McAfee Enterprise Security Manager
April 01, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Feature-rich and highly customizable, this tool is loaded with templates and prebuilt reports.
- Weaknesses: None that we found.
- Verdict: Great to see this old friend in a new environment. It’s powerful, easy to use and receives our Best Buy designation.
The McAfee Enterprise Security Manager is back this year after a full transformation from its former self, the NitroView ESM. Many of the obvious differences are skin deep, and much of the robustness of the previous product remain intact, including the familiar management console, but more on that shortly. For those who do not know this product, the Enterprise Security Manager is the ultimate high-powered SIEM. This tool uses a proprietary backend database that allows it to collect more than 18,000 events per second from a single receiver and feed them through an advanced correlation engine for deep analysis.
We found this appliance to be quite easy to deploy, configure and manage. The initial deployment is done by manually setting network and IP information on the device through a monitor and keyboard connection. After that, all further management and configuration is done via the web-based management interface. We found the management interface to be easy and intuitive to navigate and to feature many easy-to-read charts and graphs. The dashboard itself is built on Flash, so it can be customized to include information that is relevant to a specific user, such as a security engineer or system administrator. The appliance also comes preloaded with many already configured dashboards.
From a functionality standpoint, this appliance has it all. On top of prebuilt dashboards, many interactive charts and graphs, the ability to take data and logs from almost any source that has an IP address, and the ability to drill down into raw log data quickly and easily, this product also features a multitude of prebuilt compliance reporting tools. The Enterprise Security Manager comes loaded with reports for PCI-DSS, HIPAA, NERC-CIP, FISMA, GLBA and SOX, along with several others. Aside from reporting on events after they happen, this product also can help predict threats before they occur. This is done by monitoring and managing a baseline of activity while continuously looking for anomalies.
Documentation included installation and administrator guides in PDF format. The installation guide provided an excellent amount of detail on how to get the appliance up and running, as well as some basic configuration procedures. The user guide focused on overall use and management along with report creation and other tasks. We found all documentation to be well-organized and easy to follow with many step-by-step instructions and screen shots.
McAfee includes the first year of product and technical support as part of the purchase price. After the first year, customers can purchase additional aid through a contract. This includes phone- and email-based technical assistance at both eight-hours-a-day/five-days-a-week or 24/7 levels.
At a price just shy of $48,000, this product carries a big price tag. However, we find it provides a lot of bang for the buck. The McAfee Enterprise Security Manager is a robust and feature-rich appliance that is easy to use and manage.
SC Magazine Articles
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- USAA members hit with multiple phishing attacks
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- WikiLeaks postings of Turkish emails included active links to malware
- U.S. government extends offer to protect states from electoral cyberthreats
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought
- Researchers quell Wildfire ransomware with decryption key
- The media becomes the story as hackers focus efforts on news organizations
- Twitoor first Android malware known to leverage Twitter for command and control
- Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet
- Ransomware: The evolution of cybercrime, a roundtable