.
Cons
- The migration off of Flash has been painful. The new interface is very difficult to work with. Even support tends to fall back to the Flash version.
- The GUI is not intuitive under any version. Finding settings takes a significant amount of learning.
- While the product is supported, the transitions from various directions have left the future of the product in question. It used to be the interface for IDS, but the new IDS is stand alone.
- The way McAfee has dropped products with no warning in the past makes us skeptical of trusting any stated roadmap.
- For a tool that advertises how many correlations come out of the box, the selling point of easy administration is lost in the difficulty of administration.
- The value of the tool being a significant part of the McAfee portfolio is questionable when integrated products are dropped without warning.
- I would not put McAfee Enterprise Security Manager in a top three SIEM class, its more like a member of the top 10.
Splunk tends to be the top dog in the space. Everything is compatible and it's capable of anything. You just have to have the time and money to do the work. And if you have a large volume of logs (and who doesn't?), it's not cheap. McAfee Enterprise Security Manager's advantage is supposed to answer Spunk's weakness. You don't have to build everything from scratch. Out of the box, tools are supposed to make the tool valuable from day one. This is true, but, as always, take the sales pitch with a grain of salt. Get a live demo to see the navigation and interface. If your SOC is going to have to live with these screens day in and day out, make sure you're prepared.
Comments
Please log in to join the conversation