McAfee Enterprise Security Manager v9.3.2
April 01, 2014
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Capable of supporting thousands of events per second with a huge rule set and extensive reporting options.
- Weaknesses: Slightly unintuitive user interface.
- Verdict: A heavy duty SIEM platform which performs well under the heaviest event load.
Enterprise Security Manager from McAfee is a truly enterprise-grade SIEM. Able to process thousands of events per second and store billions of events and flows, it offers great visibility into network activity for customers of any size.
The initial configuration was easy. After unboxing the appliance and making the normal physical connections, we powered on the device and were presented with an ASCII menu. Through that menu we configured a management IP, which allowed us to access the product's Flash-based web interface. Upon logging in, a configuration wizard popped up, which guided us through changing the default logins, configuring date/time information and configuring additional network interfaces. We were given the option of configuring a secondary management interface, as well as multiple monitoring interfaces - which are not actually assigned IP addresses, adding a degree of stealth to the product. After completing the wizard, we added data sources and the tool began processing.
Enterprise Security Manager is actually a suite of products composed of a number of different components, divided into the Interface, Data Storage, Management and Analysis and Data Acquisition categories. The Data Acquisition category consists primarily of such standalone components as the Nitro IPS; the Application Data Monitor, which captures data provided by the IPS service; and the Database Event Monitor, which handles information on the collection, analysis, audit trails and reporting on database access for a number of database platforms. It also includes the Event Receiver service, which handles the acquisition of syslog and flow data to the storage and analysis engine.
The Data Storage, Management and Analysis components cover the Advanced Correlation Engine, which is a standalone appliance that offloads correlation activities from the primary Enterprise Security Manager; the Enterprise Log Manager, which handles the storage, management and access to log data; and the Enterprise Security Manager itself, which is the central administration point for the entire product suite, controls all component communication via encrypted channels and hosts the product's user interface.
McAfee's product documentation is top-notch. PDF files are downloadable through the company's support portal, which cover the product's installation, administration and general use. Content from those guides are also available on the device itself through its help feature.
McAfee offers a number of different support options. The gold business support package includes daily product updates, upgrades and malware alerts and analysis services. It also includes chat, web and 24/7 phone support, best practices guides and online test environments. The gold enhanced business support option adds access to product specialists, and the platinum support tier provides a named support account manager.
The tool is priced at $47,994, which includes the first year of support. The gold level software and advanced return merchandise authorization (RMA) costs $9,598, and one year of next-business-day onsite support is $9,598.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes