4 out of 5.0, Reviewed Nov 29, 2016
Overall, this vendor provided the most reliable and extensible solution for the price. Past Security managers had purchased other solutions which were largely abandoned due to implementation woes and lack of buy-in. The McAfee suite's recent implementation suffered from none of those woes, and was successfully put in place with minimal fuss.
Examine other options and get customer feedback. This suite fit our needs, but your mileage may vary.
Ease of reporting!
Output formatting takes some tweaking before appearing professional and easily parsed.
Engage with the organization on a broader scale instead of having a single point of contact.
Adequately resource and publicize (within the department) a solution before purchase.
4 out of 5.0, Reviewed Jul 4, 2016
The product is highly easy to manage and have a lot of platforms to connect by default.
McAfee SIEM is the simplest
All alerts must be asigned to groups which is very limitation.
We made some contact with the support and we got the right answers easily.
The deployment process is long like other SIEM products and the integration to other vendor and systems is good by default.
4 out of 5.0, Reviewed Jun 15, 2016
The product works as expected and has greatly reduced the amount of time I spend pulling logs for our PCI audit. Documentation deploying the collection agent to sites that could not be polled via WMI was nonexistent. It took support several months of trial and error to get us workable documentation to deploy this agent in bulk. I was told ePO customers do not have this challenge.
Ensure you have a good plan for collecting logs from systems that cannot be deployed via WMI.
The API has proved very handy in solving automation challenges.
Lack of documentation.
Data sources need to be added to the SIEM as there is no auto discovery feature. Such a feature could reduce the workload required to manage the SIEM.
Evaluate managed solutions deeper.
Support is good once you get them on the phone but response times are not great.
Some of the documentation was lacking. The flexibility of the API in combination with the ability to write custom parsers has made the product very flexible.
4 out of 5.0, Reviewed Jun 13, 2016
Complex to implement, but worth the work in the end.
Make sure you fully understand what you are getting into and choose a capable partner.
Ability to provide robust data and understanding of what is happening on the network.
Worked with you to develop use cases.
Put more time into use cases upfront.
Purchased Platinum support. Found it to be worth the investment.
3 out of 5.0, Reviewed Mar 4, 2016
the SIEM is good and usable.
ensure to provice indepth training to your users.
need to be able to export to excel.
utilize the risk rating from out of the box.
2 out of 5.0, Reviewed Feb 26, 2016
Customer support is very poor. Typically cases stay open for months at a time. Frequently the vendor closes the ticket without notifying the customer and without a resolution. Support also has a tendency to deny there is a bug or problem and pushes the customer to open a product enhancement request (PER). Those PERs hardly ever turn into actual features. Once Mcafee acquired NitroSecurity the product became even more unstable and had frequent patch updates. The patches tended to be buggy and then required hotfixes within a couple weeks. They were always pushing to upgrade and the upgrades tended to introduce more problems than they were supposed to solve.
Do not buy Mcafee ESM as your SIEM.
I don't. We have purchased Splunk and I would like us to migrate everything off of Mcafee ESM SIEM to Splunk so we could decommission it.
Support or lack thereof.
One thing? End-of-Life this product.
2 out of 5.0, Reviewed Nov 3, 2015
Our expectation to scale this solution to be a large scale log consolidation platform was ill-advised. The solution seems to have some value as a SIEM, but was almost unuseable with the sheer volume we threw at it. The vendor was very diffciult to work with in terms of scaling the solution. Much of this was purely technitacal limitation of the underlying architecture. Go into this solution understanding what its scalability limits will be and ensure that your expectations are in-line with this. If you are looking for a "big data" analystics solution for security/log events - proceed with caution.
Be VERY clear in the deliverables/milestones for project implementation with the vendor. Quantify performance requirements so that you can actually use the analytics real-time, rather than taking a nap while reports generate.
Reputation and accessibility of the vendor.
Scalability and performance at scale.
Push back on the use-case if it doesn't fit the technology. Don't say "yes" we can do that if the user experience will be poor.
We would likely NOT try to address enterprise log management and SIEM funtionality in the same solution. Not all logging requirements are inherently intersting from a security perspective.
Undergoing constant modifications and tuning in an effort to fix the solution.
3 out of 5.0, Reviewed Oct 5, 2015
The product works as advertised.
Plan, plan, plan.
Ease of use.
plan the implemention better
The product is in process of evaluation.
4 out of 5.0, Reviewed Jun 16, 2015
I am 100% more pleased with my department's IT security than before I engaged McAfee fully
Fully understand what is needed, what can be achieved and your vendor
Added confidence in our department's overall IT security
It is complex and requires professional services training for each major feature
Pleased at this point
Implement full security suite options years earlier
Still haven't implemented all features but we will
Service and support are very good
Professional services group was excellent to work with
2 out of 5.0, Reviewed Jun 15, 2015
Overall poor performance and poor indexing configurability.
Consider scalability significantly beyond initial planning stages. Plan for enterprise-wide adoption and potential adoption across additional platforms outside of initial scoping.
Indexing configurability, UI
Indexing and UI signifcantly lag other similar products
Very little interaction with support. Handled largely through other teams.