Try our new research platform with insights from 80,000+ expert users
CEO at Inteligencia
Real User
Quarantines suspect files without stopping everything else
Pros and Cons
  • "The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
  • "The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."

What is most valuable?

The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it. It doesn't just stop everything but actually tells you there's a quarantine, that these files are in quarantine. You have to deal with them. That's good.

If you don't keep up with updates, they pop up until you actually do something. That's a good thing because we want protection.

What needs improvement?

There are a lot of things that could be part of future editions. One would be to speed up the scanning of email. As emails come in, it takes a lot of time to scan through them, whether you're on your computer or on your phone. If it were a little quicker doing that, that would be helpful. That's not a new feature but speed always counts.

The only issue I have with McAfee is the amount of computer resources that it takes. When you're running the program it really is heavy on the computer resources. It only impacts staff productivity when it's running the updates. However, it's definitely impacting some of the other applications that are running on a computer at the same time.

What do I think about the stability of the solution?

McAfee has been around for so long. It's a stable product. They've worked out a lot of glitches, a lot of bugs. There are always new bugs introduced with any product, but it's a stable product.

What do I think about the scalability of the solution?

They do pretty well with scalability because McAfee has so many different solutions. There's a personal edition, then you have a small business edition, and there's an enterprise edition. It can be scaled, and I think they've done a good job.

Buyer's Guide
Trellix ESM
October 2024
Learn what your peers think about Trellix ESM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.

How was the initial setup?

The setup is pretty good. The only problem is when you're trying to remove a certain version It takes a long time because McAfee keeps a lot of files in the source, on the computer, so you really have to make sure that you delete everything when you're removing the software. When you install a different version of McAfee you need to make sure that you grab all the files and clean the computer out.

What other advice do I have?

Using it, I haven't noticed any difference in the mean time it takes us to detect and respond to threats.

We've been happy with it so far. McAfee is a company whose products we've used quite a bit in the last 20 years so I'm familiar with them. McAfee is a very strong company; it's used around the world.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Senior Security Specialist at a manufacturing company with 10,001+ employees
Real User
Easy to implement and user-friendly with an easy notification system, but needs better performance, better threat intelligence, and advanced features
Pros and Cons
  • "It is user-friendly. The notification part of McAfee ESM is very easy."
  • "It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

What is our primary use case?

We use it for malware detection and authentication or login failures.

How has it helped my organization?

It hasn't been helpful. McAfee is not investing much in this solution to improve it. It cannot cope with the advanced feature that we require, and that's the reason why we are migrating to a new solution.

What is most valuable?

It is user-friendly. The notification part of McAfee ESM is very easy. 

What needs improvement?

It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM.

The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console.

They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee.

For how long have I used the solution?

I have been using this solution for more than six years.

How are customer service and technical support?

Sometimes, they have been helpful, and sometimes, they drag their feet, and it takes days to fix an issue.

Which solution did I use previously and why did I switch?

I have worked on Splunk.

How was the initial setup?

It is easy to implement and not complex. It can be done in a week if the information is ready. Its integration, however, can take a long time depending on the requirements.

What's my experience with pricing, setup cost, and licensing?

McAfee is the right choice for a low-budget solution.

What other advice do I have?

It is suitable for a medium-sized company but not for a big company. A medium-sized company that has less than a thousand data sources and doesn't need to correlate different use cases with different scenarios can go for McAfee because it is user-friendly and doesn't require many skills. McAfee will also be the right choice for a low-budget solution.

We are almost done with using this solution, and we are not going to use McAfee going forward. McAfee ESM is not able to cope with the advanced features. An army cannot do anything without good weapons in hand, and that's the issue with McAfee. They do not have good weapons to investigate.

McAfee ESM is no longer a leader in the Gartner Magic Quadrant. They should improve its performance and invest more in new features. After that, they will come back to the top position.

I would rate McAfee ESM a five out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Trellix ESM
October 2024
Learn what your peers think about Trellix ESM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
IT Security Lead at a tech services company with 10,001+ employees
Real User
Leaderboard
Adaptive protection learns for itself, but it seems McAfee does not test its product before releasing
Pros and Cons
  • "It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
  • "There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
  • "It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
  • "There's no software support from McAfee."

How has it helped my organization?

By having access protection in the policies on the machine, it helps in real-time behavior scenarios, where the policy captures stuff, quite a lot.

What is most valuable?

VirusScan Enterprise provides protection against real-time malware attacks. 

We use it for logging the network traffic, when required.

It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself.

What needs improvement?

There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee.

Also, there's no software support from McAfee.

It seems McAfee does not test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

After the upgrade, it is stable now. 

What do I think about the scalability of the solution?

It has good scalability.

How are customer service and technical support?

Tech support is not good. They don't respond to issues in a timely manner. We need to call up the account managers, and then the engineers will work on it.

We have to wait fairly long. Until we escalate the issue, the call will be still in the pending state, or the hold state.

Which solution did I use previously and why did I switch?

We switched to them because of the pricing.

How was the initial setup?

It is complex, not straightforward. 

For examples, concerning an upgrade, the pre-installer check provided to us before the upgrade was showing the result was "all requirements met." But when we ran the actual installation, it was different.

What other advice do I have?

I would advise others, before upgrading, to make sure they know the product that they're upgrading to.

I would rate this product at six out of 10. To bring it to a 10, the most important thing is - given there are lot of bugs, and I understand that - there should be proper support from the vendor site.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chetankumar Savalagimath - PeerSpot reviewer
Delivery Manager at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
A security information and event management solution with a useful search and reporting feature, but cloud integration could be better
Pros and Cons
  • "The most valuable feature in ESM is its search and reporting feature. It's really nice."
  • "Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."

What is our primary use case?

We use McAfee ESM for log storage and audit purposes. Security is the base reason, and we do build content for them.

What is most valuable?

The most valuable feature in ESM is its search and reporting feature. It's really nice.

What needs improvement?

Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved.

In general, every SIEM product has that sort of glitch, some partial development. It's like the enrichment of logging level understanding for a SIEM. More enrichment leads to more understanding and use case improvement. That's the gap there, and you will have technical issues already there with all of the products. They keep on fixing that. It's not a problem. They are fast on that point.

I would like to have some sort of automation module and some sort of SOAR module in the next release. 

For how long have I used the solution?

I have used McAfee ESM over the last 12 months.

What do I think about the stability of the solution?

Stability is good. I can say that because of the way their reporting is running right now. The reporting, dashboard, or their use cases are running in the field of security in the scope of data centers. In the scope of data centers, they're very stable. There isn't a problem with that.

What do I think about the scalability of the solution?

Scalability is good. You can increase their EPS module as EPS is about events per second. The cost goes to the customer if it wants to charge them. It's very scalable. At any point in time, you can scale it up, and you can scale it down. That's not a problem. 

How are customer service and technical support?

The tech support is great. The engineering team helped us well at one point, and they're very good.

How was the initial setup?

The initial setup is straightforward. SIEM isn't a single module component. They have different modules, like the receiver and the console, and the two modules switch. Right now, we have a complex module, and it's compatible. It's not a worry to implement it. 

When it comes to infrastructure deployment, it won't take more than two weeks. The first stage would be procuring the software. If you want to deploy it in your own mediums, or if you want to bring in your own box, it could take a few more days. But once the software and the license are there in your hands, it doesn't take more than a week to get it implemented.

What's my experience with pricing, setup cost, and licensing?

The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended.

What other advice do I have?

I would tell potential customers that ESM has a feature called all in one box. If a customer is full-fledged on an in-house data center model and has extensive products running on Windows, Linux, and Cisco and it's all sitting on-premises, this is a great option to work with all of them. They have a good set of use cases, reports, and dashboards prebuilt.

Right now, people are migrating to different solutions, and security generation is growing very vast, and it's going a step ahead. Everything is coming to the cloud. Everything is fast, and everything is a hybrid network. Because of COVID, everyone is working from home, everyone is accessing data with their own internet line, and everyone is outside the network.

McAfee will fall back a little in this scenario because the cloud integrations aren't extensively available. In this data center, most of the customers will fall back from ESM. They will come and withdraw their existing accounts, and they might move to different SIEM solutions. This is how it could be in the future. If the existing integrations come with the upgrade and if they're able to upgrade, then they might stick back with ESM.

On a scale from one to ten, I would give McAfee ESM a six.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Operations Manager at a aerospace/defense firm with 5,001-10,000 employees
Real User
Excellent security features with 100% stability and good scalability capabilities
Pros and Cons
  • "The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
  • "The user interface could be more user-friendly."

What is most valuable?

The security can't be compromised. The security features on offer are the most valuable feature and are why it's really worth having as a product like this in our organization.

What needs improvement?

The user interface could be more user-friendly.

Technical support could be improved.

For how long have I used the solution?

I've been using the solution for two or three years.

What do I think about the stability of the solution?

The solution is 100% stable. We really have had a great time working with it. It hasn't let us down.

What do I think about the scalability of the solution?

We've been satisfied with the level of scalability the solution offers us.

How are customer service and technical support?

We've had some issues in the past and have had their Pakistani representative here. We've also communicated with foreign branches of technical support. The solution offers okay assistance. It's not a mature solution like Fortinet or Watchguard, but it's still providing okay service. I'd say the help we've received is largely mixed. It's been 50/50 in terms of resolving our issues.

What's my experience with pricing, setup cost, and licensing?

It's a fairly low-cost solution, so the pricing is pretty good.

What other advice do I have?

I'd rate the solution eight out of ten. If it was more user-friendly, I'd mark it higher. Right now, technical people working on the solution don't understand what it is are trying to communicate in its tabs. As a company, you need to have a certified or experienced McAfee engineer there or on staff to guide you.

I'd recommend the product, however. It's a nice, robust product.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user1033191 - PeerSpot reviewer
Security Product Manager at a financial services firm with 5,001-10,000 employees
Real User
Correlates events from various platforms and reduces our response time in case of attack
Pros and Cons
  • "The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
  • "There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."

What is our primary use case?

As a bank, we have different cases use cases that are typical for the industry.

How has it helped my organization?

On the security side, it reduces the time needed to make changes in case of an attack. We have to work on it in real time. If we didn't have the tool, the amount of time would be double or triple. The main reason we have it is that it makes it easier for the engineer who works on the site to realize what is happening. It helps with productivity.

McAfee has always been there for us and it helps with the maturity of our security program.

What is most valuable?

The most valuable feature is the capability to correlate different events from different platforms that we feed into it. It makes it easier to engineer the box on our side so that we can realize what is happening and do something about it. It gives us the tools to know what's happening and make a change in one of the downstream platforms to reject a connection or the like.

What needs improvement?

Although we're a South American bank, our products are pretty much the same as North American banks. The types of things they would install in North America are what we have here.

But there are some banking and transactional cases that are local, South American transactions. I would like to see them add features that can be used locally, to make those transactions more reliable.

What do I think about the stability of the solution?

The stability is really good.

What do I think about the scalability of the solution?

The scalability depends on how much you want to pay for it. If I need a bigger solution, the vendor is going to be able to add more features to the machine, or even change it. It all depends on how much are you willing to spend.

How are customer service and technical support?

For technical support, we work in two ways. We have a partner that is looking after the platform, and we have the vendor as well. If we have a problem with the partner, we can call McAfee. So overall, support is good.

They should double check what they are doing with customers. I have had some trouble trying improve the use case. I was hoping that they help me with that, show me the way.

What about the implementation team?

The vendor, McAfee, works with a partner and the partner sells to us. We use a partner.

Which other solutions did I evaluate?

Our company looked at Splunk three years ago. Every couple of years we look around at what's in the market. For us, it's quite difficult to try other ones, because of the time and costs involved. That's why I'm not sure if McAfee is the best solution, but it's good enough for me.

We're always looking to make improvements and if the products we have are not good enough, or we see that another brand is making something better, we will migrate.

What other advice do I have?

To make a decision you have to really know what your budget is, how much money you have to buy a solution, and what the main reason is that you are looking for a tool like this. You can always find something cheaper for a small company. Everyone has pretty much the same tools. But if you're going to play with the big ones, like McAfee, you have to be willing to spend a lot of money and, obviously, you'll get the service you need. You have to know your company, what your needs are, and then go shopping. Look around. It's important to look at the tools, how they are deployed in your architecture.

I would rate the solution at eight out of ten. It's good enough to do the things that we need done, but I'm not sure if it's the best in the market.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Real User
One of the biggest strengths of Nitro is the underlying database but stability has been a problem.

At Infosecnirvana, we have quite a number of posts dedicated to SIEM. We have done a detailed comparison of SIEM products in a post titled – SIEM Comparison along with providing a detailed check list for SIEM evaluation. We have also posted about SIEM products from time to time as reflected by our post on IBM QRadar and ArcSight. Following up with those posts, this blog is our take on McAfee Nitro SIEM. So let’s get started

Introduction:

McAfee in 2011 purchased Nitro Security to enter into the SIEM space and subsequently were taken up by Intel. This period of 2011 actually saw a few things happen in the SIEM market space. This included HP buying ArcSight, IBM buying QRadar and McAfee buying Nitro etc. etc. Each of those SIEM products have taken a different route over the last 3 years. Nitro security was one of those niche players in the market which had an IPS portfolio as well a SIEM portfolio, remnants of which still linger in the overall McAfee ESM product suite. The McAfee ESM product suite is basically a combination of a few components like:

  • ESM - Enterprise Security Management, which serves as the Management Interface for all SIEM components, Reporting engine capable of generating compliance and policy reports.
  • ACE - Advanced Correlation Engine which is interesting a dedicated engine to perform Risk Based (rules based) Correlation, Historical Correlation, Asset Based Risk Scoring and Custom risk scoring based on combinations of fields.
  • DBM - Database Monitor. One of the products McAfee has as standalone for Database Log Generation, Session Auditing etc, is called the DBM. This is a Database IPS kinda product that monitors network traffic via SPAN, port mirror or taps and does not create any impact on database. So for all the legacy databases that don’t have Audit trail enabled or the auditing is not detailed enough, DBM is the perfect fit. Apart from the monitoring audit trail of all transactions from login to log-off including all session queries and commands, it also provides Auto discovery of database instances including unauthorized or rouge databases. The DBM comes in both a network sensor as well as a host agent footprint.
  • ADM - Application Data Monitor. This is again a Application IPS kinda product capable of performing Layer 7 Protocol detection, Full meta-data collection, traffic monitoring via SPAN, port mirror or taps. Full session data capture and visibility into all application traffic is also provided by this sensor along with Advanced Threat detection capabilities. Again, it can be deployed as a sensor or a host agent.
  • ELM - Enterprise Log Manager. This is akin to any log management solution in SIEM and provides Log storage both Local and Network based.
  • Receivers - These are nothing but Parsers, Netflow Collectors, VMWare Collectors and anything that is able to parse and normalize logs.

Strong points for Nitro SIEM:

After careful evaluation of Nitro SIEM, we would like to highlight these few points as the core Strength of Nitro SIEM:

  1. Architecture: One of the reasons for Nitro SIEM’s popularity is the Architectural flexibility. As a Security administrator, you can pick and chose how you want to architect your solution. If you want to be as modular as possible, then all the above mentioned components can be deployed standalone and integrated using the ESM (Remember EPO architecture for McAfee Endpoint solutions!!!). Say you prefer a smaller footprint, then you can build something called “Combo Boxes” which as the name mentions combines several components in a single box. This helps administrators starved of resources or budget to effectively deploy Nitro SIEM.
  2. Powerful Data Management: One of the biggest strengths of Nitro is the underlying Database – The SAGE DB aka NitroEDB (Nitro Embedded Database) developed by Idaho National labs (the founder of Nitro was a researcher there). NitroEDB is a relational database that supports huge volume, VLDB applications as well as extremely fast in-memory processing. This is the core reason why Nitro SIEM is able to have a High Ingest Rates and extremely fast query speed. This is a killer benefit compared to the other products like ArcSight with its below par implementation of MySQL and PostgreSQL and IBM QRadar with its proprietary EDB (updated based on comments from JC). Splunk is the closest in competition to Nitro with its GFS like implementation.
  3. High Ingest Rates: As mentioned above, NitroEDB enables SIEM to have a high event ingestion rates @ 300K EPS. We don’t think any SIEM in the market today scales up to this number. ArcSight SIEM is the closest with a 100K maximum with its Logger platform and a pure play Syslog-NG server can do 300K EPS.
  4. Network Based Threat Detection: As with QRadar Intelligence Platform, the Nitro platform also uses Network Packet Analysis for DBM and ADM (as mentioned in the components) to perform Database monitoring and Application monitoring. Both QRadar and Nitro are comparable in the Application monitoring space but when it comes to Database Monitoring, Nitro wins it hands down. ArcSight and the others are poor in this space, something they will have to start looking at.
  5. Database Monitoring: As mentioned above, the DBM is the stand out as it provides excellent auditing capabilities for DB auditing and log collection. This is irrespective of DB version, OS, Auditing capability etc. The monitoring can be done off-box using a sensor in the network or using an agent. Again, this is one of the differentiators compared to ArcSight or QRadar as both of them rely only on JDBC connectivity to pull audit logs (provided Auditing is enabled on DB)
  6. Historical Correlation: Nitro has the ability to perform historical correlation better than the others in the market. One of the reasons for that is the capability to run complex queries and computations (for risk score correlation) against a large data set. This is primarily attributed to the NitroEDB as mentioned above which is really powerful in terms of query performance. QRadar and ArcSight are not as good at historical correlation and pale in comparison with NitroEDB performance for historical queries. Splunk is better at historical queries, but correlation is not as mature in Splunk as the others.
  7. SCADA Device Support: Apart from ArcSight, arguably the only other product in today’s market that has extensive support for SCADA is Nitro SIEM. This is definitely useful in penetrating the Utilities industry, Manufacturing industry etc. and is one of the key differentiators compared to the others.

Weak points for Nitro SIEM:

  1. Stability: In our testing and real-life deployments, one of the recurring problems we have faced with Nitro SIEM is stability. It is rare to have all the components working without issues at any given point in time. One of the reasons for this we think is the integration tier that has to interact with the various components to perform Security monitoring. There are just too many points of failure and troubleshooting is a nightmare. This is essential in organizations where in-house monitoring is performed. In case of outsourcing, even though this is still an issue, the risk is transferred to the outsourced vendor. Hopefully, McAfee realizes this and fixes these teething issues of stability in future releases.
  2. Correlation: Even though Risk based correlation is a great value add in Nitro, the overall capabilities fall short when compared with the others in the market. We might be a bit biased with this piece as we always compare Correlation capabilities of any SIEM tools we evaluate against HP ArcSight. In our opinion, ArcSight Correlation is by far the best in the industry and no product can match it in terms of flexibility, power of customization and advanced computing. That said, Nitro does compete hard and we would definitely be keen to see them take the Risk/Rules based correlation to the next level.
  3. Event Parsing & Custom Event Support: Even though the support for Events generated by Third Party vendors is excellent, we feel that more devices and vendors can be supported as does ArcSight. However, custom parsers or receivers are not intuitive to create in Nitro SIEM as with QRadar. Nitro is not as good as the Super-Easy QRadar Custom Mapping feature or Splunk with its Field Extraction where it’s a breeze to develop any custom connector. Nitro, thus has some room for improvement in this area.
  4. User Interface: Although the UI reminds you of all things McAfee (EPO, NSM etc), we feel that a flash driven UI is not the best for SIEM. This is not to take away anything from the capabilities of the product in terms of data presentation, but Flash driven UI proves to be a dampener on the overall experience. As a general opinion, we are keen to see anything other than a Java or Flash UI because we feel that both of them are the most vulnerable software out there and both are clunky when it comes to event analysis, visualization etc. This is where we feel QRadar has a refreshing interface. It does use Java for some parts of the console, but otherwise, the Browser console is so light and so simple that working with QRadar is a delight. Even Splunk has a wonderful UI and is really easy to use compared to ArcSight and Nitro which feel clunky and heavy.

Conclusion:

Overall, McAfee Nitro SIEM is a very good product that scales up against the Industry leaders – ArcSight and QRadar toe to toe. However, as with all acquisitions, they have a few chinks to work out before they truly are ready to lead the pack. Gartner ratings, if anything to go by, consistently rate McAfee in the leaders quadrant but they have been in the 3rd position for quite some time now. With HP ArcSight not doing anything new in the last two releases, QRadar is the only competitor to look forth and emulate. Hope McAfee rises above the competition with a more stable and mature SIEM product thereby shaking the Industry up.

So that’s it folks. Feel free to comment on what you feel about McAfee Nitro SIEM and what its benefits and weakness are.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cyber Security Consultant at a computer software company with 51-200 employees
Consultant
Helpful dashboards for log monitoring, and integrates well with other technologies
Pros and Cons
  • "This solution integrates easily and very well with other technologies."
  • "We cannot add new data sources to the most recent version."

What is our primary use case?

We use this solution to provide managed security services. We use loggers at the client site to generate logs for monitoring their devices. We handle the monitoring, administration, and troubleshooting of their endpoints.

For some customers, we manage everything, while for other customers we only monitor their critical devices.

We are using an on-premises deployment model.

How has it helped my organization?

This solution helps us to provide services for our clients and integrates well with their other technologies.

What is most valuable?

The most valuable features of this solution are the logging and the dashboards.

This solution integrates easily and very well with other technologies. We are creating custom connectors for some of the technologies that our customers are using.

What needs improvement?

We are having trouble migrating our data sources from version 10 to version 11.2. We cannot add new data sources to the most recent version.

I would like to see the Active Response function enhanced.

For how long have I used the solution?

I have been using this solution for about eighteen months.

What do I think about the stability of the solution?

The stability of this solution is good. So far, we have not faced much downtime. The issues that we are currently experiencing, moving versions, did not happen the last time we upgraded. This is really the first trouble that we have had.

What do I think about the scalability of the solution?

This solution is very scalable.

We have four or five customers that we are performing monitoring for. Their user-base varies, with some having fifty users and some having more than one thousand users.

We do plan to increase our usage and have had meetings with McAfee as a partner. We would be offering this solution exclusively to our clients. 

How are customer service and technical support?

Technical support, as well as their online knowledge base, has helped us a lot. However, our current issue with respect to not being able to add new data sources was reported two weeks ago and it has not yet been resolved.

I think that technical support can be improved in terms of providing quicker resolutions to problems.

Which solution did I use previously and why did I switch?

We did not previously offer a different solution to our customers. We are currently onboarding Splunk to work concurrently with this solution, but it depends on the customer. Splunk is a little bit expensive.

How was the initial setup?

The initial setup of this solution is easy. There is no problem with it.

Our deployment took about one week. It involved upgrading to the new version and adding the data sources. Integration of the new devices was not complex.

Two people are required for the deployment, with one being from our side and one from the client's side.

What about the implementation team?

We hired consultants to assist with our deployment. We have had a good experience with them and they are still supporting us to deal with any issues or errors.

What's my experience with pricing, setup cost, and licensing?

The cost is dependent on the customer's environment and requirements.

Which other solutions did I evaluate?

We have experience using ArcSight, but it is very difficult when it comes to creating the connector to integrate with different technologies.

We spend time evaluating each customer's business model and offer them the appropriate solution.

What other advice do I have?

From my perspective, for anyone with a small or medium-sized business, this is the best solution. It is easy to deploy and it is less, from a cost point of view, than others.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Download our free Trellix ESM Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Trellix ESM Report and get advice and tips from experienced pros sharing their opinions.