Content

McAfee Enterprise Security Manager (ESM) 11.3

McAfee Enterprise Security Manager (ESM) has a variety of agentless log collection methods and unlimited scaling that provide drastic performance improvements and rapid communication between SIEM technologies and external tools. Remote host command execution supports products without direct integration.

ESM has a generic web API and next-gen collector that simplify the work associated with bringing in events from new data sources. ESM can support new cloud services as they become available, thereby reducing rework. The platform contains a data source diagnostic tool that automatically troubleshoots data sources that no longer send events to the receiver, keeping ESM functioning as expected. After all, a SIEM is only as good as the data put into it.

One thing we believe McAfee ESM could do without is leveraging Adobe Flash Player for components of the platform. We view Adobe Flash Player as an outdated way of operating. Other than that, we really liked the look and feel of the dashboard. Subscribers may choose from several highly flexible, out-of-the-box templates, ensuring that summaries and overviews meet business-specific needs and reach optimal usability. Customization options include dark mode, integration with Active Directory, the ability to have multiple views open simultaneously and a do-not-disturb mode that hides system notifications. The dashboard supports extensive drilldown functionality, covering a breadth of event details such as geolocation, description, log data and others.

Raw log storages are available with or without compression. Raw data can be compressed up to a 14:1 ratio to minimize space usage. The enterprise log search indexes the raw data to display it within the enterprise log manager. This feature provides security teams with the ability to efficiently perform threat management, threat hunting and threat investigation.

McAfee has built its reputation on enterprise manageability at a large scale and that legacy continues with ESM. Several orchestration and automation components in this platform, including threat detection and remediation, contribute to its efficiency. Along with the 1B+ sensors that feed data into threat intelligence and the threat watchlists that can be created, four distinct correlation engines add context and enrichment to threat data, giving security teams a better understanding of any events that have occurred. There is no need to learn special syntax or deal with complex correlational analysis because everything is UI-driven.  

The automation, orchestration and extensive customizability in ESM effectively simplify security operations so that analysts can act on threats with confidence. ESM even supports pre-emptive blacklisting, giving analysts the ability to block communication with specific IP addresses for a set amount of time or indefinitely.

Pricing starts at $42,000 for a combo box and includes access to a knowledgebase and FAQ list. 24/7 phone, email and website support are available for 20 percent of the product purchase price. There is a question mark icon built directly into the dashboard that conveniently references product documentation.

Tested by: Matthew Hreben

Product title
McAfee Enterprise Security Manager (ESM) 11.3
Product info
Vendor: McAfee, LLC Contact: www.mcafee.com Price: $42,000 for a combo box
Strength
There is no need to learn special syntax or deal with complex correlational analysis because everything is UI-driven. There is a data source diagnostic tool that automatically troubleshoots data sources to keep ESM functioning as expected.
Weakness
One thing we believe McAfee ESM could do without is leveraging Adobe Flash Player for components of the platform. We view Adobe Flash Player as an outdated way of operating.
Verdict
The automation, orchestration and extensive customizability in ESM effectively simplify security operations so that analysts can act on threats with confidence.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds