The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use.
Information Security Analyst at a tech services company with 501-1,000 employees
The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available.
Pros and Cons
- "The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
- "The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
What is most valuable?
How has it helped my organization?
It's easy to create reports for compliance and for detecting different kinds of attacks and breaches through correlations. This makes the client devices to be more secure.
What needs improvement?
The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use.
For how long have I used the solution?
I've used it for two-and-a-half years.
Buyer's Guide
Trellix ESM
October 2024
Learn what your peers think about Trellix ESM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
What was my experience with deployment of the solution?
The disk space sizing is very hard and when the version was updated to 9.4 the space needed to store events was cut by half, making it harder to explain to clients who now needed twice as much disk space, with no explanation from the vendor what happened. This was not even in the release notes.
I suggest that you configure the data archive prior to deployment because once the partition is detached, it will be deleted and you can lose a weeks-worth of events. You don't know when it will be deleted because even with a lot of space disk the partition is detached.
What do I think about the stability of the solution?
There have been no issues with the stability.
What do I think about the scalability of the solution?
There have been no issues scaling.
How are customer service and support?
Customer Service:
I give customer service a 7 out of 10.
Technical Support:I give technical support a 7 out of 10.
Which solution did I use previously and why did I switch?
We used HP ArcSight, IBM Q1 Labs, Splunk, and we chose McAfee Enterprise Security Manager because it’s very easy to deploy.
How was the initial setup?
The initial setup is simple and descriptive. It was very straightforward.
What about the implementation team?
We implemented it with our in-house team.
What was our ROI?
The in-house sales team said McAfee has the best ROI on the market.
What's my experience with pricing, setup cost, and licensing?
You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points.
What other advice do I have?
Disclosure: My company has a business relationship with this vendor other than being a customer: We're partners.
IT Security Analyst at Ingenium Group
A good central viewpoint for issues, but it requires Flash
Pros and Cons
- "It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
- "Product currently requires Flash."
- "Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
- "We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
What is our primary use case?
- To gain transparency into potential vulnerabilities within the network.
- To monitor problems, e.g., failure to update packages within the back-end security environment.
How has it helped my organization?
It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints.
What is most valuable?
Ability to create own views. Statistical (normalised) views help to highlight inconsistencies, which may need further investigation
What needs improvement?
- Product currently requires Flash.
- Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface.
- Some filters are still very low level "magic numbers", which do not make sense on the high level user interface.
- We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioral analytics.
For how long have I used the solution?
Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Trellix ESM
October 2024
Learn what your peers think about Trellix ESM. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,763 professionals have used our research since 2012.
Information Security Analyst at a tech services company with 501-1,000 employees
Through correlation rules, it finds malware that anti-virus and other security solutions do not find.
What is most valuable?
The easy interface is the most valuable feature.
How has it helped my organization?
Through correlation rules, it finds malware that compromised the computer that anti-virus and other security solutions do not find.
What needs improvement?
I had a couple of problems collecting Windows events. The local plugin should be easier to use, because when ESM is collecting through the manager, many performance issues occur.
For how long have I used the solution?
I have been using McAfee for over three years.
What do I think about the stability of the solution?
We did have stability issues, but they were resolved by McAfee support.
What do I think about the scalability of the solution?
We have not had scalability issues.
How are customer service and technical support?
I would give technical support a rating of 8/10.
Which solution did I use previously and why did I switch?
I used different solutions, but for different clients.
How was the initial setup?
This was the easiest initial setup that I have made.
What's my experience with pricing, setup cost, and licensing?
The product is worth the price. There are other cheaper tools in the market, but it is harder to work with them.
Which other solutions did I evaluate?
We looked at HPE ArcSight, Splunk, RSA Analytics, and IBM QRadar.
What other advice do I have?
Stay focused, read the documentation, plan it well, and the project will be a success.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Vice President Cyber Security Practice Head at a tech services company with 1,001-5,000 employees
Does not integrate well, and scalability needs improvement but it's fairly priced
Pros and Cons
- "I like the ease of deployment."
- "I would like to see good analytics in future releases."
What is our primary use case?
We use this solution for correlation, alerting, and log management.
We are integrators.
What is most valuable?
I like the ease of deployment.
What needs improvement?
I would like to see good analytics in future releases.
McAfee has many issues with integration. I am looking for an end-to-end integration such as EDR, and Next-Generation SOC 2.0.
For how long have I used the solution?
I have been working with McAfee ESM for 20 years.
What do I think about the scalability of the solution?
We are looking for horizontal and verticle expansion. McAfee has issues with scalability. Other ESM solutions, don't have the same issues.
How are customer service and technical support?
We have not contacted technical support in quite some time. We had issues with the parsing.
How was the initial setup?
The deployment is easy, but because it is a hybrid deployment which makes it complex. It is partly in the cloud and partly an on-premises deployment. The device will have to access the cloud and on-premises data.
What about the implementation team?
We have an internal team to maintain this solution.
What's my experience with pricing, setup cost, and licensing?
The pricing is fair.
What other advice do I have?
I would recommend this solution to others who are interested in using it.
I would rate McAfee ESM a five out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Trellix ESM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Splunk Enterprise Security
Microsoft Sentinel
SentinelOne Singularity Complete
Microsoft Defender XDR
IBM Security QRadar
Elastic Security
AWS Security Hub
LogRhythm SIEM
Rapid7 InsightIDR
Fortinet FortiSIEM
Cybereason Endpoint Detection & Response
USM Anywhere
Exabeam
ManageEngine EventLog Analyzer
ArcSight Enterprise Security Manager (ESM)
Buyer's Guide
Download our free Trellix ESM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Has anyone got experience in deployment of a SIEM solution?
- IBM QRadar is rated above competitors (McAfee, Splunk, LogRhythm) in Gartner's 2020 Magic Quandrant. Agree/Disagree?
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- What Questions Should I Ask Before Buying SIEM?
- RSA-EMC vs. other SIEM products?