Trellix ESM Reviews

The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use.

It's easy to create reports for compliance and for detecting different kinds of attacks and breaches through correlations. This makes the client devices to be more secure.

The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use.

I've used it for two-and-a-half years.

The disk space sizing is very hard and when the version was updated to 9.4 the space needed to store events was cut by half, making it harder to explain to clients who now needed twice as much disk space, with no explanation from the vendor what happened. This was not even in the release notes.

I suggest that you configure the data archive prior to deployment because once the partition is detached, it will be deleted and you can lose a weeks-worth of events. You don't know when it will be deleted because even with a lot of space disk the partition is detached.

There have been no issues with the stability.

There have been no issues scaling.

I give customer service a 7 out of 10.

I give technical support a 7 out of 10.

We used HP ArcSight, IBM Q1 Labs, Splunk, and we chose McAfee Enterprise Security Manager because it’s very easy to deploy.

The initial setup is simple and descriptive. It was very straightforward.

We implemented it with our in-house team.

The in-house sales team said McAfee has the best ROI on the market.

You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points.

• To gain transparency into potential vulnerabilities within the network. 
• To monitor problems, e.g., failure to update packages within the back-end security environment.

It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints.

Ability to create own views. Statistical (normalised) views help to highlight inconsistencies, which may need further investigation

• Product currently requires Flash. 
• Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface.
• Some filters are still very low level "magic numbers", which do not make sense on the high level user interface. 
• We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioral analytics.

The easy interface is the most valuable feature.

Through correlation rules, it finds malware that compromised the computer that anti-virus and other security solutions do not find.

I had a couple of problems collecting Windows events. The local plugin should be easier to use, because when ESM is collecting through the manager, many performance issues occur.

I have been using McAfee for over three years.

We did have stability issues, but they were resolved by McAfee support.

We have not had scalability issues.

I would give technical support a rating of 8/10.

I used different solutions, but for different clients.

This was the easiest initial setup that I have made.

The product is worth the price. There are other cheaper tools in the market, but it is harder to work with them.

We looked at HPE ArcSight, Splunk, RSA Analytics, and IBM QRadar.

Stay focused, read the documentation, plan it well, and the project will be a success.

We use this solution for correlation, alerting, and log management.

We are integrators.

I like the ease of deployment.

I would like to see good analytics in future releases.

McAfee has many issues with integration. I am looking for an end-to-end integration such as EDR, and Next-Generation SOC 2.0. 

I have been working with McAfee ESM for 20 years.

We are looking for horizontal and verticle expansion. McAfee has issues with scalability. Other ESM solutions, don't have the same issues.

We have not contacted technical support in quite some time. We had issues with the parsing.

The deployment is easy, but because it is a hybrid deployment which makes it complex. It is partly in the cloud and partly an on-premises deployment. The device will have to access the cloud and on-premises data.

We have an internal team to maintain this solution.

The pricing is fair.

I would recommend this solution to others who are interested in using it.

I would rate McAfee ESM a five out of ten.