What is our primary use case?
I have experience using this product. However, I haven't used it specifically since I moved to the Azure team. The reason is that when it was on desktops or on-premises servers, we used it to help customers.
For example, let's say their SQL Server was running and suddenly crashed. We would collect a memory dump and see that the McAfee driver was causing an unexpected integration check. So, we'd discuss with the McAfee team to see if the driver is signed and compatible with that specific system offering and if it's tested with the latest hotfixes we release.
We'd also check for any potential bugs in the antivirus filter drivers. That's how our relationship works with these antivirus vendor teams.
How has it helped my organization?
With antivirus products, it depends on the features available. Does it protect the hypervisor and the Hyper-V VMs? Do we need to install agents in the VMs, or will the entire solution manage the VMs itself? Depending on that, we configure it and even help the customer accordingly.
Moreover, real-time threat intelligence and adaptive capabilities benefit our organization.
For example, if someone is trying to access our server with stolen credentials. So, as far as the sign-in logging is enabled and analyzed by the threat intelligence, it will identify that. It will recognize the pattern of the requests.
So, it may try multiple times within a specific timeframe. It can discern the behavior of the user request and create an alert indicating there is a possibility of a credential test and generate an alert.
The system can identify the pattern. It identifies a pattern of a person, the request, where it's coming from, and what location. Is it a blocked IP address if the request is coming from there? Or is it a suspected IP address range the request is coming from? The sign-in request is just one example. There can be any other kind of request.
So, there may be many patterns that it will identify, assess, and decide on whether it is a critical, medium, or low critical event. Based on that, the event management by the threat intelligence is automated. The human is not involved there. The engine itself makes those decisions by assessing the data, the pattern, the behavior, the location, and all those parameters.
What is most valuable?
Threat detection and prevention are the most significant features. It covers most of the data collected by sending it to McAfee by looking at the behavioral analysis, vulnerabilities, and such, and then it assesses the data with the threat intelligence in their analytical engine.
Based on that, it makes decisions by either creating an incident, resolving it automatically, or providing an option to respond based on the requirement, etcetera. These are the very basic operational functionalities common across all antivirus or security applications, whether it's Trend Micro, Check Point, or McAfee.
What needs improvement?
I'd prefer more frequent updates.
For how long have I used the solution?
For us, McAfee is a third-party vendor service.
What do I think about the stability of the solution?
It should definitely be stable. Since McAfee provides an enterprise security solution, I'm pretty sure it is stable. I'm not aware of any significant issues, bugs, or other concerns with McAfee, but I am confident that it is a stable product.
What do I think about the scalability of the solution?
With McAfee endpoint security, when you install it on a server, you can create a scalable solution with multiple instances. That is a very basic configuration requirement, and I'm pretty sure McAfee supports this.
How are customer service and support?
The customer service and support are very helpful.
Which solution did I use previously and why did I switch?
We switched to Azure Defender. It's constantly being updated. It's just a superior framework.
If I use Azure Sentinel, which is a centralized SIEM solution, and a client is using McAfee as their antivirus solution, I would use a connector for McAfee in Sentinel. This allows me to connect to that McAfee client and collect all the data McAfee has gathered from vulnerability and risk assessments.
Then, I can perform further analysis of this data using my threat intelligence. McAfee may already have very good decision-making capabilities, but if you have a separate centralized SIEM solution, McAfee can be integrated into that by using the connector to the McAfee client.
Currently, we use Microsoft Defender as our security solution.
How was the initial setup?
Understanding the core functionalities of a security framework is key – regardless of the vendor. You need to know where the vulnerabilities and risks are, what data needs monitoring, and how threat intelligence is used for decision-making. So these core aspects, the framework itself, really don't differ much between McAfee, Symantec, or Azure Defender.
What's my experience with pricing, setup cost, and licensing?
The licensing depends on the number of devices secured by this product. Or it can be user-based or device-based.
What other advice do I have?
Overall, I would rate the solution a seven out of ten. I would definitely recommend McAfee itself. Every enterprise security solution is up to date with the latest threats, so there wouldn't be major challenges between McAfee, Symantec, or any of them in that regard.
However, my overall recommendation depends on their specific requirements. If you're looking for a specific solution like a firewall or a web application firewall (WAF) specifically, then my suggestion might change. It would depend on where you're planning to configure it - Azure, GCP, on-premises, etc.
For example, if their applications are running on Azure and need a WAF, I would suggest Azure WAF instead of a third-party service like McAfee. But if it's on-premises or another cloud platform, then it depends on the available services. In that case, McAfee might be a good suggestion.
Whether it's McAfee, running on-premises, or Azure Defender for your Azure VMs, it will impact resource utilization. The impact depends on the specific security measurements you're looking for.
For example, in Azure, Azure Defender is already available and very user-friendly. You just enable it, and it takes care of everything. If McAfee has a similar service available in the marketplace, then I could recommend McAfee as well.
*Disclosure: I am a real user, and this review is based on my own experience and opinions.
