Trellix ESM Reviews

I am working with something that is similar to Trellix ESM for event management. It is similar to Trellix Enterprise Security Manager.

Mainly compliance is the primary concern where organizations have to have log retention for more than six months, one year, or six years, depending on the compliance applicable to the organization for the Enterprise Security Manager. And Trellix gives us good reporting. 

The strongest part of Trellix ESM is that we get quite good reports, while the weakest point is it doesn't cover almost all the devices, so the customer has to be more dependent on the parsers to be written by the Professional Services team. In the case of other ESM solutions, there are no parsers required, and almost every device is covered within the license, so there is no hidden cost as custom parsers.

Functionality and installation of Trellix ESM has never been a challenge.

We need to improve Trellix ESM by making sure that most of the logging devices available in the global market should be covered, and if there is any device which is not covered, there should not be any additional charges for writing the custom parsers on that.

We can add some new features regarding AI in the future for Trellix ESM, but the maturity will take a longer time.

There are many false positives that happen in an environment during the first couple of months, or around six months, so the system analyst is not able to identify whether the event which has occurred is a true positive or a false positive.

With Trellix ESM, I have been using it from day one when the product was launched in India, which is more than 15 years.

For us, Trellix ESM is quite stable.

Scalability is quite easy with Trellix ESM. All we need to do is add more receivers to it, so it can go to any point.

When discussing Trellix ESM suitability for enterprise, commercial, and government sectors, it is quite good. For small and medium enterprises, we have a solution that is an all-in-one device for the ESM, however, the limitation is that it can take a very small number of EPS count, meaning it doesn't suit medium enterprises, and they will not invest in the enterprise type of solution.

I would rate support for Trellix ESM 10 out of 10 because if we connect with the support in the UK, we get excellent support. However, the problems arise if we connect into the India data centers where there are challenges and people are not well equipped with the support infrastructure required to support for the ESM solution.

Positive

I am familiar with other products from Trellix.

Maintenance of Trellix ESM is quite easy and it's not difficult to maintain.

When discussing Trellix ESM pricing and licensing, if you consider some premium product, the pricing also has to be premium, however, enterprise customers who look for a premium product, alongside the Gartner reporting, Forester reporting, and PeerSpot, they don't look at the pricing.

Regarding AI functionality, I have not seen any integrations in the Trellix ESM product.

I rate Trellix ESM 10 out of 10.

I use Trellix ESM to monitor inbound communication from known threat hosts and detect cyberattacks. It's also useful for outbound communication, but we block threat communication via a firewall.

The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick.

Trellix ESM provides situation awareness. On the dashboard, I can see outbound and inbound communications to known threat hosts, IPS/IDS activity, and threat intelligence of the perimeter defense in the firewall. This information helps preempt attacks.

The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases.

I have been working with the solution since 2016. 

I rate Trellix ESM's stability a ten out of ten. 

For scalability, I'd rate it ten out of ten. We did a study on events per second before implementation. About 15-20 users from our information security team use it, but we use built-in system users instead of Active Directory.

The tool's partner provides the first level of support. When our engineers are unable to resolve the issues, we send tickets directly. 

Positive

The initial setup is very simple and quick.

Our partner helped us with the implementation. 

Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar.

Compared to other solutions, Splunk Enterprise is currently the leader, according to Gartner. Overall, I'd rate Trellix ESM nine to ten out of ten. I can recommend it, but unfortunately, it's reached the end of support and life. We haven't integrated any AI tools with the solution.

My customer's usual use case for Trellix ESM involves one client, as most of the users have moved to ESM. Nowadays, they don't use IPS only, since McAfee IPS is standalone; they incorporate firewall and IPS on the same device, and we have two clients only.

They usually use ESM for their gateway.

The most valuable feature of Trellix ESM, for detecting, is that it detects malware and viruses, such as a particular virus that was critical in Kenya. We used ESM to detect and block that particular virus completely.

My impression on the real-time threat detection feature of Trellix ESM is that it's perfect. In terms of real-time, when you put it on inline, everything is supposed to pass by the ESM first and then go to the LAN, allowing the ESM to detect if it's a virus or a clean file.

Assessing the integration capabilities of Trellix ESM with existing security tools in my customers' environments, when you use a totally different solution, such as putting a firewall in front of an ESM, the firewall tries to detect any malicious file. After it has been quarantined or dropped by the firewall, if it doesn't recognize the file, it allows it, but with Trellix ESM, it will block that file if it's malicious or not recognized. Geo-fencing is also possible, allowing you to block traffic from specific regions such as China or Russia.

My impression on the reporting and compliance management capabilities of Trellix ESM is that when you integrate ESM and Trellix EPO, the reporting is perfect because you can see what you want and even refine and customize your reporting. For compliance, regarding standards such as PCI, it's something most banks are using, and it is working great for the two banks that are using Trellix ESM.

The customizable dashboards provided by Trellix ESM are indeed customizable, as there's an option to adjust them to fit your analysis. For example, if you want to check specific applications running in your environment, you can customize that view.

Areas of Trellix ESM that could be improved or enhanced include checking on the clients who are still on-prem, especially banks, as most are not moving everything to the cloud due to confidentiality and accessibility during network outages. They need to ensure that the service meets customer needs.

I have been working with Trellix ESM for 20 years, and I can even show you the first ESM I used to install.

I haven't faced any challenges during the initial setup.

I evaluate the overall stability of the solution as stable. I haven't had any issues, and I think it is a good solution.

I would evaluate the scalability of Trellix ESM by giving it a nine on a scale from one to ten. I rate it this way because when it is alone, there won't be any performance issues, as it relieves the burden on the firewall handling the APS, with most functions being managed by ESM.

My experience with the customer service and technical support of Trellix ESM is that since I've stayed with the product for long, I normally don't use support often. It's rare for me to need them unless it's an issue with licensing, and they are the best in that regard.

Positive

My usual experience with the initial setup and deployment of Trellix ESM is that most of the setup is automated and straightforward; it's not hard to deploy or configure.

The actions I usually need to perform to deploy Trellix ESM start with licensing. After that, everything is straightforward, and I can say it is a plug and play solution.

I am also a consultant for Trellix ESM. I usually work with the latest version. I find the hybrid deployment capability of Trellix ESM important for my customers, but I haven't used the hybrid one; we normally use the on-premise solution. I'm not knowledgeable about pricing because I'm just an engineer. I rate Trellix ESM a ten out of ten.

We use McAfee for security features.

The product’s most valuable feature is log monitoring.

The product’s alert response feature needs improvement. It could be more flexible and secure.

We have been using McAfee for five years. At present, we use the latest version.

It is a very stable product.

We have more than 1,000 McAfee users in our organization. It is a scalable product.

I contacted the technical support team regarding the audio system for McAfee. They haven’t responded to me yet. I resolved the problem myself.

We have used Norton before. McAfee has more secure features that suit our organization’s requirements.

The initial setup process is straightforward. The deployment time depends on the specific software. It takes approximately two or three hours to complete.

We check for licenses, system requirements, and network planning. Later, we choose the deployment method. It could be a manual deployment using McAfee policy or third-party deployment. Further, we create an installation package and conduct tests. After that, we configure monitoring and maintenance features. We require three to four technicians to execute the process.

We implement the product with the help of our in-house team.

It is an inexpensive product. We purchase its yearly license.

I recommend McAfee to others and rate it an eight out of ten.

We use the product to protect endpoint nodes.

The product works better than other vendors available in the market. It can be easily deployed with the other solutions.

Customized reports and alerting functionality could be included in the dashboard.

We have been using Trellix ESM for three to four years.

The product is stable at the moment.

The product shows visibility on the scale for a small setup of around 30 nodes in our organization.

The technical support services are complicated to access for the chat feature on the online portal. We could use the web interface to connect with them in case of unavailability of telephonic access.

The initial setup is easy, and two executives work on it. However, the complexity depends on the number of nodes. We encounter challenges related to ESM's interface. Its licensing model for allowing listing configurations needs enhancement as well. It is easy to maintain and can be managed by one executive.

The product is slightly expensive. They offer some discount on the purchase of a certain number of nodes. They should give some concession on the license renewal as well.

I recommend Trellix ESM and rate it an eight out of ten. It has good stability.

In my company, we don't use Trellix ESM in our environment because we are a small company, but we have implemented it for our customers.

My company's customers use Trellix ESM to monitor and report on servers in their environment. My company's customers also have some of the virtual machines in their environment, along with firewalls integrated into Trellix ESM.

The most valuable feature of the solution is that the integration is really easy. Using the product is very easy. The product is user-friendly, but its use needs to be planned.

The integration capabilities of Trellix ESM with SaaS solutions are an area of concern where improvements are needed. When you continue to add solutions from other vendors, you need to look at the list of vendors Trellix ESM covers, which consists of a lot of vendors. Trellix ESM can consider adding some products, given the different processes in different solutions and some of the products from certain vendors that may not be known in the market, to the list of tools Trellix allows for integration.

The product's stability is an area of concern where improvements are required.

I have experience with Trellix ESM. My company has a partnership with the product.

Stability-wise, I rate the solution a seven out of ten.

To be honest, there was one of the services in the product that used to run by itself, and Trellix had to keep it down.

Scalability-wise, I rate the solution an eight or nine out of ten.

Trellix ESM is used by teams involved in the monitoring of events. The number of people who manage the product depends on the office where the solution is used. Considering the use of data sources in the solution, I have seen around 100 people use Trellix ESM.

The solution's technical support is great. Once you open a ticket with Trellix's support team, they contact you, and you always stay in contact with them. Trellix's support team is available during working hours, but I have also contacted them outside of working hours for some important stuff.

I rate the technical support a nine or ten out of ten.

Positive

Though I haven't used other technologies besides Trellix ESM, I know about solutions like Splunk.

The product's initial setup phase is very easy.

The solution is deployed on an on-premises model.

Considering that you need to set up all the core machines to proceed with the product's setup phase, it may take more or less than an hour, after which, if there is any additional time requirement, then it depends on the configuration part of data sources. Some network configurations need to be carried out during the configuration process involving data sources. If everything goes smoothly, then the product's setup phase takes more or less two hours to be completed.

With Trellix ESM, you should initially go with the default configurations offered by the solution, after which you can use the documentation and other stuff provided by Trellix to help improve your knowledge about the product. The documentation provided by the product is really handy to use. A person needs to have an understanding of the technology to be able to customize the product so that they can fit it into their environment, which will allow Trellix to offer users its capabilities at 100 percent.

I rate the overall tool an eight out of ten.

The primary use case of the solution is central log management for the company. It allows us to see all the traffic coming in and going out to and from the internet. It provides various views from the firewall and web application firewall and event logs from the endpoint. The command view will tell us the current status of the threats from various threat sources. While the normalized view will give us correlated events from sources to destinations and related applications.

It provides threat monitoring from the Internet and if there is malicious activity on the end-point, the ESM can provide us what host is affected. 

Valuable features such as threat monitoring and threat feed from McAfee. It will automatically block the threats based on its threat severity. Alerts will be analyzed and hunted if there are occurrences on other hosts. Using McAfee SIEM, you may know if the technology controls implemented is working effectively since you will have a view on all mitigated threats from the firewalls as well as feed from end-point protection.

There are no areas to be improved as this solution is well thought of. However, any technology solution even it is well thought of, might not work effectively if the users will not know how to fully optimize its usage and functionality. Knowledge transfer will be great in the areas of administration and maintenance up to command line interface.

I have been using the solution for six years.

The solution is stable.

The solution is scalable.

Support tier one is handled locally. However, if there is a requirement on higher tier of support where the need to use command line of the hardware, ticket will be raised on McAfee Portal. 

Positive

All solutions pertaining to log management is ok. However, McAfee SIEM is cost effective in the areas of dash boarding because it is readily available as compared with others since you will be required to pay for it.

The initial setup is done by the system integrator. The initial setup of all log sources is straightforward as long as there is readily available connectors.

The solution has readily available dashboarding so after the log sources were configured, graphical representations of incidents were clearly depicted.

The implementation was through a vendor that is included with the purchase of the solution. They are experts on their field, so the initial setup is easy for as long as we provided what is required such as IP Addresses and power considerations where the hardware will be placed.

ROI may be correlated to the 5-year depreciation of the investment vs number of mitigated threats annually. If these threats will materialize, how much will be the impact to the company?

The licensing cost is based on EPS. Compared to other solutions I believe the cost is reasonable because it includes the dashboarding features that would normally need to be developed at additional costs.

Yes, we evaluated other solutions such as Splunk, QRadar, Logrhytm. 

I rate the solution ten out of ten.

Normally, when you set it up, you have to coordinate with the network administrator, system administrators, and database administrators, as well as tech support, because these administrators will be the point persons to configure respective log sources to the central log management (ERC of McAfee SIEM).

I recommend the solution because it has readily available dash boarding which is not available to other SIEM solutions.

McAfee ESM is used for my customers in the financial sector.

The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller.

I have been using McAfee ESM for approximately 15 years.

McAfee ESM is very good because we use a fast and powerful computer.

The scalability of McAfee ESM is good.

The support from McAfee ESM could improve. They could improve the speed.

I rate the support from McAfee ESM a four out of five.

Positive

The initial setup of McAfee ESM is straightforward. It took us approximately two days to complete the implementation.

I rate the initial setup of McAfee ESM a five out of five.

The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee.

I rate the price of McAfee ESM a three out of five.

I recommend this solution to others.

I rate McAfee ESM an eight out of ten.

McAfee ESM is utilized to gather logs from Microsoft Windows servers and Palo Alto firewalls.

The support I have received from the vendor has been great.

McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made.

We had to contact support to restart the services due to unexpected reboots of the underlying hardware as it is a virtual machine we are using.

I have been using McAfee ESM for approximately three months.

There have been instances where the system did not shut down properly due to power interruptions, requiring us to open a support ticket which involved a significant amount of work.

I rate the stability of McAfee ESM a two out of ten.

We have approximately 300 users using this solution in the financial industry.

The technical support from McAfee ESM is great. When we had issues they were about to fix them in a reasonable time frame.

I rate the support from McAfee ESM a nine out of ten.

Positive

Before using McAfee ESM, I employed IBM Security QRadar. Although it was not the most user-friendly platform, I was able to create a significantly higher number of correlation rules compared to what I can do in McAfee ESM.

When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive.

Based on what I've heard from others, LogRhythm offers numerous excellent features and I would suggest it as a preferable alternative to McAfee ESM.

I rate McAfee ESM a five out of ten.

We are using this solution primarily for SIEM logs.

The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it.

I have been using this solution for approximately six years.

The stability of this solution has been good.

We have never had an issue with the scalability of this solution.

The technical support could improve from McAfee.

The initial setup is difficult and could improve. 

We have four engineers that do the maintenance for this solution.

My advice to those wanting to implement this solution is to do a lot of training. I think every solution is complex until you are trained in it. It is best to have some sort of previous training before you start using it.

I rate McAfee ESM a five out of ten.