Coming October 25: PeerSpot Awards will be announced! Learn more

McAfee ESM vs RSA NetWitness Logs and Packets (RSA SIEM) comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between McAfee ESM and RSA NetWitness Logs and Packets (RSA SIEM) based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed McAfee ESM vs. RSA NetWitness Logs and Packets (RSA SIEM) report (Updated: August 2022).
634,325 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean.""Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data.""One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful.""The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable.""The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way.""The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them.""The most powerful feature is the way the data is stored and extracted. The data is always stored in its original format and you can normalize the data after it has been stored.""Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit."

More Devo Pros →

"I like the ease of deployment.""It is user-friendly. The notification part of McAfee ESM is very easy.""The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller.""The most valuable feature is the correlation rules.""McAfee as a whole is a good solution.""It enables us to detect malicious threats, issues, or vulnerabilities in our network.""The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it.""The most valuable feature in ESM is its search and reporting feature. It's really nice."

More McAfee ESM Pros →

"The most valuable features are the packet inspection and the automated incident response.""The software is scalable to whatever is required, and you can also put a lot of resources in the cloud.""It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets.""Offers a good wireless feature.""The development of use cases on the SSA console is quite user friendly. This means that the security analyst or the researcher does not have to learn another language.""The packet capture aspect of it is a valuable feature because it is quite different from a traditional SIEM solution that only carries out investigations based on captured logs.""It's quite economical compared to other solutions in the market.""I can have enterprise security, email security, next generation firewall security log, HIDS and NIDS logs, etc. all on the same dashboard. It makes it easy to pinpoint or correlate our server to this. I can find out if there is lateral movement. This is the biggest advantage of this solution."

More RSA NetWitness Logs and Packets (RSA SIEM) Pros →

Cons
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate.""I would like to have the ability to create more complex dashboards.""The overall performance of extraction could be a lot faster, but that's a common problem in this space in general. Also, the stock or default alerting and detecting options could definitely be broader and more all-encompassing. The fact that they're not is why we had to write all our own alerts.""We only use the core functionality and one of the reasons for this is that their security operation center needs improvement.""There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space.""Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution.""From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments.""There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts."

More Devo Cons →

"The support from McAfee ESM could improve. They could improve the speed.""It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI.""It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee.""The initial setup is difficult and could improve.""Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved.""There should be support for multitenancy in the product.""We acquired the IBM product because McAfee is slightly confusing to use, and it's broader.""I would like to see good analytics in future releases."

More McAfee ESM Cons →

"Nowadays, their support is a little subpar compared to other solutions. I rate RSA support six out of 10.""An area for improvement would be better automation and more inbuilt use cases.""The solution should have more integration capabilities with different platforms.""Technical support could be improved.""The multi-tenant capabilities are lagging compared to IBM QRadar.""RSA NetWitness Logs and Packets can improve the threat level aspect, it is lacking compared to other solutions. Whenever any hacking activity or any other threat factor occurred they used to provide the coverages very fast when comparing RSA NetWitness Logs and Packets. I heard the other three solutions, from a discussion with my team members who had experience in other solutions, they used to say that. Whenever any issues happened across the globe RSA NetWitness Logs and Packets are a little bit slow improving those detection mechanisms.""The initial setup is complex. There are other solutions that are easier to implement.""Sometimes, it gives me static when integrating Windows-based systems. It should produce a precise log of sorts as to where the problem is. For example, a few days ago because of the McAfee application firewall, I couldn't get access to the particular Windows machine. So, my team and I had to figure out by ourselves that there was a virus responsible for the obstacle. This solution should trigger a meaningful log or message indicating the reason the user or implementer can't get into the machine."

More RSA NetWitness Logs and Packets (RSA SIEM) Cons →

Pricing and Cost Advice
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • "Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
  • More Devo Pricing and Cost Advice →

  • "We renew our license annually."
  • "McAfee is the right choice for a low-budget solution."
  • "The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."
  • "The pricing is fair."
  • "The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee."
  • More McAfee ESM Pricing and Cost Advice →

  • "There is a licensing fee and the customer can choose whether he wishes this to be subscription-based or perpetual."
  • "We are on an annual license for the use of the solution."
  • "RSA NetWitness Logs and Packets do not have a subscription model, it's a one-time purchase. There is only a perpetual license."
  • "We have yearly licensing costs. The license fee can be based on the volume of EPS. Some organizations may have, as a gentlemanly gesture, 10,000 EPS and get a 3,000 EPS license but actually use 5,000 EPS."
  • "Compared to the competition, the is price is not that high."
  • More RSA NetWitness Logs and Packets (RSA SIEM) Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    634,325 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
    Top Answer:I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
    Top Answer:The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller.
    Top Answer:The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at… more »
    Top Answer:I would like to see good analytics in future releases. McAfee has many issues with integration. I am looking for an… more »
    Top Answer:It would help if they could provide the malware analytics in the core package as that would make the cost more… more »
    Top Answer:I believe they could improve their support, there are often delays. The price of the solution could be reduced, it's… more »
    Comparisons
    Also Known As
    NitroSecurity, McAfee Enterprise Security Manager
    RSA Security Analytics
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    McAfee Enterprise Security Manager - the foundation of the security information and event management (SIEM) solution family from McAfee delivers the performance, actionable intelligence, and real-time situational awareness at the speed and scale required for security organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.

    If you’re relying on log data to detect and prevent cyber threats, you’re in trouble. Attackers increasingly evade detection of log-centric security and network monitoring tools. But logs combined with full packet, endpoint NetFlow data are proven to provide the essential details for early threat detection. Here’s a closer look at our solution.

    Offer
    See Devo in Action

    See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

    Learn more about McAfee ESM
    Learn more about RSA NetWitness Logs and Packets (RSA SIEM)
    Sample Customers
    United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
    San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
    Los Angeles World Airports, Reply
    Top Industries
    REVIEWERS
    Computer Software Company63%
    Comms Service Provider13%
    Retailer13%
    Insurance Company13%
    VISITORS READING REVIEWS
    Computer Software Company22%
    Comms Service Provider14%
    Financial Services Firm9%
    Government9%
    REVIEWERS
    Financial Services Firm27%
    Government20%
    Healthcare Company13%
    Aerospace/Defense Firm7%
    VISITORS READING REVIEWS
    Computer Software Company24%
    Comms Service Provider17%
    Government11%
    Financial Services Firm7%
    REVIEWERS
    Comms Service Provider31%
    Financial Services Firm25%
    Computer Software Company25%
    Manufacturing Company13%
    VISITORS READING REVIEWS
    Computer Software Company20%
    Comms Service Provider17%
    Financial Services Firm11%
    Government10%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise18%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise16%
    Large Enterprise62%
    REVIEWERS
    Small Business26%
    Midsize Enterprise14%
    Large Enterprise60%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise17%
    Large Enterprise64%
    REVIEWERS
    Small Business26%
    Midsize Enterprise11%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise15%
    Large Enterprise64%
    Buyer's Guide
    McAfee ESM vs. RSA NetWitness Logs and Packets (RSA SIEM)
    August 2022
    Find out what your peers are saying about McAfee ESM vs. RSA NetWitness Logs and Packets (RSA SIEM) and other solutions. Updated: August 2022.
    634,325 professionals have used our research since 2012.

    McAfee ESM is ranked 24th in Security Information and Event Management (SIEM) with 8 reviews while RSA NetWitness Logs and Packets (RSA SIEM) is ranked 11th in Security Information and Event Management (SIEM) with 12 reviews. McAfee ESM is rated 6.2, while RSA NetWitness Logs and Packets (RSA SIEM) is rated 7.4. The top reviewer of McAfee ESM writes "A security information and event management solution with a useful search and reporting feature, but cloud integration could be better". On the other hand, the top reviewer of RSA NetWitness Logs and Packets (RSA SIEM) writes "Economical with good technical support and is easily scalable". McAfee ESM is most compared with IBM QRadar, Splunk, ArcSight Enterprise Security Manager (ESM), FireEye Helix and AT&T AlienVault USM, whereas RSA NetWitness Logs and Packets (RSA SIEM) is most compared with Splunk, IBM QRadar, RSA enVision and ArcSight Enterprise Security Manager (ESM). See our McAfee ESM vs. RSA NetWitness Logs and Packets (RSA SIEM) report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.