McAfee MVISION Endpoint Detection and Response Reviews

I'm a consultant. One of my clients was experiencing attacks on one of his endpoints, so we installed McAfee MVISION Endpoint Detection and Response, and we used it to check if the other endpoints were also being attacked. This is one of the uses cases of the solution: threat hunting.

Another use case is that McAfee MVISION Endpoint Detection and Response consolidates all the information back to the MVISION Insights, so that's threat intelligence information, and we match whatever IOC we have, together with the current attack campaign data in the McAfee databases.

The most valuable feature I found in McAfee MVISION Endpoint Detection and Response is the guided analytics or guided EDR investigation. Normally, when you use an EDR solution, you need to have an analyst to understand all the artifacts, then you come up with the question and come up with the answers. With the guided investigation feature in McAfee MVISION Endpoint Detection and Response, DoD is easier, because the tool does the analysis itself, based on the artifact, then it maps back into the MITRE Framework and gives us all the answers.

An area for improvement in McAfee MVISION Endpoint Detection and Response is the historical search. For example: when you have information on the artifact and a precedent, you want to do a search, and that is a bit lacking in the tool.

Another area for improvement is in the automation feature of McAfee MVISION Endpoint Detection and Response, because it still needs some work in terms of integration.

What I'd like in the next release of McAfee MVISION Endpoint Detection and Response is the ability to use it with a newer security platform. This means that the information you get from network parameters such as IPS and firewalls can be pumped back to the tool, so we can match all the information to do better threat hunting. Threat hunting is only on the endpoints, so if McAfee MVISION Endpoint Detection and Response could cover everything, that would be good.

We've been using McAfee MVISION Endpoint Detection and Response for a year, and we're using its latest version.

The stability and performance of McAfee MVISION Endpoint Detection and Response are quite good, especially because it's still using the same agent. It doesn't require hardware, as long as there's good internet connectivity, for example: the bandwidth of the customer in the office is quite good, so the tool seems okay. I don't see anything lacking in terms of its performance. It's quite a good tool.

Because McAfee MVISION Endpoint Detection and Response is deployed on cloud, scalability is not an issue. You have to look at scalability in terms of the endpoint agent. If the endpoint control panel is good enough or is large enough, scalability is good enough, so it won't be much of an issue.

McAfee technical support has been not that great in the past two months, and it could be because they just merged with another company. Their level of support was high previously, but now it's not so good, and it's not on par with what I expect. On a scale of one to five, I would rate their support a three.

We already have the baseline for the current endpoint, so deploying McAfee MVISION Endpoint Detection and Response was simpler.

I was the one who did the deployment for a customer, and it was quite straightforward. Because we already have the baseline and we used the same engine and the same integration, deployment of McAfee MVISION Endpoint Detection and Response took less than two days.

Pricing for McAfee MVISION Endpoint Detection and Response is not that expensive, but it's not something that a startup could buy. Pricing for it is for midsized businesses.

There's an additional payment if you want data retention for more than thirty days. They gave us data retention for thirty days. Then if you want longer data retention, they have the paid option for a three-month data retention period and for a one-year data retention period.

We don't use any backup protection, but previously, we used Commvault for backups.

In terms of maintaining the tool, you don't have to do a lot of fine tuning, because the fine tuning will happen on the endpoint protection, in particular, the tool will do all the hunting. What we just need to do is to monitor the data location and the database.

My rating for McAfee MVISION Endpoint Detection and Response is eight out of ten.

We use McAfee MVISION Endpoint Detection and Response for our endpoints, and we are currently trying out the solid core. The tool scans even memory sticks and shows you what's going on with your network.

What we're using the most and what we found valuable in McAfee MVISION Endpoint Detection and Response are Web Control, Advanced Threat Protection, and Threat Prevention features.

The alert feature of McAfee MVISION Endpoint Detection and Response needs improvement because for you to get the alerts, you have to log on to the portal. What my company needs is a tool that sends you alerts. For example, if it detects a threat on your machine, it should send you an alert. My company gets the alerts instead from the antivirus software rather than the EDR. If you want to see the alerts on McAfee MVISION Endpoint Detection and Response, you have to connect to the system manually.

Another area for improvement in the tool is the reporting. My company needs weekly and monthly reports about the alerts, but you can't extract reports from McAfee MVISION Endpoint Detection and Response, so a decision was made to move to another EDR solution, particularly Microsoft Defender for Endpoint, next month. My company tested Microsoft Defender for Endpoint via a POC for one to three months.

The resource usage of McAfee MVISION Endpoint Detection and Response is also an area for improvement because it consumes a lot of memory. For example, during the on-demand scan, you can't work because of the high CPU usage. You need to schedule the scans.

McAfee MVISION Endpoint Detection and Response has a lot of modules, but my company doesn't use all modules.

I've been using McAfee MVISION Endpoint Detection and Response since 2020.

I've contacted the technical support for McAfee MVISION Endpoint Detection and Response many times. It takes time for the team to respond to the cases, but at the end of the day, you do get a response.

The initial setup for McAfee MVISION Endpoint Detection and Response was easy. It wasn't complex. What took long in terms of setup was linking the tool to the on-premises ePO and configuring the DXL which was a challenge. McAfee was involved, but it still took time to configure.

I've seen ROI from McAfee MVISION Endpoint Detection and Response.

McAfee MVISION Endpoint Detection and Response is reasonable in terms of cost. It's a tool my company has been using for a few years now. It costs $25,000 to $30,000 for six hundred users.

We evaluated CrowdStrike aside from McAfee MVISION Endpoint Detection and Response. Though it's a good product, we couldn't afford CrowdStrike.

I'm a user of McAfee MVISION Endpoint Detection and Response. I work for a bank.

McAfee MVISION Endpoint Detection and Response is deployed both on-premises and on the cloud in my company.

My company has six hundred endpoints on McAfee MVISION Endpoint Detection and Response. The tool is installed on six hundred machines or devices. Two administrators take care of maintaining the tool.

My advice to people who want to implement McAfee MVISION Endpoint Detection and Response is that it's a good product, but it has its limitations.

My rating for McAfee MVISION Endpoint Detection and Response is seven out of ten.

It has been helpful in terms of identifying unknown threats. The file is available on the endpoint, and the information is retrieved to identify any unknown or malicious file and then converted to a known file.

The endpoints and utilization are too high, which impacts the production activity. 

There are no additional features I would add. The McAfee MVISION Endpoint Detection and Response already has multiple features required for an IT solution.

We have been using this solution for two years, and it is deployed on-premises.

From a solution point of view, it is a stable solution.

It is a scalable solution and very easy to use in terms of hardware or sizing.

In terms of the number of users, because we are a banking environment, the IT department, bankers and people on the business side use this solution. Therefore, a minimum of five people is required to manage the environment. We currently use it to its full extent but plan to replace it.

The technical support is very good, and we have never had problems with them.

Neutral

We used a different solution for more than 15 years before we migrated to McAfee MVISION Endpoint Detection and Response.

The initial setup was very straightforward. I rate the initial setup experience an eight out of ten. We used a third-party tool, and the deployment took a couple of months. 

Regarding ROI, I do not have precise numbers, but I rate it a four out of ten. 

We have a perpetual license that is renewed annually. I do not know the specific price in terms of costs, but I rate the cost a six out of ten. We also get the whole package for this solution in a bundle.

Before we chose McAfee MVISION Endpoint Detection and Response, there were other options available like Carbon Black, Cisco and Trend Micro.

If I were to advise on this solution, it would be that irrespective of the endpoint a company uses, it should have a good endpoint configuration. I would rate this solution a nine out of ten.

This is more of a cloud-based clientless type solution, for file-based security. 

The solution is scalable and the product has a good strategy when everything is in place. 

One of their issues is that they were very much based on agents, whereas most of the other solutions are clientless. There were a lot of legacy issues and they needed to evolve to more of the current operating systems of Microsoft for endpoint systems and PCs. If you're clientless, your cloud-based applications sit on top of the operating system and are not built into it.

It's reasonably stable. They made some changes to the architecture and that always creates issues. 

The solution is scalable. 

They had pretty good tech support. I think a lot of what happened to McAfee, from my perspective, was everything went offshore to India and for US customers, there is a language barrier that created problems.

The initial setup was relatively complicated and used a lot of resources - CPU resources, memory, disk.

There are a lot of companies in this space now and they are all pretty close to each other in terms of what they offer. I think those that are more user-friendly, and have the agentless client have the advantage over the legacy companies with older architecture. 

They lost a lot of product managers and engineering managers in the breakup. That said, I think this is a good product with a good strategy, they just haven't quite reached maturity yet.  

I rate this solution eight out of 10. 

We use this solution to protect our endpoints, meaning our workstation laptops.

The most valuable features of the solution are the ability to isolate or quarantine devices and block or detect Ransomware and other well-known tools that are used to exploit vulnerabilities on devices.

The dashboard and reporting features are not so user-friendly or intuitive, so they need some work.

In terms of being able to detect new threats, it would be good if the solution was not so dependent on a signature base, but instead offered a more rapid release for being able to detect zero-days. 

My company has been using McAfee MVISION Endpoint Detection and Response for about seven months. 

The solution is stable. 

The solution is easily scalable. 

Their technical support is better than some of the competitors in the space. To make a direct comparison, it's definitely better than Symantec Broadcom.

The initial setup takes a bit of work, but it can be done. It's not easy. It's not hard. It's in between.

I would rate this solution as a seven out of ten.