An appliance that has this much power must be difficult to configure, right? Not at all. The initial setup process takes just a few minutes and can be done directly on the LCD screen on front of the appliance. This is where all the network configuration is done, and after the appliance is connected to the network all further management is done via a web GUI. We found this interface to be one of our favorite parts of the appliance. The management interface is loaded with visuals and dashboards that include many charts and graphs that can be drilled down into all the way to raw log data. Dashboards also can be customized to meet the analysis needs of the user by simply adding or removing the various dashboard modules.
This product can take logs from just about anything with an IP address, but what makes it stand out is its Database Activity Monitor and Application Data Monitor. Using these two features, security administrators can easily collect data from database and application logs for deep forensic analysis. The ESM also comes preloaded with more than 200 different predefined compliance report templates, along with a reporting function that enables the creation of custom reports quickly and easily.
Documentation included an installation and a full user guide. We found these materials to be complete and well-organized.
McAfee offers customers 24/7 phone- and email-based technical assistance as part of an annual agreement. Customers also can access a web-based portal via the website, which includes a knowledge base, downloads, support case management and other resources.
At a price just shy of $39,000, this product may seem quite expensive at first. However, we find that its combination of features, paired with the solid correlation engine and backend database, make it an excellent value for the money. The tool can provide security event management and analysis along with forensic capability that is easy to deploy for almost any size environment.