We use McAfee ESM for log storage and audit purposes. Security is the base reason, and we do build content for them.
The most valuable feature in ESM is its search and reporting feature. It's really nice.
Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved.
In general, every SIEM product has that sort of glitch, some partial development. It's like the enrichment of logging level understanding for a SIEM. More enrichment leads to more understanding and use case improvement. That's the gap there, and you will have technical issues already there with all of the products. They keep on fixing that. It's not a problem. They are fast on that point.
I would like to have some sort of automation module and some sort of SOAR module in the next release.
I have used McAfee ESM over the last 12 months.
Stability is good. I can say that because of the way their reporting is running right now. The reporting, dashboard, or their use cases are running in the field of security in the scope of data centers. In the scope of data centers, they're very stable. There isn't a problem with that.
Scalability is good. You can increase their EPS module as EPS is about events per second. The cost goes to the customer if it wants to charge them. It's very scalable. At any point in time, you can scale it up, and you can scale it down. That's not a problem.
The tech support is great. The engineering team helped us well at one point, and they're very good.
The initial setup is straightforward. SIEM isn't a single module component. They have different modules, like the receiver and the console, and the two modules switch. Right now, we have a complex module, and it's compatible. It's not a worry to implement it.
When it comes to infrastructure deployment, it won't take more than two weeks. The first stage would be procuring the software. If you want to deploy it in your own mediums, or if you want to bring in your own box, it could take a few more days. But once the software and the license are there in your hands, it doesn't take more than a week to get it implemented.
The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended.
I would tell potential customers that ESM has a feature called all in one box. If a customer is full-fledged on an in-house data center model and has extensive products running on Windows, Linux, and Cisco and it's all sitting on-premises, this is a great option to work with all of them. They have a good set of use cases, reports, and dashboards prebuilt.
Right now, people are migrating to different solutions, and security generation is growing very vast, and it's going a step ahead. Everything is coming to the cloud. Everything is fast, and everything is a hybrid network. Because of COVID, everyone is working from home, everyone is accessing data with their own internet line, and everyone is outside the network.
McAfee will fall back a little in this scenario because the cloud integrations aren't extensively available. In this data center, most of the customers will fall back from ESM. They will come and withdraw their existing accounts, and they might move to different SIEM solutions. This is how it could be in the future. If the existing integrations come with the upgrade and if they're able to upgrade, then they might stick back with ESM.
On a scale from one to ten, I would give McAfee ESM a six.