Trellix ESM Reviews

We are using the solution for log analyzing endpoints and investigating all types of applications, files or network devices login collection.

McAfee as a whole is a good solution.

When it came to using the solution for a larger organization, we were faced with some troubles attempting to manage the GUI functionality. During some forensic investigations, some of the information was missing from the collected data. 

It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI. For Postgre databases, the solution did not collect a lot of information from it. It has some integration problem. Companies, therefore, have to invest twice for collecting logs rather than one SIEM.

I have been using the solution for two years.

The initial setup was a bit complex.

The local partner we had was not very experienced in implementing the solution. However, the solution was first implemented in our country.

We use McAfee ESM for IT operations and a few security-related things. 

It is easy to use and deploy. It comes with user-friendly manuals.

McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support.

It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better.

I have been using McAfee ESM for maybe the last six years. 

It has very good stability.

So far, we haven't tried scaling. Because it is on-premises, it is almost a setup environment. We don't do any major changes on the same site because it is quite critical and gets alerts. We don't want to mess up with our configuration.

They take a long time, and the technical person who comes from support doesn't seem to be knowledgeable. When something goes wrong on the hardware or the application side, or we need some technical support in filling up use cases, it takes a long time.

We always struggle to get proper support from their technical support team. It seems that there is only one person who is handling the Middle East technical support, and when we don't get that person, we struggle a lot.

The initial setup was straightforward. There were no complications in its deployment.

Its deployment was done by an engineer in our company. 

We are a security team of five members. Whoever a ticket is assigned to handles the cases.

The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it.

We are quite happy with the product and its stability, but the problem is the lack of support, which is one of the major issues that we are facing. I really look forward to them providing proper technical support.

I would rate McAfee ESM a seven out of ten.

We are a service provider and we implement it for our customers, as well as use it internally.

This is a SIEM product that makes up part of our overall security solution.

Compared to other solutions, the user interface is good.

The correlations that it discovers are helpful.

The reporting is good.

The only drawback is that they don't have any packet capturing or network behavior analysis. Including network behavior analysis in the future would be a good addition.

The speed of technical support can be improved.

We have been using McAfee ESM for between five and six years.

We have had no issues with stability.

If we want to increase or expand then we just have to add devices, so it should not be a problem.

I would say that the technical support is not very prompt, but the end result is good. 

We also work with Splunk and we have experience with similar solutions such as IBM QRadar.

The initial setup is pretty much straightforward. We haven't had any problem.

The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar.

The suitability of McAfee ESM is based on the requirements. If a customer is specifically looking for log and event analysis, with the correlations, then this solution is a good choice. If instead, they are looking for network behavior analytics then they should consider IBM QRader or something else.

I would rate this solution an eight out of ten.

The security can't be compromised. The security features on offer are the most valuable feature and are why it's really worth having as a product like this in our organization.

The user interface could be more user-friendly.

Technical support could be improved.

I've been using the solution for two or three years.

The solution is 100% stable. We really have had a great time working with it. It hasn't let us down.

We've been satisfied with the level of scalability the solution offers us.

We've had some issues in the past and have had their Pakistani representative here. We've also communicated with foreign branches of technical support. The solution offers okay assistance. It's not a mature solution like Fortinet or Watchguard, but it's still providing okay service. I'd say the help we've received is largely mixed. It's been 50/50 in terms of resolving our issues.

It's a fairly low-cost solution, so the pricing is pretty good.

I'd rate the solution eight out of ten. If it was more user-friendly, I'd mark it higher. Right now, technical people working on the solution don't understand what it is are trying to communicate in its tabs. As a company, you need to have a certified or experienced McAfee engineer there or on staff to guide you.

I'd recommend the product, however. It's a nice, robust product.

We use this solution to provide managed security services. We use loggers at the client site to generate logs for monitoring their devices. We handle the monitoring, administration, and troubleshooting of their endpoints.

For some customers, we manage everything, while for other customers we only monitor their critical devices.

We are using an on-premises deployment model.

This solution helps us to provide services for our clients and integrates well with their other technologies.

The most valuable features of this solution are the logging and the dashboards.

This solution integrates easily and very well with other technologies. We are creating custom connectors for some of the technologies that our customers are using.

We are having trouble migrating our data sources from version 10 to version 11.2. We cannot add new data sources to the most recent version.

I would like to see the Active Response function enhanced.

The stability of this solution is good. So far, we have not faced much downtime. The issues that we are currently experiencing, moving versions, did not happen the last time we upgraded. This is really the first trouble that we have had.

This solution is very scalable.

We have four or five customers that we are performing monitoring for. Their user-base varies, with some having fifty users and some having more than one thousand users.

We do plan to increase our usage and have had meetings with McAfee as a partner. We would be offering this solution exclusively to our clients. 

Technical support, as well as their online knowledge base, has helped us a lot. However, our current issue with respect to not being able to add new data sources was reported two weeks ago and it has not yet been resolved.

I think that technical support can be improved in terms of providing quicker resolutions to problems.

We did not previously offer a different solution to our customers. We are currently onboarding Splunk to work concurrently with this solution, but it depends on the customer. Splunk is a little bit expensive.

The initial setup of this solution is easy. There is no problem with it.

Our deployment took about one week. It involved upgrading to the new version and adding the data sources. Integration of the new devices was not complex.

Two people are required for the deployment, with one being from our side and one from the client's side.

We hired consultants to assist with our deployment. We have had a good experience with them and they are still supporting us to deal with any issues or errors.

The cost is dependent on the customer's environment and requirements.

We have experience using ArcSight, but it is very difficult when it comes to creating the connector to integrate with different technologies.

We spend time evaluating each customer's business model and offer them the appropriate solution.

From my perspective, for anyone with a small or medium-sized business, this is the best solution. It is easy to deploy and it is less, from a cost point of view, than others.

I would rate this solution a nine out of ten.

We use this solution to monitor everything in our hybrid-cloud environment. This includes IoT devices and a couple of data centers.

We are now able to completely monitor our environment so we can review what is there, which is a big win for us. This solution helps with the maturity of our environment.

Using the out-of-the-box rules has made our work more relaxing.

There are more than two hundred out-of-the-box rules.

We have been using the advanced correlation agent.

Technical support for this product could be improved.

I would like to see improvements to the user interface.

It would be helpful to have a diagram in the interface that shows the actions.

This is a very stable solution, although there are some bugs in the GUI.

This solution is very scalable from my perspective. We have around twenty-five users. We have level one users, which are operation analysts. We also have level two users, who take care of daily operations. Level two includes, for example, handling the rules on the creation of users. Everything is segregated. We also have a second engineer.  

We have had issues where we had to contact technical support. While they answered ok, the timing may have been a little slow.

We used another solution prior to this one.

The initial setup of this solution was very clear. We followed the instructions on the web page, and there were no problems. The deployment was really quick and completed within a couple of hours.

We performed the implementation ourselves.

We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees.

We evaluated several other options before choosing this one, including Elasticsearch.

I recommend trying this product. This is a quality solution at a fair price.

I would rate this solution an eight out of ten.

My primary use case for this solution is to secure the data on my laptop.

If I lost my computer somewhere then hopefully the software will protect my data from anyone.

The ability to secure my data is the most important feature.

It is easy to use. I just need to enter the username and the password and it protects my data.

I would like to see fingerprint recognition included in the next release of this solution.

I have not used technical support for the product.

My company did use another product previous to this one but I do not know why they switched.

The installation and setup of this solution is straightforward.

I handled the deployment myself.

This is a product that I would recommend to a colleague at another company.

I would rate this solution an eight out of ten.

The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it. It doesn't just stop everything but actually tells you there's a quarantine, that these files are in quarantine. You have to deal with them. That's good.

If you don't keep up with updates, they pop up until you actually do something. That's a good thing because we want protection.

There are a lot of things that could be part of future editions. One would be to speed up the scanning of email. As emails come in, it takes a lot of time to scan through them, whether you're on your computer or on your phone. If it were a little quicker doing that, that would be helpful. That's not a new feature but speed always counts.

The only issue I have with McAfee is the amount of computer resources that it takes. When you're running the program it really is heavy on the computer resources. It only impacts staff productivity when it's running the updates. However, it's definitely impacting some of the other applications that are running on a computer at the same time.

McAfee has been around for so long. It's a stable product. They've worked out a lot of glitches, a lot of bugs. There are always new bugs introduced with any product, but it's a stable product.

They do pretty well with scalability because McAfee has so many different solutions. There's a personal edition, then you have a small business edition, and there's an enterprise edition. It can be scaled, and I think they've done a good job.

The setup is pretty good. The only problem is when you're trying to remove a certain version It takes a long time because McAfee keeps a lot of files in the source, on the computer, so you really have to make sure that you delete everything when you're removing the software. When you install a different version of McAfee you need to make sure that you grab all the files and clean the computer out.

Using it, I haven't noticed any difference in the mean time it takes us to detect and respond to threats.

We've been happy with it so far. McAfee is a company whose products we've used quite a bit in the last 20 years so I'm familiar with them. McAfee is a very strong company; it's used around the world.