The McAfee Enterprise Security Manager is back this year after a full transformation from its former self, the NitroView ESM. Many of the obvious differences are skin deep, and much of the robustness of the previous product remain intact, including the familiar management console, but more on that shortly. For those who do not know this product, the Enterprise Security Manager is the ultimate high-powered SIEM. This tool uses a proprietary backend database that allows it to collect more than 18,000 events per second from a single receiver and feed them through an advanced correlation engine for deep analysis.
We found this appliance to be quite easy to deploy, configure and manage. The initial deployment is done by manually setting network and IP information on the device through a monitor and keyboard connection. After that, all further management and configuration is done via the web-based management interface. We found the management interface to be easy and intuitive to navigate and to feature many easy-to-read charts and graphs. The dashboard itself is built on Flash, so it can be customized to include information that is relevant to a specific user, such as a security engineer or system administrator. The appliance also comes preloaded with many already configured dashboards.
From a functionality standpoint, this appliance has it all. On top of prebuilt dashboards, many interactive charts and graphs, the ability to take data and logs from almost any source that has an IP address, and the ability to drill down into raw log data quickly and easily, this product also features a multitude of prebuilt compliance reporting tools. The Enterprise Security Manager comes loaded with reports for PCI-DSS, HIPAA, NERC-CIP, FISMA, GLBA and SOX, along with several others. Aside from reporting on events after they happen, this product also can help predict threats before they occur. This is done by monitoring and managing a baseline of activity while continuously looking for anomalies.
Documentation included installation and administrator guides in PDF format. The installation guide provided an excellent amount of detail on how to get the appliance up and running, as well as some basic configuration procedures. The user guide focused on overall use and management along with report creation and other tasks. We found all documentation to be well-organized and easy to follow with many step-by-step instructions and screen shots.
McAfee includes the first year of product and technical support as part of the purchase price. After the first year, customers can purchase additional aid through a contract. This includes phone- and email-based technical assistance at both eight-hours-a-day/five-days-a-week or 24/7 levels.
At a price just shy of $48,000, this product carries a big price tag. However, we find it provides a lot of bang for the buck. The McAfee Enterprise Security Manager is a robust and feature-rich appliance that is easy to use and manage.