The integration capabilities of Trellix ESM with SaaS solutions are an area of concern where improvements are needed. When you continue to add solutions from other vendors, you need to look at the list of vendors Trellix ESM covers, which consists of a lot of vendors. Trellix ESM can consider adding some products, given the different processes in different solutions and some of the products from certain vendors that may not be known in the market, to the list of tools Trellix allows for integration. The product's stability is an area of concern where improvements are required.
Trellix's resource consumption is too high, and it could be lower. It would be nice if Trellix could reduce the requirements for RAM and storage. Product-wise, adding accounts on a single data source by batch would be a really great help. Then for the support, it would be a lot better if customer support from Trellix would reach out to us as partners.
Information Technology Security Analyst at a financial services firm with 201-500 employees
Real User
Top 10
2023-03-23T11:26:14Z
Mar 23, 2023
McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made. We had to contact support to restart the services due to unexpected reboots of the underlying hardware as it is a virtual machine we are using.
Senior Information Security Manager at a real estate/law firm with 10,001+ employees
Real User
Top 5
2022-09-29T15:13:00Z
Sep 29, 2022
There are no areas to be improved as this solution is well thought of. However, any technology solution even it is well thought of, might not work effectively if the users will not know how to fully optimize its usage and functionality. Knowledge transfer will be great in the areas of administration and maintenance up to command line interface.
Vice President Cyber Security Practice Head at a tech services company with 1,001-5,000 employees
Real User
2021-07-02T21:45:52Z
Jul 2, 2021
I would like to see good analytics in future releases. McAfee has many issues with integration. I am looking for an end-to-end integration such as EDR, and Next-Generation SOC 2.0.
Senior Security Specialist at a manufacturing company with 10,001+ employees
Real User
2021-05-05T13:16:17Z
May 5, 2021
It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee.
Assistant Vice President at a financial services firm with 1,001-5,000 employees
Real User
2021-01-12T10:45:00Z
Jan 12, 2021
When it came to using the solution for a larger organization, we were faced with some troubles attempting to manage the GUI functionality. During some forensic investigations, some of the information was missing from the collected data. It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI. For Postgre databases, the solution did not collect a lot of information from it. It has some integration problem. Companies, therefore, have to invest twice for collecting logs rather than one SIEM.
Information Security Officer at a tech services company with 51-200 employees
MSP
2020-09-27T04:09:58Z
Sep 27, 2020
McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better.
Information Security Engineer at a financial services firm with 51-200 employees
Real User
2020-06-25T10:49:15Z
Jun 25, 2020
The only drawback is that they don't have any packet capturing or network behavior analysis. Including network behavior analysis in the future would be a good addition. The speed of technical support can be improved.
Cyber Security Consultant at a computer software company with 51-200 employees
Consultant
2019-08-08T07:02:00Z
Aug 8, 2019
We are having trouble migrating our data sources from version 10 to version 11.2. We cannot add new data sources to the most recent version. I would like to see the Active Response function enhanced.
IT Consultant and Project Manager at a government with 1-10 employees
Consultant
2019-08-05T06:24:00Z
Aug 5, 2019
Technical support for this product could be improved. I would like to see improvements to the user interface. It would be helpful to have a diagram in the interface that shows the actions.
There are a lot of things that could be part of future editions. One would be to speed up the scanning of email. As emails come in, it takes a lot of time to scan through them, whether you're on your computer or on your phone. If it were a little quicker doing that, that would be helpful. That's not a new feature but speed always counts. The only issue I have with McAfee is the amount of computer resources that it takes. When you're running the program it really is heavy on the computer resources. It only impacts staff productivity when it's running the updates. However, it's definitely impacting some of the other applications that are running on a computer at the same time.
Security Product Manager at a financial services firm with 5,001-10,000 employees
Real User
2019-03-11T07:21:00Z
Mar 11, 2019
Although we're a South American bank, our products are pretty much the same as North American banks. The types of things they would install in North America are what we have here. But there are some banking and transactional cases that are local, South American transactions. I would like to see them add features that can be used locally, to make those transactions more reliable.
Make your organization more resilient and confident with Trellix Security Operations. Filter out the noise and cut complexity to deliver faster, more effective SecOps. Integrate your existing security tools and connect with over 650 Trellix solutions and third-party products.
The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases.
The integration capabilities of Trellix ESM with SaaS solutions are an area of concern where improvements are needed. When you continue to add solutions from other vendors, you need to look at the list of vendors Trellix ESM covers, which consists of a lot of vendors. Trellix ESM can consider adding some products, given the different processes in different solutions and some of the products from certain vendors that may not be known in the market, to the list of tools Trellix allows for integration. The product's stability is an area of concern where improvements are required.
The product’s alert response feature needs improvement. It could be more flexible and secure.
The solution needs to improve case management. The UI is confusing.
Trellix's resource consumption is too high, and it could be lower. It would be nice if Trellix could reduce the requirements for RAM and storage. Product-wise, adding accounts on a single data source by batch would be a really great help. Then for the support, it would be a lot better if customer support from Trellix would reach out to us as partners.
McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made. We had to contact support to restart the services due to unexpected reboots of the underlying hardware as it is a virtual machine we are using.
There are no areas to be improved as this solution is well thought of. However, any technology solution even it is well thought of, might not work effectively if the users will not know how to fully optimize its usage and functionality. Knowledge transfer will be great in the areas of administration and maintenance up to command line interface.
I would like to see good analytics in future releases. McAfee has many issues with integration. I am looking for an end-to-end integration such as EDR, and Next-Generation SOC 2.0.
It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee.
We acquired the IBM product because McAfee is slightly confusing to use, and it's broader.
There should be support for multitenancy in the product. Because they don't have it, I think it is the biggest improvement that the vendor could make.
When it came to using the solution for a larger organization, we were faced with some troubles attempting to manage the GUI functionality. During some forensic investigations, some of the information was missing from the collected data. It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI. For Postgre databases, the solution did not collect a lot of information from it. It has some integration problem. Companies, therefore, have to invest twice for collecting logs rather than one SIEM.
McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better.
The only drawback is that they don't have any packet capturing or network behavior analysis. Including network behavior analysis in the future would be a good addition. The speed of technical support can be improved.
The user interface could be more user-friendly. Technical support could be improved.
We are having trouble migrating our data sources from version 10 to version 11.2. We cannot add new data sources to the most recent version. I would like to see the Active Response function enhanced.
Technical support for this product could be improved. I would like to see improvements to the user interface. It would be helpful to have a diagram in the interface that shows the actions.
I would like to see fingerprint recognition included in the next release of this solution.
There are a lot of things that could be part of future editions. One would be to speed up the scanning of email. As emails come in, it takes a lot of time to scan through them, whether you're on your computer or on your phone. If it were a little quicker doing that, that would be helpful. That's not a new feature but speed always counts. The only issue I have with McAfee is the amount of computer resources that it takes. When you're running the program it really is heavy on the computer resources. It only impacts staff productivity when it's running the updates. However, it's definitely impacting some of the other applications that are running on a computer at the same time.
Although we're a South American bank, our products are pretty much the same as North American banks. The types of things they would install in North America are what we have here. But there are some banking and transactional cases that are local, South American transactions. I would like to see them add features that can be used locally, to make those transactions more reliable.
I can't scale it. I would like to see AI play a major role going forward.