Trellix ESM Reviews

My customer's usual use case for Trellix ESM involves one client, as most of the users have moved to ESM. Nowadays, they don't use IPS only, since McAfee IPS is standalone; they incorporate firewall and IPS on the same device, and we have two clients only.

They usually use ESM for their gateway.

The most valuable feature of Trellix ESM, for detecting, is that it detects malware and viruses, such as a particular virus that was critical in Kenya. We used ESM to detect and block that particular virus completely.

My impression on the real-time threat detection feature of Trellix ESM is that it's perfect. In terms of real-time, when you put it on inline, everything is supposed to pass by the ESM first and then go to the LAN, allowing the ESM to detect if it's a virus or a clean file.

Assessing the integration capabilities of Trellix ESM with existing security tools in my customers' environments, when you use a totally different solution, such as putting a firewall in front of an ESM, the firewall tries to detect any malicious file. After it has been quarantined or dropped by the firewall, if it doesn't recognize the file, it allows it, but with Trellix ESM, it will block that file if it's malicious or not recognized. Geo-fencing is also possible, allowing you to block traffic from specific regions such as China or Russia.

My impression on the reporting and compliance management capabilities of Trellix ESM is that when you integrate ESM and Trellix EPO, the reporting is perfect because you can see what you want and even refine and customize your reporting. For compliance, regarding standards such as PCI, it's something most banks are using, and it is working great for the two banks that are using Trellix ESM.

The customizable dashboards provided by Trellix ESM are indeed customizable, as there's an option to adjust them to fit your analysis. For example, if you want to check specific applications running in your environment, you can customize that view.

Areas of Trellix ESM that could be improved or enhanced include checking on the clients who are still on-prem, especially banks, as most are not moving everything to the cloud due to confidentiality and accessibility during network outages. They need to ensure that the service meets customer needs.

I have been working with Trellix ESM for 20 years, and I can even show you the first ESM I used to install.

I haven't faced any challenges during the initial setup.

I evaluate the overall stability of the solution as stable. I haven't had any issues, and I think it is a good solution.

I would evaluate the scalability of Trellix ESM by giving it a nine on a scale from one to ten. I rate it this way because when it is alone, there won't be any performance issues, as it relieves the burden on the firewall handling the APS, with most functions being managed by ESM.

My experience with the customer service and technical support of Trellix ESM is that since I've stayed with the product for long, I normally don't use support often. It's rare for me to need them unless it's an issue with licensing, and they are the best in that regard.

Positive

My usual experience with the initial setup and deployment of Trellix ESM is that most of the setup is automated and straightforward; it's not hard to deploy or configure.

The actions I usually need to perform to deploy Trellix ESM start with licensing. After that, everything is straightforward, and I can say it is a plug and play solution.

I am also a consultant for Trellix ESM. I usually work with the latest version. I find the hybrid deployment capability of Trellix ESM important for my customers, but I haven't used the hybrid one; we normally use the on-premise solution. I'm not knowledgeable about pricing because I'm just an engineer. I rate Trellix ESM a ten out of ten.

Trellix ESM utilizes fewer human resources and improves security and visibility.

It is more difficult to operate Trellix ESM than other solutions.

I have been using Trellix ESM for more than three years.

I rate the solution’s stability a seven out of ten.

Trellix ESM is a scalable solution. Around four users are using the solution in our organization, and we may choose to increase the usage in the future.

I rate the solution’s scalability a seven out of ten.

It took more than one week to deploy the solution.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a four out of ten.

We used the local solution partners to implement the solution.

I am using the latest version of Trellix ESM. We dedicate one person to manage all Trellix products.

Overall, I rate the solution a five out of ten.

We use McAfee ESM for log storage and audit purposes. Security is the base reason, and we do build content for them.

The most valuable feature in ESM is its search and reporting feature. It's really nice.

Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved.

In general, every SIEM product has that sort of glitch, some partial development. It's like the enrichment of logging level understanding for a SIEM. More enrichment leads to more understanding and use case improvement. That's the gap there, and you will have technical issues already there with all of the products. They keep on fixing that. It's not a problem. They are fast on that point.

I would like to have some sort of automation module and some sort of SOAR module in the next release. 

I have used McAfee ESM over the last 12 months.

Stability is good. I can say that because of the way their reporting is running right now. The reporting, dashboard, or their use cases are running in the field of security in the scope of data centers. In the scope of data centers, they're very stable. There isn't a problem with that.

Scalability is good. You can increase their EPS module as EPS is about events per second. The cost goes to the customer if it wants to charge them. It's very scalable. At any point in time, you can scale it up, and you can scale it down. That's not a problem. 

The tech support is great. The engineering team helped us well at one point, and they're very good.

The initial setup is straightforward. SIEM isn't a single module component. They have different modules, like the receiver and the console, and the two modules switch. Right now, we have a complex module, and it's compatible. It's not a worry to implement it. 

When it comes to infrastructure deployment, it won't take more than two weeks. The first stage would be procuring the software. If you want to deploy it in your own mediums, or if you want to bring in your own box, it could take a few more days. But once the software and the license are there in your hands, it doesn't take more than a week to get it implemented.

The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended.

I would tell potential customers that ESM has a feature called all in one box. If a customer is full-fledged on an in-house data center model and has extensive products running on Windows, Linux, and Cisco and it's all sitting on-premises, this is a great option to work with all of them. They have a good set of use cases, reports, and dashboards prebuilt.

Right now, people are migrating to different solutions, and security generation is growing very vast, and it's going a step ahead. Everything is coming to the cloud. Everything is fast, and everything is a hybrid network. Because of COVID, everyone is working from home, everyone is accessing data with their own internet line, and everyone is outside the network.

McAfee will fall back a little in this scenario because the cloud integrations aren't extensively available. In this data center, most of the customers will fall back from ESM. They will come and withdraw their existing accounts, and they might move to different SIEM solutions. This is how it could be in the future. If the existing integrations come with the upgrade and if they're able to upgrade, then they might stick back with ESM.

On a scale from one to ten, I would give McAfee ESM a six.

We use it for malware detection and authentication or login failures.

It hasn't been helpful. McAfee is not investing much in this solution to improve it. It cannot cope with the advanced feature that we require, and that's the reason why we are migrating to a new solution.

It is user-friendly. The notification part of McAfee ESM is very easy. 

It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM.

The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console.

They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee.

I have been using this solution for more than six years.

Sometimes, they have been helpful, and sometimes, they drag their feet, and it takes days to fix an issue.

I have worked on Splunk.

It is easy to implement and not complex. It can be done in a week if the information is ready. Its integration, however, can take a long time depending on the requirements.

McAfee is the right choice for a low-budget solution.

It is suitable for a medium-sized company but not for a big company. A medium-sized company that has less than a thousand data sources and doesn't need to correlate different use cases with different scenarios can go for McAfee because it is user-friendly and doesn't require many skills. McAfee will also be the right choice for a low-budget solution.

We are almost done with using this solution, and we are not going to use McAfee going forward. McAfee ESM is not able to cope with the advanced features. An army cannot do anything without good weapons in hand, and that's the issue with McAfee. They do not have good weapons to investigate.

McAfee ESM is no longer a leader in the Gartner Magic Quadrant. They should improve its performance and invest more in new features. After that, they will come back to the top position.

I would rate McAfee ESM a five out of ten.

We implement it in our hospital applications.

It has been very helpful to our company. It enables us to detect malicious threats, issues, or vulnerabilities in our network.

We acquired the IBM product because McAfee is slightly confusing to use, and it's broader.

I have used McAfee ESM for three years.

We are using Version 11.

It's scalable, and we can implement our network use cases.

We have five users in our organization.

The technical support is fast and they have been helpful in resolving our issues.

Previously, I did not use another solution. McAfee ESM is the only solution I know.

I was not a part of the installation. It was installed before I joined the company.

We had help from the McAfee teams in Singapore and India. We also had some help from Trend Micro and one colleague from our company.

We renew our license annually.

We have just acquired IBM QRadar. It is still in the implementation process. We have not used it.

Last January, our Adobe has come to its end of life, and we can not use it anymore.

I can recommend this solution. 

I would rate McAfee ESM a seven out of ten.

We use this solution for correlation, alerting, and log management.

We are integrators.

I like the ease of deployment.

I would like to see good analytics in future releases.

McAfee has many issues with integration. I am looking for an end-to-end integration such as EDR, and Next-Generation SOC 2.0. 

I have been working with McAfee ESM for 20 years.

We are looking for horizontal and verticle expansion. McAfee has issues with scalability. Other ESM solutions, don't have the same issues.

We have not contacted technical support in quite some time. We had issues with the parsing.

The deployment is easy, but because it is a hybrid deployment which makes it complex. It is partly in the cloud and partly an on-premises deployment. The device will have to access the cloud and on-premises data.

We have an internal team to maintain this solution.

The pricing is fair.

I would recommend this solution to others who are interested in using it.

I would rate McAfee ESM a five out of ten.

We are using this solution primarily for SIEM logs.

The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it.

I have been using this solution for approximately six years.

The stability of this solution has been good.

We have never had an issue with the scalability of this solution.

The technical support could improve from McAfee.

The initial setup is difficult and could improve. 

We have four engineers that do the maintenance for this solution.

My advice to those wanting to implement this solution is to do a lot of training. I think every solution is complex until you are trained in it. It is best to have some sort of previous training before you start using it.

I rate McAfee ESM a five out of ten.

I work with an integration company and implement tools such as McAfee ESM.

We are an MSSP for a lot of clients. We gather their logs, correlate them, create rules, and assume the role of their SOC. We have skilled operators 24/7 who take care of these clients.

The most valuable feature is the correlation rules.

This product is easy to use.

There should be support for multitenancy in the product. Because they don't have it, I think it is the biggest improvement that the vendor could make.

I have been working with McAfee ESM for approximately eight years.

This is a very scalable product.

In the on-premises deployment, we have large enterprise clients. For cloud-based deployment, our clients are small to medium-sized companies.

Although I am satisified with the technical support, there is room for improvement. The support is not as good as it could be because McAfee has moved so many times.

The initial setup is straightforward and easy to do. The deployment is very fast.

In summary, this is a good product. We have all of the functionality but it needs support for multitenancy and better support.

I would rate this solution an eight out of ten.