This is the first SIEM product that I have used. My impressions so far are that I like the vendor support from McAfee and the overall architecture looks simple.
Systems-Engineer at a tech services company with 10,001+ employees
I like the vendor support from McAfee and the overall architecture looks simple. The version I worked on had a bug in the alarm system.
What is most valuable?
How has it helped my organization?
I helped a client of ours implement and deploy it.
What needs improvement?
The product documentation is good, but could be better. Also a bug-free version would be nice as the version I worked on had a bug in the alarm system.
For how long have I used the solution?
I've used it for five months.
Buyer's Guide
Trellix ESM
October 2024
Learn what your peers think about Trellix ESM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
What was my experience with deployment of the solution?
We had bug alarm issues during deployment. The bug, I think, was part of the product.
What do I think about the stability of the solution?
We had no issues with the stability.
What do I think about the scalability of the solution?
We have had no issues scaling it for our needs.
How are customer service and support?
Customer Service:
Customer service is very good.
Technical Support:Technical support is very good.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
You will have a better implementation if you get support from the vendor.
What's my experience with pricing, setup cost, and licensing?
Overall, it was expensive, as it has split components.
Which other solutions did I evaluate?
We have now started using ArcSigh as well. I don't have much experienced with it, but the overall architecture looks similar to McAfee.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Technology Security Engineer at a tech consulting company with 1-10 employees
Comes with a confusing UI and pricing is expensive
Pros and Cons
- "I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
- "The solution needs to improve case management. The UI is confusing."
What needs improvement?
The solution needs to improve case management. The UI is confusing.
What do I think about the stability of the solution?
I rate the product's stability a five out of ten. It gets worse each year.
What do I think about the scalability of the solution?
I rate Trellix ESM's scalability a seven out of ten.
How was the initial setup?
I rate the tool's deployment an eight out of ten. The deployment is completed in two days.
What's my experience with pricing, setup cost, and licensing?
Trellix ESM's price is high.
What other advice do I have?
I rate the product a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Trellix ESM
October 2024
Learn what your peers think about Trellix ESM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Threat Intelligence Engineer (Security Engineering Team) at a government with 10,001+ employees
Biggest benefit is its easy scalability. It doesn't restrict you to a particular hardware or storage solution.
What is most valuable?
It's SIEM. Obviously, normalization of data is the biggest factor.
How has it helped my organization?
We perform security event monitoring for over 700 individual servers, firewalls, and applications. It's not possible to monitor over 500 million events per day with SIEM.
What needs improvement?
McAfee is working on a newer ELS product for a faster search which will change everything about how a SIEM can perform.
For how long have I used the solution?
I have been using this product for the past eight years.
What do I think about the stability of the solution?
Just like any other software/hardware platform, once in awhile we have issues with software bugs, but McAfee's support is good in helping to fix these issues in a timely manner.
What do I think about the scalability of the solution?
Biggest benefit of McAfee SIEM is its easy scalability. It doesn't restrict you to a particular hardware or storage solution.
How are customer service and technical support?
Mcafee's SIEM support team is very good.
Which solution did I use previously and why did I switch?
I used ArcSight at a different job, but when we bought SIEM at my current job, it was NitroView. Later, McAfee acquired them.
How was the initial setup?
It had a few hurdles initially, but in its current versions and offerings McAfee SIEM is sort of plug and play. It has so many offerings out-of-the-box.
What's my experience with pricing, setup cost, and licensing?
McAfee's pricing is competitive in the industry and their licensing model is for hardware only.
Which other solutions did I evaluate?
We checked ArcSight, but their pricing was expensive.
What other advice do I have?
McAfee ESM is the perfect SIEM tool, and it provides best results based on data intake and rule based configuration.
I would suggest users identify the data sources they want to interject into SIEM for monitoring, correlation, and work with the sales team to understand the total EPS and choose the right set of hardware, especially the ESM which will perform majority of work for your organization. With the right specs for hardware, it will help you achieve your goal.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Consultant, Presale and System Engineer at a tech services company with 501-1,000 employees
If you provide it with the Advanced Correlation Engine and Global Threat Intelligence, you can raise your infrastructure to be a complete advanced SOC.
What is most valuable?
Doing Incident analysis in my opinion with ESM is easier than other solutions. There are a lot of ways to build queries and a great filter engine; if you provide ESM with the Advanced Correlation Engine and Global Threat Intelligence you can raise your infrastructure to be a complete advanced SOC.
How has it helped my organization?
I work for a System Integrator.
What needs improvement?
I have almost no complaints with this solution because it's almost a complete solution, but I do hope to have more stability in the next upgrade and to have the interface re-engineered to be HTML5-based rather than Flash-based.
I'd also like some Splunk-like ELM (Log Manager) enterprise functions.
For how long have I used the solution?
I've used it for three years, from versions 9.1 to 9.5
What was my experience with deployment of the solution?
Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected deployment.
What do I think about the stability of the solution?
Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected stability.
What do I think about the scalability of the solution?
It has scaled to our needs.
How are customer service and technical support?
Customer Service:
Customer service is very good and very professional.
Technical Support:Technical support is very good and very professional.
Which solution did I use previously and why did I switch?
I also work with with RSA and McAfee SIEM solutions.
How was the initial setup?
If you buy the all-in-one solution (Virtual or Hardware), the setup takes a couple of hours.
What's my experience with pricing, setup cost, and licensing?
SIEM is not a Log Manager; ESM is meant for people who need advanced SOC functionality and not only to satisfy compliance rules.
Disclosure: My company has a business relationship with this vendor other than being a customer: We're a partner.
Assistant Vice President at a financial services firm with 1,001-5,000 employees
Good overall but complex setup and integration needs improvement
Pros and Cons
- "McAfee as a whole is a good solution."
- "It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
What is our primary use case?
We are using the solution for log analyzing endpoints and investigating all types of applications, files or network devices login collection.
What is most valuable?
McAfee as a whole is a good solution.
What needs improvement?
When it came to using the solution for a larger organization, we were faced with some troubles attempting to manage the GUI functionality. During some forensic investigations, some of the information was missing from the collected data.
It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI. For Postgre databases, the solution did not collect a lot of information from it. It has some integration problem. Companies, therefore, have to invest twice for collecting logs rather than one SIEM.
For how long have I used the solution?
I have been using the solution for two years.
How was the initial setup?
The initial setup was a bit complex.
What about the implementation team?
The local partner we had was not very experienced in implementing the solution. However, the solution was first implemented in our country.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at a tech services company with 10,001+ employees
It has good technical support, but I can't scale it
Pros and Cons
- "It has performed well and delivered the results that I have been looking for."
- "It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."
- "I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
What is our primary use case?
It has performed well and delivered the results that I have been looking for.
How has it helped my organization?
It does a good job for us.
What is most valuable?
- Ease of use.
- Quick training period.
What needs improvement?
I can't scale it.
I would like to see AI play a major role going forward.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
It is a stable product.
What do I think about the scalability of the solution?
I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore.
How is customer service and technical support?
It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved.
How was the initial setup?
I was not involved in the initial setup, but it was straightforward.
Which other solutions did I evaluate?
We are currently evaluating ArcSight and LogRhythm.
At the time we previously purchased McAfee, I had fewer requirements and it catered to my needs.
What other advice do I have?
Most important criteria when selecting a vendor: support.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Business System Analyst at a consultancy with 5,001-10,000 employees
An easy way to protect my privacy if I lose my computer
Pros and Cons
- "It is easy to use."
- "I would like to see fingerprint recognition included in the next release of this solution."
What is our primary use case?
My primary use case for this solution is to secure the data on my laptop.
How has it helped my organization?
If I lost my computer somewhere then hopefully the software will protect my data from anyone.
What is most valuable?
The ability to secure my data is the most important feature.
It is easy to use. I just need to enter the username and the password and it protects my data.
What needs improvement?
I would like to see fingerprint recognition included in the next release of this solution.
How are customer service and technical support?
I have not used technical support for the product.
Which solution did I use previously and why did I switch?
My company did use another product previous to this one but I do not know why they switched.
How was the initial setup?
The installation and setup of this solution is straightforward.
What about the implementation team?
I handled the deployment myself.
What other advice do I have?
This is a product that I would recommend to a colleague at another company.
I would rate this solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Officer at a tech services company with 51-200 employees
It is easy to use and deploy, but it lacks proper support
Pros and Cons
- "It is easy to use and deploy. It comes with user-friendly manuals."
- "McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."
What is our primary use case?
We use McAfee ESM for IT operations and a few security-related things.
What is most valuable?
It is easy to use and deploy. It comes with user-friendly manuals.
What needs improvement?
McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support.
It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better.
For how long have I used the solution?
I have been using McAfee ESM for maybe the last six years.
What do I think about the stability of the solution?
It has very good stability.
What do I think about the scalability of the solution?
So far, we haven't tried scaling. Because it is on-premises, it is almost a setup environment. We don't do any major changes on the same site because it is quite critical and gets alerts. We don't want to mess up with our configuration.
How are customer service and technical support?
They take a long time, and the technical person who comes from support doesn't seem to be knowledgeable. When something goes wrong on the hardware or the application side, or we need some technical support in filling up use cases, it takes a long time.
We always struggle to get proper support from their technical support team. It seems that there is only one person who is handling the Middle East technical support, and when we don't get that person, we struggle a lot.
How was the initial setup?
The initial setup was straightforward. There were no complications in its deployment.
What about the implementation team?
Its deployment was done by an engineer in our company.
We are a security team of five members. Whoever a ticket is assigned to handles the cases.
What's my experience with pricing, setup cost, and licensing?
The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it.
What other advice do I have?
We are quite happy with the product and its stability, but the problem is the lack of support, which is one of the major issues that we are facing. I really look forward to them providing proper technical support.
I would rate McAfee ESM a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Trellix ESM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
SentinelOne Singularity Complete
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
AWS Security Hub
LogRhythm SIEM
Rapid7 InsightIDR
Fortinet FortiSIEM
Cybereason Endpoint Detection & Response
USM Anywhere
Exabeam
ManageEngine EventLog Analyzer
ArcSight Enterprise Security Manager (ESM)
Buyer's Guide
Download our free Trellix ESM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?