Good reporting, correlation capability, and user interface
Pros and Cons
"Compared to other solutions, the user interface is good."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
What is our primary use case?
We are a service provider and we implement it for our customers, as well as use it internally.
This is a SIEM product that makes up part of our overall security solution.
What is most valuable?
Compared to other solutions, the user interface is good.
The correlations that it discovers are helpful.
The reporting is good.
What needs improvement?
The only drawback is that they don't have any packet capturing or network behavior analysis. Including network behavior analysis in the future would be a good addition.
The speed of technical support can be improved.
For how long have I used the solution?
We have been using McAfee ESM for between five and six years.
What do I think about the stability of the solution?
We have had no issues with stability.
What do I think about the scalability of the solution?
If we want to increase or expand then we just have to add devices, so it should not be a problem.
How are customer service and technical support?
I would say that the technical support is not very prompt, but the end result is good.
Which solution did I use previously and why did I switch?
We also work with Splunk and we have experience with similar solutions such as IBM QRadar.
How was the initial setup?
The initial setup is pretty much straightforward. We haven't had any problem.
What's my experience with pricing, setup cost, and licensing?
The pricing is good, and they are competitive compared to providers such as RSA and IBM QRadar.
What other advice do I have?
The suitability of McAfee ESM is based on the requirements. If a customer is specifically looking for log and event analysis, with the correlations, then this solution is a good choice. If instead, they are looking for network behavior analytics then they should consider IBM QRader or something else.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Disclosure: My company has a business relationship with this vendor other than being a customer: partner