Please share with the community what you think needs improvement with McAfee Total Protection for Data Loss Prevention.
What are its weaknesses? What would you like to see changed in a future version?
In my experience, it's not really user-friendly for me, in terms of how I navigate with the ePolicy Orchestrator. They need to upgrade their management console. You can't navigate McAfee without going through all of the administration and product guides. You have to read everything first before you navigate it. That's how it was for me, at least, in my experience. However, in my colleague's case, that didn't happen and I don't know why I can't just navigate the McAfee management console without reading first the administrator or product guide. What's really tedious about reading those things is that the documents are separate. The product guide and the administrator guide for the DLP solution are quite different from the administrator guide and product guide of the ePolicy Orchestrator. They need to improve more with partial matching and exact data matching. The partial matching and the exact data matching are features of Symantec. There, it's pretty sophisticated. If McAfee wants to catch up with that, they have to upgrade their partial matching capabilities. We also had a client who wanted to have at least three, two to three, set of conditions on a single policy or on a single rule, to have that kind of combination. For example, a combination of a serial number from a device, from a removable device, plus a user and a computer or the hosting or the workstation. That's three combinations. User, computer, and removable device. What they wanted is to have the three pieces of that combination in a single rule, however, we were not able to do that as McAfee conditional statements are only limited to two. That's something that they need also to improve. They need to make it more flexible.
The interface can be improved, it's too cluttered.
We've had issues with the Lower and Upper filter of the device control module. Technical support doesn't really offer fast response times. They could continue to refine their defense on signature attacks.
We're not very satisfied with the solution. There are some bugs on it that we've been having to deal with. Due to this fact, we've been looking for other options. McAfee in India really isn't working the way it should right now. The solution needs to improve its EDR systems. The solution needs to be a one-stop protection shop. And yet, the DLP isn't strong. Anyone can break it quite easily. The solution takes up a lot of hardware space and uses too much RAM and CPU. It sucks up our resources due to multiple processes. The processing time is too low. Each and every interval should receive a vulnerability scan, and yet McAfee can't seem to do this. On top f that there are bugs within it that make checking vulnerabilities a problem. Customer support is terrible. Compliance is also very bad.
The interface is very complicated to use and it is easy to forget how it works. There needs to be support for blocking the sending of files by email because even if you block or remove an external disk, the files are not protected. As long as the files can still be sent via email, it is useless to protect them from being copied to an external drive.
The technology would provide a DLL hook injection into memory to monitor processes as they were inserted into memory. Assuming they pass the other tests from the AV side, and they're allowed to be inserted into the memory, then the DLL hooks allowed the product to monitor those processes for injection, or for any risk. That worked some of the time but didn't work on everything. We found ways to inject code into processes that were being monitored and it was a silent failure. The solution didn't see everything. It did a good job of just stopping the insertion of malicious code from normal sources, but more advanced items it didn't catch. It was a silent failure on some of the more advanced attacks. The solution needs an easier integration in heterogeneous and dynamic environments. The product needs to offer more protection for memory-based attacks.
One thing that would help us is if the McAfee agent that we install on virtual machines became lighter. It is a bit heavy for installation on virtual machines and it uses too much in the way of resources. It takes a lot of the CPU, the RAM, and other resources in comparison to some other application like Kaspersky. Kaspersky Security Solution is a lighter solution than McAfee. McAfee is a little heavy for many installations and does not work for all clients and situations. It would also be good if the McAfee solution contained specialized features just for the virtual desktop. Some brands of security solutions already have this type of feature which makes it easier to use them for desktop virtualization. I can not find that currently in the McAfee product.
Both the pricing and the support for this product could be improved. I think the support comes at a very high cost. In our case, there are some regions where we do not pay McAfee for support because they do not provide the support quickly or they do not have the capacity to support our needs completely. It depends on the case and where the client is. It is not just the support that is expensive, I would like to see better pricing for the product licensing. Feature-wise, I would like enhancements added to the GUI interface to make it more well-designed, user-friendly, and user-intuitive while adding other features to help users work with the product more easily.
What do you like most about McAfee Total Protection for Data Loss Prevention?
Thanks for sharing your thoughts with the community!