Trellix ESM Reviews

This is the first SIEM product that I have used. My impressions so far are that I like the vendor support from McAfee and the overall architecture looks simple.

I helped a client of ours implement and deploy it.

The product documentation is good, but could be better. Also a bug-free version would be nice as the version I worked on had a bug in the alarm system.

I've used it for five months.

We had bug alarm issues during deployment. The bug, I think, was part of the product.

We had no issues with the stability.

We have had no issues scaling it for our needs.

Customer service is very good.

Technical support is very good.

The initial setup was straightforward.

You will have a better implementation if you get support from the vendor.

Overall, it was expensive, as it has split components.

We have now started using ArcSigh as well. I don't have much experienced with it, but the overall architecture looks similar to McAfee.

The solution needs to improve case management. The UI is confusing. 

I rate the product's stability a five out of ten. It gets worse each year. 

I rate Trellix ESM's scalability a seven out of ten. 

I rate the tool's deployment an eight out of ten. The deployment is completed in two days. 

Trellix ESM's price is high. 

I rate the product a seven out of ten. 

It's SIEM. Obviously, normalization of data is the biggest factor.

We perform security event monitoring for over 700 individual servers, firewalls, and applications. It's not possible to monitor over 500 million events per day with SIEM.

McAfee is working on a newer ELS product for a faster search which will change everything about how a SIEM can perform.

I have been using this product for the past eight years.

Just like any other software/hardware platform, once in awhile we have issues with software bugs, but McAfee's support is good in helping to fix these issues in a timely manner.

Biggest benefit of McAfee SIEM is its easy scalability. It doesn't restrict you to a particular hardware or storage solution.

Mcafee's SIEM support team is very good.

I used ArcSight at a different job, but when we bought SIEM at my current job, it was NitroView. Later, McAfee acquired them.

It had a few hurdles initially, but in its current versions and offerings McAfee SIEM is sort of plug and play. It has so many offerings out-of-the-box.

McAfee's pricing is competitive in the industry and their licensing model is for hardware only.

We checked ArcSight, but their pricing was expensive.

McAfee ESM is the perfect SIEM tool, and it provides best results based on data intake and rule based configuration.

I would suggest users identify the data sources they want to interject into SIEM for monitoring, correlation, and work with the sales team to understand the total EPS and choose the right set of hardware, especially the ESM which will perform majority of work for your organization. With the right specs for hardware, it will help you achieve your goal.

Doing Incident analysis in my opinion with ESM is easier than other solutions. There are a lot of ways to build queries and a great filter engine; if you provide ESM with the Advanced Correlation Engine and Global Threat Intelligence you can raise your infrastructure to be a complete advanced SOC.

I work for a System Integrator.

I have almost no complaints with this solution because it's almost a complete solution, but I do hope to have more stability in the next upgrade and to have the interface re-engineered to be HTML5-based rather than Flash-based.

I'd also like some Splunk-like ELM (Log Manager) enterprise functions.

I've used it for three years, from versions 9.1 to 9.5

Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected deployment.

Yes, sometimes it seems that versions with major upgrades come with some bugs and regressions that affected stability.

It has scaled to our needs.

Customer service is very good and very professional.

Technical support is very good and very professional.

I also work with with RSA and McAfee SIEM solutions.

If you buy the all-in-one solution (Virtual or Hardware), the setup takes a couple of hours.

SIEM is not a Log Manager; ESM is meant for people who need advanced SOC functionality and not only to satisfy compliance rules.

We are using the solution for log analyzing endpoints and investigating all types of applications, files or network devices login collection.

McAfee as a whole is a good solution.

When it came to using the solution for a larger organization, we were faced with some troubles attempting to manage the GUI functionality. During some forensic investigations, some of the information was missing from the collected data. 

It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI. For Postgre databases, the solution did not collect a lot of information from it. It has some integration problem. Companies, therefore, have to invest twice for collecting logs rather than one SIEM.

I have been using the solution for two years.

The initial setup was a bit complex.

The local partner we had was not very experienced in implementing the solution. However, the solution was first implemented in our country.

It has performed well and delivered the results that I have been looking for.

It does a good job for us.

• Ease of use.
• Quick training period.

I can't scale it.

I would like to see AI play a major role going forward.

It is a stable product.

I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore.

It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved.

I was not involved in the initial setup, but it was straightforward.

We are currently evaluating ArcSight and LogRhythm.

At the time we previously purchased McAfee, I had fewer requirements and it catered to my needs.

Most important criteria when selecting a vendor: support.

My primary use case for this solution is to secure the data on my laptop.

If I lost my computer somewhere then hopefully the software will protect my data from anyone.

The ability to secure my data is the most important feature.

It is easy to use. I just need to enter the username and the password and it protects my data.

I would like to see fingerprint recognition included in the next release of this solution.

I have not used technical support for the product.

My company did use another product previous to this one but I do not know why they switched.

The installation and setup of this solution is straightforward.

I handled the deployment myself.

This is a product that I would recommend to a colleague at another company.

I would rate this solution an eight out of ten.

We use McAfee ESM for IT operations and a few security-related things. 

It is easy to use and deploy. It comes with user-friendly manuals.

McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support.

It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better.

I have been using McAfee ESM for maybe the last six years. 

It has very good stability.

So far, we haven't tried scaling. Because it is on-premises, it is almost a setup environment. We don't do any major changes on the same site because it is quite critical and gets alerts. We don't want to mess up with our configuration.

They take a long time, and the technical person who comes from support doesn't seem to be knowledgeable. When something goes wrong on the hardware or the application side, or we need some technical support in filling up use cases, it takes a long time.

We always struggle to get proper support from their technical support team. It seems that there is only one person who is handling the Middle East technical support, and when we don't get that person, we struggle a lot.

The initial setup was straightforward. There were no complications in its deployment.

Its deployment was done by an engineer in our company. 

We are a security team of five members. Whoever a ticket is assigned to handles the cases.

The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it.

We are quite happy with the product and its stability, but the problem is the lack of support, which is one of the major issues that we are facing. I really look forward to them providing proper technical support.

I would rate McAfee ESM a seven out of ten.