McAfee Enterprise Security Manager v9.3.2
April 01, 2014
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Capable of supporting thousands of events per second with a huge rule set and extensive reporting options.
- Weaknesses: Slightly unintuitive user interface.
- Verdict: A heavy duty SIEM platform which performs well under the heaviest event load.
Enterprise Security Manager from McAfee is a truly enterprise-grade SIEM. Able to process thousands of events per second and store billions of events and flows, it offers great visibility into network activity for customers of any size.
The initial configuration was easy. After unboxing the appliance and making the normal physical connections, we powered on the device and were presented with an ASCII menu. Through that menu we configured a management IP, which allowed us to access the product's Flash-based web interface. Upon logging in, a configuration wizard popped up, which guided us through changing the default logins, configuring date/time information and configuring additional network interfaces. We were given the option of configuring a secondary management interface, as well as multiple monitoring interfaces - which are not actually assigned IP addresses, adding a degree of stealth to the product. After completing the wizard, we added data sources and the tool began processing.
Enterprise Security Manager is actually a suite of products composed of a number of different components, divided into the Interface, Data Storage, Management and Analysis and Data Acquisition categories. The Data Acquisition category consists primarily of such standalone components as the Nitro IPS; the Application Data Monitor, which captures data provided by the IPS service; and the Database Event Monitor, which handles information on the collection, analysis, audit trails and reporting on database access for a number of database platforms. It also includes the Event Receiver service, which handles the acquisition of syslog and flow data to the storage and analysis engine.
The Data Storage, Management and Analysis components cover the Advanced Correlation Engine, which is a standalone appliance that offloads correlation activities from the primary Enterprise Security Manager; the Enterprise Log Manager, which handles the storage, management and access to log data; and the Enterprise Security Manager itself, which is the central administration point for the entire product suite, controls all component communication via encrypted channels and hosts the product's user interface.
McAfee's product documentation is top-notch. PDF files are downloadable through the company's support portal, which cover the product's installation, administration and general use. Content from those guides are also available on the device itself through its help feature.
McAfee offers a number of different support options. The gold business support package includes daily product updates, upgrades and malware alerts and analysis services. It also includes chat, web and 24/7 phone support, best practices guides and online test environments. The gold enhanced business support option adds access to product specialists, and the platinum support tier provides a named support account manager.
The tool is priced at $47,994, which includes the first year of support. The gold level software and advanced return merchandise authorization (RMA) costs $9,598, and one year of next-business-day onsite support is $9,598.
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards