We just raised a $30M Series A: Read our story

McAfee ESM OverviewUNIXBusinessApplication

McAfee ESM is the #16 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to IBM QRadar: McAfee ESM vs IBM QRadar

What is McAfee ESM?

McAfee Enterprise Security Manager - the foundation of the security information and event management (SIEM) solution family from McAfee delivers the performance, actionable intelligence, and real-time situational awareness at the speed and scale required for security organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.

McAfee ESM is also known as NitroSecurity, McAfee Enterprise Security Manager.

Buyer's Guide

Download the Security Information and Event Management (SIEM) Buyer's Guide including reviews and more. Updated: October 2021

McAfee ESM Customers

San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport

McAfee ESM Video

Pricing Advice

What users are saying about McAfee ESM pricing:
  • "The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."
  • "McAfee is the right choice for a low-budget solution."
  • "The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."
  • "The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar."
  • "We renew our license annually."
  • "The pricing is fair."

McAfee ESM Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
reviewer1285209
Tech Lead at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
A security information and event management solution with a useful search and reporting feature, but cloud integration could be better

Pros and Cons

  • "The most valuable feature in ESM is its search and reporting feature. It's really nice."
  • "Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."

What is our primary use case?

We use McAfee ESM for log storage and audit purposes. Security is the base reason, and we do build content for them.

What is most valuable?

The most valuable feature in ESM is its search and reporting feature. It's really nice.

What needs improvement?

Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved.

In general, every SIEM product has that sort of glitch, some partial development. It's like the enrichment of logging level understanding for a SIEM. More enrichment leads to more understanding and use case improvement. That's the gap there, and you will have technical issues already there with all of the products. They keep on fixing that. It's not a problem. They are fast on that point.

I would like to have some sort of automation module and some sort of SOAR module in the next release. 

For how long have I used the solution?

I have used McAfee ESM over the last 12 months.

What do I think about the stability of the solution?

Stability is good. I can say that because of the way their reporting is running right now. The reporting, dashboard, or their use cases are running in the field of security in the scope of data centers. In the scope of data centers, they're very stable. There isn't a problem with that.

What do I think about the scalability of the solution?

Scalability is good. You can increase their EPS module as EPS is about events per second. The cost goes to the customer if it wants to charge them. It's very scalable. At any point in time, you can scale it up, and you can scale it down. That's not a problem. 

How are customer service and technical support?

The tech support is great. The engineering team helped us well at one point, and they're very good.

How was the initial setup?

The initial setup is straightforward. SIEM isn't a single module component. They have different modules, like the receiver and the console, and the two modules switch. Right now, we have a complex module, and it's compatible. It's not a worry to implement it. 

When it comes to infrastructure deployment, it won't take more than two weeks. The first stage would be procuring the software. If you want to deploy it in your own mediums, or if you want to bring in your own box, it could take a few more days. But once the software and the license are there in your hands, it doesn't take more than a week to get it implemented.

What's my experience with pricing, setup cost, and licensing?

The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended.

What other advice do I have?

I would tell potential customers that ESM has a feature called all in one box. If a customer is full-fledged on an in-house data center model and has extensive products running on Windows, Linux, and Cisco and it's all sitting on-premises, this is a great option to work with all of them. They have a good set of use cases, reports, and dashboards prebuilt.

Right now, people are migrating to different solutions, and security generation is growing very vast, and it's going a step ahead. Everything is coming to the cloud. Everything is fast, and everything is a hybrid network. Because of COVID, everyone is working from home, everyone is accessing data with their own internet line, and everyone is outside the network.

McAfee will fall back a little in this scenario because the cloud integrations aren't extensively available. In this data center, most of the customers will fall back from ESM. They will come and withdraw their existing accounts, and they might move to different SIEM solutions. This is how it could be in the future. If the existing integrations come with the upgrade and if they're able to upgrade, then they might stick back with ESM.

On a scale from one to ten, I would give McAfee ESM a six.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
MV
Senior Security Specialist at a manufacturing company with 10,001+ employees
Real User
Top 20
Easy to implement and user-friendly with an easy notification system, but needs better performance, better threat intelligence, and advanced features

Pros and Cons

  • "It is user-friendly. The notification part of McAfee ESM is very easy."
  • "It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."

What is our primary use case?

We use it for malware detection and authentication or login failures.

How has it helped my organization?

It hasn't been helpful. McAfee is not investing much in this solution to improve it. It cannot cope with the advanced feature that we require, and that's the reason why we are migrating to a new solution.

What is most valuable?

It is user-friendly. The notification part of McAfee ESM is very easy. 

What needs improvement?

It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM.

The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console.

They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee.

For how long have I used the solution?

I have been using this solution for more than six years.

How are customer service and technical support?

Sometimes, they have been helpful, and sometimes, they drag their feet, and it takes days to fix an issue.

Which solution did I use previously and why did I switch?

I have worked on Splunk.

How was the initial setup?

It is easy to implement and not complex. It can be done in a week if the information is ready. Its integration, however, can take a long time depending on the requirements.

What's my experience with pricing, setup cost, and licensing?

McAfee is the right choice for a low-budget solution.

What other advice do I have?

It is suitable for a medium-sized company but not for a big company. A medium-sized company that has less than a thousand data sources and doesn't need to correlate different use cases with different scenarios can go for McAfee because it is user-friendly and doesn't require many skills. McAfee will also be the right choice for a low-budget solution.

We are almost done with using this solution, and we are not going to use McAfee going forward. McAfee ESM is not able to cope with the advanced features. An army cannot do anything without good weapons in hand, and that's the issue with McAfee. They do not have good weapons to investigate.

McAfee ESM is no longer a leader in the Gartner Magic Quadrant. They should improve its performance and invest more in new features. After that, they will come back to the top position.

I would rate McAfee ESM a five out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Find out what your peers are saying about McAfee, Splunk, IBM and others in Security Information and Event Management (SIEM). Updated: October 2021.
540,984 professionals have used our research since 2012.
MA
Information Security Officer at a tech services company with 51-200 employees
MSP
Top 20
It is easy to use and deploy, but it lacks proper support

Pros and Cons

  • "It is easy to use and deploy. It comes with user-friendly manuals."
  • "McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."

What is our primary use case?

We use McAfee ESM for IT operations and a few security-related things. 

What is most valuable?

It is easy to use and deploy. It comes with user-friendly manuals.

What needs improvement?

McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support.

It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better.

For how long have I used the solution?

I have been using McAfee ESM for maybe the last six years. 

What do I think about the stability of the solution?

It has very good stability.

What do I think about the scalability of the solution?

So far, we haven't tried scaling. Because it is on-premises, it is almost a setup environment. We don't do any major changes on the same site because it is quite critical and gets alerts. We don't want to mess up with our configuration.

How are customer service and technical support?

They take a long time, and the technical person who comes from support doesn't seem to be knowledgeable. When something goes wrong on the hardware or the application side, or we need some technical support in filling up use cases, it takes a long time.

We always struggle to get proper support from their technical support team. It seems that there is only one person who is handling the Middle East technical support, and when we don't get that person, we struggle a lot.

How was the initial setup?

The initial setup was straightforward. There were no complications in its deployment.

What about the implementation team?

Its deployment was done by an engineer in our company. 

We are a security team of five members. Whoever a ticket is assigned to handles the cases.

What's my experience with pricing, setup cost, and licensing?

The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it.

What other advice do I have?

We are quite happy with the product and its stability, but the problem is the lack of support, which is one of the major issues that we are facing. I really look forward to them providing proper technical support.

I would rate McAfee ESM a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
KS
Information Security Engineer at a financial services firm with 51-200 employees
Real User
Top 20
Good reporting, correlation capability, and user interface

Pros and Cons

  • "Compared to other solutions, the user interface is good."
  • "The only drawback is that they don't have any packet capturing or network behavior analysis."

What is our primary use case?

We are a service provider and we implement it for our customers, as well as use it internally.

This is a SIEM product that makes up part of our overall security solution.

What is most valuable?

Compared to other solutions, the user interface is good.

The correlations that it discovers are helpful.

The reporting is good.

What needs improvement?

The only drawback is that they don't have any packet capturing or network behavior analysis. Including network behavior analysis in the future would be a good addition.

The speed of technical support can be improved.

For how long have I used the solution?

We have been using McAfee ESM for between five and six years.

What do I think about the stability of the solution?

We have had no issues with stability.

What do I think about the scalability of the solution?

If we want to increase or expand then we just have to add devices, so it should not be a problem.

How are customer service and technical support?

I would say that the technical support is not very prompt, but the end result is good. 

Which solution did I use previously and why did I switch?

We also work with Splunk and we have experience with similar solutions such as IBM QRadar.

How was the initial setup?

The initial setup is pretty much straightforward. We haven't had any problem.

What's my experience with pricing, setup cost, and licensing?

The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar.

What other advice do I have?

The suitability of McAfee ESM is based on the requirements. If a customer is specifically looking for log and event analysis, with the correlations, then this solution is a good choice. If instead, they are looking for network behavior analytics then they should consider IBM QRader or something else.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
AwaisAbbasi
Operations Manager at a aerospace/defense firm with 5,001-10,000 employees
Real User
Top 10
Excellent security features with 100% stability and good scalability capabilities

Pros and Cons

  • "The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
  • "The user interface could be more user-friendly."

What is most valuable?

The security can't be compromised. The security features on offer are the most valuable feature and are why it's really worth having as a product like this in our organization.

What needs improvement?

The user interface could be more user-friendly.

Technical support could be improved.

For how long have I used the solution?

I've been using the solution for two or three years.

What do I think about the stability of the solution?

The solution is 100% stable. We really have had a great time working with it. It hasn't let us down.

What do I think about the scalability of the solution?

We've been satisfied with the level of scalability the solution offers us.

How are customer service and technical support?

We've had some issues in the past and have had their Pakistani representative here. We've also communicated with foreign branches of technical support. The solution offers okay assistance. It's not a mature solution like Fortinet or Watchguard, but it's still providing okay service. I'd say the help we've received is largely mixed. It's been 50/50 in terms of resolving our issues.

What's my experience with pricing, setup cost, and licensing?

It's a fairly low-cost solution, so the pricing is pretty good.

What other advice do I have?

I'd rate the solution eight out of ten. If it was more user-friendly, I'd mark it higher. Right now, technical people working on the solution don't understand what it is are trying to communicate in its tabs. As a company, you need to have a certified or experienced McAfee engineer there or on staff to guide you.

I'd recommend the product, however. It's a nice, robust product.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Selina Aldefolla
Information Security Officer at a healthcare company with 1,001-5,000 employees
Real User
Top 10
Good threat protection and fast support, but it's complex to use

Pros and Cons

  • "It enables us to detect malicious threats, issues, or vulnerabilities in our network."
  • "We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."

What is our primary use case?

We implement it in our hospital applications.

How has it helped my organization?

It has been very helpful to our company. It enables us to detect malicious threats, issues, or vulnerabilities in our network.

What needs improvement?

We acquired the IBM product because McAfee is slightly confusing to use, and it's broader.

For how long have I used the solution?

I have used McAfee ESM for three years.

We are using Version 11.

What do I think about the scalability of the solution?

It's scalable, and we can implement our network use cases.

We have five users in our organization.

How are customer service and technical support?

The technical support is fast and they have been helpful in resolving our issues.

Which solution did I use previously and why did I switch?

Previously, I did not use another solution. McAfee ESM is the only solution I know.

How was the initial setup?

I was not a part of the installation. It was installed before I joined the company.

What about the implementation team?

We had help from the McAfee teams in Singapore and India. We also had some help from Trend Micro and one colleague from our company.

What's my experience with pricing, setup cost, and licensing?

We renew our license annually.

What other advice do I have?

We have just acquired IBM QRadar. It is still in the implementation process. We have not used it.

Last January, our Adobe has come to its end of life, and we can not use it anymore.

I can recommend this solution. 

I would rate McAfee ESM a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
LL
VP Cyber Security & IT at a computer software company with 1,001-5,000 employees
Real User
Top 20
Easy and fast to deploy, good correlation rules, and scales well

What is our primary use case?

I work with an integration company and implement tools such as McAfee ESM. We are an MSSP for a lot of clients. We gather their logs, correlate them, create rules, and assume the role of their SOC. We have skilled operators 24/7 who take care of these clients.

What is most valuable?

The most valuable feature is the correlation rules. This product is easy to use.

What needs improvement?

There should be support for multitenancy in the product. Because they don't have it, I think it is the biggest improvement that the vendor could make.

For how long have I used the solution?

I have been working with McAfee ESM for approximately eight years.

What do I think about the scalability of the solution?

This is a very scalable product. In the…

What is our primary use case?

I work with an integration company and implement tools such as McAfee ESM.

We are an MSSP for a lot of clients. We gather their logs, correlate them, create rules, and assume the role of their SOC. We have skilled operators 24/7 who take care of these clients.

What is most valuable?

The most valuable feature is the correlation rules.

This product is easy to use.

What needs improvement?

There should be support for multitenancy in the product. Because they don't have it, I think it is the biggest improvement that the vendor could make.

For how long have I used the solution?

I have been working with McAfee ESM for approximately eight years.

What do I think about the scalability of the solution?

This is a very scalable product.

In the on-premises deployment, we have large enterprise clients. For cloud-based deployment, our clients are small to medium-sized companies.

How are customer service and technical support?

Although I am satisified with the technical support, there is room for improvement. The support is not as good as it could be because McAfee has moved so many times.

What's my experience with pricing, setup cost, and licensing?

The initial setup is straightforward and easy to do. The deployment is very fast.

What other advice do I have?

In summary, this is a good product. We have all of the functionality but it needs support for multitenancy and better support.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
SK
Vice President Cyber Security Practice Head at a tech services company with 1,001-5,000 employees
Real User
Top 20
Does not integrate well, and scalability needs improvement but it's fairly priced

What is our primary use case?

We use this solution for correlation, alerting, and log management. We are integrators.

What is most valuable?

I like the ease of deployment.

What needs improvement?

I would like to see good analytics in future releases. McAfee has many issues with integration. I am looking for an end-to-end integration such as EDR, and Next-Generation SOC 2.0. 

For how long have I used the solution?

I have been working with McAfee ESM for 20 years.

What do I think about the scalability of the solution?

We are looking for horizontal and verticle expansion. McAfee has issues with scalability. Other ESM solutions, don't have the same issues.

How are customer service and technical support?

We have not contacted technical support in quite some time. We had…

What is our primary use case?

We use this solution for correlation, alerting, and log management.

We are integrators.

What is most valuable?

I like the ease of deployment.

What needs improvement?

I would like to see good analytics in future releases.

McAfee has many issues with integration. I am looking for an end-to-end integration such as EDR, and Next-Generation SOC 2.0. 

For how long have I used the solution?

I have been working with McAfee ESM for 20 years.

What do I think about the scalability of the solution?

We are looking for horizontal and verticle expansion. McAfee has issues with scalability. Other ESM solutions, don't have the same issues.

How are customer service and technical support?

We have not contacted technical support in quite some time. We had issues with the parsing.

How was the initial setup?

The deployment is easy, but because it is a hybrid deployment which makes it complex. It is partly in the cloud and partly an on-premises deployment. The device will have to access the cloud and on-premises data.

What about the implementation team?

We have an internal team to maintain this solution.

What's my experience with pricing, setup cost, and licensing?

The pricing is fair.

What other advice do I have?

I would recommend this solution to others who are interested in using it.

I would rate McAfee ESM a five out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Download our free Security Information and Event Management (SIEM) Report and find out what your peers are saying about McAfee, Splunk, IBM, and more!