IT Central Station is now PeerSpot: Here's why

McAfee Active Response OverviewUNIXBusinessApplication

McAfee Active Response is #24 ranked solution in EDR tools. PeerSpot users give McAfee Active Response an average rating of 6 out of 10. McAfee Active Response is most commonly compared to McAfee MVISION Endpoint Detection and Response: McAfee Active Response vs McAfee MVISION Endpoint Detection and Response. McAfee Active Response is popular among the large enterprise segment, accounting for 68% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Buyer's Guide

Download the Endpoint Detection and Response (EDR) Buyer's Guide including reviews and more. Updated: June 2022

What is McAfee Active Response?

Continuous Visibility into Your Endpoints:
Capture and monitor events, files, host flows, process objects, context, and system state changes that may be indicators of attack or dormant attack components.

Identify and Remediate Breaches Faster:
Access tools you need to quickly correct security issues. Send intelligence to analytics, operations, and forensic teams.

Target Critical Threats:
Get preconfigured and customizable actions when triggered, so you can target and eliminate threats.

McAfee Active Response Customers

Liquor Control Board of Ontario

McAfee Active Response Video

McAfee Active Response Pricing Advice

What users are saying about McAfee Active Response pricing:
"Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US."

McAfee Active Response Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
LeonWessels - PeerSpot reviewer
IT Security Manager at Telecommunications Services of Trinidad & Tobago Limited (TSTT)
Real User
Top 5Leaderboard
Lighter with good stability and pretty good technical support
Pros and Cons
  • "It's a little lighter compared to the older version, which was mostly signature-based."
  • "There are some components on the cloud that should also reside in the on-prem deployment models but don't."

What is our primary use case?

We use McAfee for our corporate-issued laptops and desktops. We use a different product on the servers, however, our use case is mostly for workstations and laptops.

What is most valuable?

With the ADR parts of it or the Active Response parts of it, we're able to get a little more information compared to the older version. Such as analytics, user behavior analytics, triaging and meaningful reporting.  It's a little lighter compared to the older version, which was mostly signature-based. It was very CPU intensive. Users used to complain about when the scan is running, that they couldn't do any work. That was one of the reasons which prompted us to upgrade, even though our intention was mostly to go to either Carbon Black or CrowdStrike.

What needs improvement?

It's still not lightweight enough and not as light as they claim to be with the McAfee area of a next-gen AV. They can do some improvements along that line.  There needs to be some improvement around the white-listing or black-listing. The product could improve aspects around the removal of blacklisted applications, et cetera.  This was an exercise to centralize the AV cell, and that's how we ended up upgrading. The truth, however, is that I was really looking for something much more advanced with user behavior analytics and some AI features that the other competitor's next-gen AV does offer. It is okay for what it's doing now, however, it's not the ultimate software. There are some components on the cloud that should also reside in the on-prem deployment models but don't. They should ensure they are doing parallel development for cloud and on-prem when they are doing R&D. 

For how long have I used the solution?

I've been using the solution for a long time. It's been over a decade. I'd say it's likely been about 12 years at this point. In the last three years, we've updated to the latest version.
Buyer's Guide
Endpoint Detection and Response (EDR)
June 2022
Find out what your peers are saying about McAfee, Microsoft, Kaspersky and others in Endpoint Detection and Response (EDR). Updated: June 2022.
609,272 professionals have used our research since 2012.

What do I think about the stability of the solution?

The stability has been okay so far. The problem that I really have is that, when I was doing the POC, we used Symantec on our servers, and we use McAfee on the desktop and the laptops. I wanted a unified solution, one solution that could have worked for both. A next-gen, lightweight solution that would have given me a lot of analytics.

What do I think about the scalability of the solution?

The engineers that actually administer that platform claim that it's pretty good at scaling. It requires a number of components to be installed, however. It is not very straightforward. They've been deploying it in one or two servers. There were databases and different components that you need to have and they need to communicate. It requires some level of advanced knowledge to deploy the solution itself, just to get the environment up. However, once it's up, it seems to be working fine.At the time we installed the solution, we had about 3000 users. In the last three years, however, our numbers are now down to somewhere around 1400 or something like that. That said, we still have the same amount of licenses being used as we sometimes have a high influx of consultants with our contact centers that we outsource to partners, retail partners that we have, that we have to deploy systems on their premise. We utilize that difference of the license in those scenarios. We don't see a need to increase usage as we still have so many licenses available.

How are customer service and support?

So far, the engineers that manage this solution claim that they're pretty good in terms of technical support. If they need to raise anything through the partner, the local reseller, they haven't had any issues. Prior to the pandemic, we used to have periodic visits from the partner and McAfee directly, however, of course, that has eased up. Things are a bit slow now with the relationship, owing to the pandemic itself, and everybody is just dealing with their own level of crisis. Overall, I would say we are satisfied with the level of service.

Which solution did I use previously and why did I switch?

No, we have always used McAfee.

How was the initial setup?

We actually had an engineer on-site that came from McAfee.  We did the rollout using the global policy. We did a combination as well. We used the scan to also push it out. Our company had training as part of that implementation, as a knowledge transfer. For that reason, we really didn't face many difficulties. It was relatively straightforward. The difficulties we had were more due to the older versions, where they sometimes did not receive an update. Due to that, you could not have pushed the new update to them. One of the challenges we had was that we had to actually go to those systems and uninstall the older model before we could install the newer one.  The deployment was done in phases. We did a sample of about a hundred, and then after that, we rolled it out within two weeks to the rest of the organization. We have two staff that actually manage that environment itself. They manage the operations and the upkeep, and liaison with the Defender, and with the staff. If there are any issues, they handle them.   I also have my team, which is comprised of four of us that actually manage the system more from a governance perspective, handling policies that need to be implemented, or issues where there may be a breach of policy and those kinds of tasks. 

What about the implementation team?

A McAfee engineer assisted us in the implementation process. We had a reseller help us get someone directly from McAfee. They flew in and came on-site as we also wanted to do in-depth training as well. The reseller didn't do too much work. It was the McAfee engineer that did the heavy lifting. They only had a three to seven-day window that we had to work with. We had purchased two weeks. We got a one-week on-prem, and the other week where they couldn't install some of the stuff, as far as the rollout, as that was done remotely. The training also was done remotely. The experience was pretty good overall.

What's my experience with pricing, setup cost, and licensing?

We pay for the solution yearly.  Our costs were somewhere around $600K in Trinidad dollars, which might be about $100K US. We have the ETP plus the EDR. Our recent renewal was 1800 licenses as opposed to the full amount. Our transaction cost was about $600K Trinidad dollars, which is somewhere around $90-100K US. There were extra costs around implementation and training.

Which other solutions did I evaluate?

With our long-term goal of getting a unified next-gen AV, I've looked t other options. I would have looked at Carbon Black, before they were acquired by VMware. Now we also have VMware within our private clouds. We have two cloud environments. We resell cloud solutions, and our virtualized vendor is VMware. We have an active partnership with VMware. And, and now that VMware has acquired Carbon Black, they have approached us to use Carbon Black, and also to resell Carbon Black. That is an ongoing discussion. We have looked at CrowdStrike, and well, and we have looked at the Check Point solution too. It is my understanding that we may have looked at Cylance as well. In terms of evaluation criteria, we're looking at the analytics aspects of it, and if there is AI built into it. We want to move away from the old, signature-based type solution. We're looking for a very lightweight solution that was lower CPU resource intensive.We were looking at features pertaining to quarantining an endpoint, in the event of infection. We want solutions that maintained some level of connection back to the command-and-control, in order for us to remediate, as we didn't have the staff to go out to physical locations.  We were looking for the white-listing. We were looking for features like being able to remove an app if we find it violates the policy of allowed applications on the endpoint. We were also looking for features that would prevent the users from uninstalling the endpoint itself. 

What other advice do I have?

We're just a customer. I'm not sure which version of the solution we're using. This solution is fine for now. However, our long-term goal is really to get a unified next-gen AV. I'd advise potential new users that they do extensive research. Do some POC among some of the top vendors out there, probably in the Magic Quadrant. They should have developed some sort of criteria as to what they're looking for. As you evaluate each product, you can then tick off requirements and compare options. Ask about support and how fast a solution can get issues resolved. That's important. I would rate the solution at a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
LeonWessels - PeerSpot reviewer
IT Security Manager at Telecommunications Services of Trinidad & Tobago Limited (TSTT)
Real User
Top 5Leaderboard
It gives us visibility of remote workers and allows us to automate a number of events
Pros and Cons
  • "We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response gives us that visibility and lets us automate a number of those events."
  • "I also expected Active Response 's user interface to be much more analytical."

What is our primary use case?

Active Response provides endpoint protection for remote workers. It covers primarily laptops and desktops, not servers. Active Response  is replacing our existing on-prem McAfee solution, and it will protect about 1,300 endpoints when fully deployed. We haven't brought in everybody. Right now, we have a parallel implementation of the old system.

How has it helped my organization?

We are hoping to automate detection and response and take advantage of user behavior analytics, given that we are working from home. About half of our workers are still remote, so Active Response  gives us that visibility and lets us automate a number of those events.

What needs improvement?

I expected Active Response's user interface to be much more analytical.
I still haven't evaluated the ransomware features because everybody implements anti-ransomware differently. You need to see these features in action because everyone seems to have their way of doing it. That's something I still would like to evaluate.

For how long have I used the solution?

It's only been about a week since we rolled out Active Response . 

How are customer service and support?

I rate McAfee support seven out of 10. We haven't opened a ticket with McAfee for the new product, but I would say there's room for improvement based on our experience with the old one. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We're comparing this to Check Point Harmony Mobile, but we're still going through it. It's hard to say at this point if I see a lot of improvement.

How was the initial setup?

Setting up Active Response is straightforward. We deployed it with Microsoft SCCM. Our team has one engineer and two specialists, and there's a fourth person who can work in either of those roles. 

What's my experience with pricing, setup cost, and licensing?

I expected the price to be better.

What other advice do I have?

We're still in the early stages of evaluating the solution because I haven't yet fully deployed all my endpoints. At this point, I would rate Active Response  six out of 10.  

My advice to those considering Active Response  is to do proper data testing. You should run scenarios and use cases to determine whether this solution fits your organization's needs. Make sure you do those things first because you could do a POC, but it looks different in production.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Endpoint Detection and Response (EDR)
June 2022
Find out what your peers are saying about McAfee, Microsoft, Kaspersky and others in Endpoint Detection and Response (EDR). Updated: June 2022.
609,272 professionals have used our research since 2012.
Senior Manager Information Technology at a pharma/biotech company with 10,001+ employees
Real User
Provides good security, but technical support should be improved and resource consumption lowered
Pros and Cons
  • "The solution is scalable."
  • "While the product is good, we are currently facing support issues."

What is our primary use case?

We make use of the latest version.

What is most valuable?

I don't consider any one specific feature to be the most valuable, but I look at the advantages inherent in EDR holistically. 

What needs improvement?

While the product is good, we are currently facing support issues. We are working with McAfee on that front.

When it comes to technical support, we face slowdown issues in respect of the EDR with some of our machines.

The consumption of resources should be lower. What I mean is that the product requires a lot of memory. Cloud-based products are much better by comparison.

For how long have I used the solution?

We have been using McAfee Active Response for almost a year.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and technical support?

We are working with McAfee on support issues that we have encountered. 

How was the initial setup?

The initial setup is straightforward.

What other advice do I have?

The product itself is good.

I rate McAfee Active Response as a six out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Endpoint Detection and Response (EDR) Report and find out what your peers are saying about McAfee, Microsoft, Kaspersky, and more!
Updated: June 2022
Buyer's Guide
Download our free Endpoint Detection and Response (EDR) Report and find out what your peers are saying about McAfee, Microsoft, Kaspersky, and more!