Trellix ESM Reviews

We use this solution to provide managed security services. We use loggers at the client site to generate logs for monitoring their devices. We handle the monitoring, administration, and troubleshooting of their endpoints.

For some customers, we manage everything, while for other customers we only monitor their critical devices.

We are using an on-premises deployment model.

This solution helps us to provide services for our clients and integrates well with their other technologies.

The most valuable features of this solution are the logging and the dashboards.

This solution integrates easily and very well with other technologies. We are creating custom connectors for some of the technologies that our customers are using.

We are having trouble migrating our data sources from version 10 to version 11.2. We cannot add new data sources to the most recent version.

I would like to see the Active Response function enhanced.

The stability of this solution is good. So far, we have not faced much downtime. The issues that we are currently experiencing, moving versions, did not happen the last time we upgraded. This is really the first trouble that we have had.

This solution is very scalable.

We have four or five customers that we are performing monitoring for. Their user-base varies, with some having fifty users and some having more than one thousand users.

We do plan to increase our usage and have had meetings with McAfee as a partner. We would be offering this solution exclusively to our clients. 

Technical support, as well as their online knowledge base, has helped us a lot. However, our current issue with respect to not being able to add new data sources was reported two weeks ago and it has not yet been resolved.

I think that technical support can be improved in terms of providing quicker resolutions to problems.

We did not previously offer a different solution to our customers. We are currently onboarding Splunk to work concurrently with this solution, but it depends on the customer. Splunk is a little bit expensive.

The initial setup of this solution is easy. There is no problem with it.

Our deployment took about one week. It involved upgrading to the new version and adding the data sources. Integration of the new devices was not complex.

Two people are required for the deployment, with one being from our side and one from the client's side.

We hired consultants to assist with our deployment. We have had a good experience with them and they are still supporting us to deal with any issues or errors.

The cost is dependent on the customer's environment and requirements.

We have experience using ArcSight, but it is very difficult when it comes to creating the connector to integrate with different technologies.

We spend time evaluating each customer's business model and offer them the appropriate solution.

From my perspective, for anyone with a small or medium-sized business, this is the best solution. It is easy to deploy and it is less, from a cost point of view, than others.

I would rate this solution a nine out of ten.

We use this solution to monitor everything in our hybrid-cloud environment. This includes IoT devices and a couple of data centers.

We are now able to completely monitor our environment so we can review what is there, which is a big win for us. This solution helps with the maturity of our environment.

Using the out-of-the-box rules has made our work more relaxing.

There are more than two hundred out-of-the-box rules.

We have been using the advanced correlation agent.

Technical support for this product could be improved.

I would like to see improvements to the user interface.

It would be helpful to have a diagram in the interface that shows the actions.

This is a very stable solution, although there are some bugs in the GUI.

This solution is very scalable from my perspective. We have around twenty-five users. We have level one users, which are operation analysts. We also have level two users, who take care of daily operations. Level two includes, for example, handling the rules on the creation of users. Everything is segregated. We also have a second engineer.  

We have had issues where we had to contact technical support. While they answered ok, the timing may have been a little slow.

We used another solution prior to this one.

The initial setup of this solution was very clear. We followed the instructions on the web page, and there were no problems. The deployment was really quick and completed within a couple of hours.

We performed the implementation ourselves.

We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees.

We evaluated several other options before choosing this one, including Elasticsearch.

I recommend trying this product. This is a quality solution at a fair price.

I would rate this solution an eight out of ten.

My primary use case for this solution is to secure the data on my laptop.

If I lost my computer somewhere then hopefully the software will protect my data from anyone.

The ability to secure my data is the most important feature.

It is easy to use. I just need to enter the username and the password and it protects my data.

I would like to see fingerprint recognition included in the next release of this solution.

I have not used technical support for the product.

My company did use another product previous to this one but I do not know why they switched.

The installation and setup of this solution is straightforward.

I handled the deployment myself.

This is a product that I would recommend to a colleague at another company.

I would rate this solution an eight out of ten.

The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it. It doesn't just stop everything but actually tells you there's a quarantine, that these files are in quarantine. You have to deal with them. That's good.

If you don't keep up with updates, they pop up until you actually do something. That's a good thing because we want protection.

There are a lot of things that could be part of future editions. One would be to speed up the scanning of email. As emails come in, it takes a lot of time to scan through them, whether you're on your computer or on your phone. If it were a little quicker doing that, that would be helpful. That's not a new feature but speed always counts.

The only issue I have with McAfee is the amount of computer resources that it takes. When you're running the program it really is heavy on the computer resources. It only impacts staff productivity when it's running the updates. However, it's definitely impacting some of the other applications that are running on a computer at the same time.

McAfee has been around for so long. It's a stable product. They've worked out a lot of glitches, a lot of bugs. There are always new bugs introduced with any product, but it's a stable product.

They do pretty well with scalability because McAfee has so many different solutions. There's a personal edition, then you have a small business edition, and there's an enterprise edition. It can be scaled, and I think they've done a good job.

The setup is pretty good. The only problem is when you're trying to remove a certain version It takes a long time because McAfee keeps a lot of files in the source, on the computer, so you really have to make sure that you delete everything when you're removing the software. When you install a different version of McAfee you need to make sure that you grab all the files and clean the computer out.

Using it, I haven't noticed any difference in the mean time it takes us to detect and respond to threats.

We've been happy with it so far. McAfee is a company whose products we've used quite a bit in the last 20 years so I'm familiar with them. McAfee is a very strong company; it's used around the world.

As a bank, we have different cases use cases that are typical for the industry.

On the security side, it reduces the time needed to make changes in case of an attack. We have to work on it in real time. If we didn't have the tool, the amount of time would be double or triple. The main reason we have it is that it makes it easier for the engineer who works on the site to realize what is happening. It helps with productivity.

McAfee has always been there for us and it helps with the maturity of our security program.

The most valuable feature is the capability to correlate different events from different platforms that we feed into it. It makes it easier to engineer the box on our side so that we can realize what is happening and do something about it. It gives us the tools to know what's happening and make a change in one of the downstream platforms to reject a connection or the like.

Although we're a South American bank, our products are pretty much the same as North American banks. The types of things they would install in North America are what we have here.

But there are some banking and transactional cases that are local, South American transactions. I would like to see them add features that can be used locally, to make those transactions more reliable.

The stability is really good.

The scalability depends on how much you want to pay for it. If I need a bigger solution, the vendor is going to be able to add more features to the machine, or even change it. It all depends on how much are you willing to spend.

For technical support, we work in two ways. We have a partner that is looking after the platform, and we have the vendor as well. If we have a problem with the partner, we can call McAfee. So overall, support is good.

They should double check what they are doing with customers. I have had some trouble trying improve the use case. I was hoping that they help me with that, show me the way.

The vendor, McAfee, works with a partner and the partner sells to us. We use a partner.

Our company looked at Splunk three years ago. Every couple of years we look around at what's in the market. For us, it's quite difficult to try other ones, because of the time and costs involved. That's why I'm not sure if McAfee is the best solution, but it's good enough for me.

We're always looking to make improvements and if the products we have are not good enough, or we see that another brand is making something better, we will migrate.

To make a decision you have to really know what your budget is, how much money you have to buy a solution, and what the main reason is that you are looking for a tool like this. You can always find something cheaper for a small company. Everyone has pretty much the same tools. But if you're going to play with the big ones, like McAfee, you have to be willing to spend a lot of money and, obviously, you'll get the service you need. You have to know your company, what your needs are, and then go shopping. Look around. It's important to look at the tools, how they are deployed in your architecture.

I would rate the solution at eight out of ten. It's good enough to do the things that we need done, but I'm not sure if it's the best in the market.

It has performed well and delivered the results that I have been looking for.

It does a good job for us.

• Ease of use.
• Quick training period.

I can't scale it.

I would like to see AI play a major role going forward.

It is a stable product.

I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore.

It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved.

I was not involved in the initial setup, but it was straightforward.

We are currently evaluating ArcSight and LogRhythm.

At the time we previously purchased McAfee, I had fewer requirements and it catered to my needs.

Most important criteria when selecting a vendor: support.

• To gain transparency into potential vulnerabilities within the network. 
• To monitor problems, e.g., failure to update packages within the back-end security environment.

It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints.

Ability to create own views. Statistical (normalised) views help to highlight inconsistencies, which may need further investigation

• Product currently requires Flash. 
• Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface.
• Some filters are still very low level "magic numbers", which do not make sense on the high level user interface. 
• We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioral analytics.

By having access protection in the policies on the machine, it helps in real-time behavior scenarios, where the policy captures stuff, quite a lot.

VirusScan Enterprise provides protection against real-time malware attacks. 

We use it for logging the network traffic, when required.

It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself.

There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee.

Also, there's no software support from McAfee.

It seems McAfee does not test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs.

After the upgrade, it is stable now. 

It has good scalability.

Tech support is not good. They don't respond to issues in a timely manner. We need to call up the account managers, and then the engineers will work on it.

We have to wait fairly long. Until we escalate the issue, the call will be still in the pending state, or the hold state.

We switched to them because of the pricing.

It is complex, not straightforward. 

For examples, concerning an upgrade, the pre-installer check provided to us before the upgrade was showing the result was "all requirements met." But when we ran the actual installation, it was different.

I would advise others, before upgrading, to make sure they know the product that they're upgrading to.

I would rate this product at six out of 10. To bring it to a 10, the most important thing is - given there are lot of bugs, and I understand that - there should be proper support from the vendor site.

It's SIEM. Obviously, normalization of data is the biggest factor.

We perform security event monitoring for over 700 individual servers, firewalls, and applications. It's not possible to monitor over 500 million events per day with SIEM.

McAfee is working on a newer ELS product for a faster search which will change everything about how a SIEM can perform.

I have been using this product for the past eight years.

Just like any other software/hardware platform, once in awhile we have issues with software bugs, but McAfee's support is good in helping to fix these issues in a timely manner.

Biggest benefit of McAfee SIEM is its easy scalability. It doesn't restrict you to a particular hardware or storage solution.

Mcafee's SIEM support team is very good.

I used ArcSight at a different job, but when we bought SIEM at my current job, it was NitroView. Later, McAfee acquired them.

It had a few hurdles initially, but in its current versions and offerings McAfee SIEM is sort of plug and play. It has so many offerings out-of-the-box.

McAfee's pricing is competitive in the industry and their licensing model is for hardware only.

We checked ArcSight, but their pricing was expensive.

McAfee ESM is the perfect SIEM tool, and it provides best results based on data intake and rule based configuration.

I would suggest users identify the data sources they want to interject into SIEM for monitoring, correlation, and work with the sales team to understand the total EPS and choose the right set of hardware, especially the ESM which will perform majority of work for your organization. With the right specs for hardware, it will help you achieve your goal.

The easy interface is the most valuable feature.

Through correlation rules, it finds malware that compromised the computer that anti-virus and other security solutions do not find.

I had a couple of problems collecting Windows events. The local plugin should be easier to use, because when ESM is collecting through the manager, many performance issues occur.

I have been using McAfee for over three years.

We did have stability issues, but they were resolved by McAfee support.

We have not had scalability issues.

I would give technical support a rating of 8/10.

I used different solutions, but for different clients.

This was the easiest initial setup that I have made.

The product is worth the price. There are other cheaper tools in the market, but it is harder to work with them.

We looked at HPE ArcSight, Splunk, RSA Analytics, and IBM QRadar.

Stay focused, read the documentation, plan it well, and the project will be a success.