McAfee Enterprise Security Manager v9.3.2
April 01, 2014
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Capable of supporting thousands of events per second with a huge rule set and extensive reporting options.
- Weaknesses: Slightly unintuitive user interface.
- Verdict: A heavy duty SIEM platform which performs well under the heaviest event load.
Enterprise Security Manager from McAfee is a truly enterprise-grade SIEM. Able to process thousands of events per second and store billions of events and flows, it offers great visibility into network activity for customers of any size.
The initial configuration was easy. After unboxing the appliance and making the normal physical connections, we powered on the device and were presented with an ASCII menu. Through that menu we configured a management IP, which allowed us to access the product's Flash-based web interface. Upon logging in, a configuration wizard popped up, which guided us through changing the default logins, configuring date/time information and configuring additional network interfaces. We were given the option of configuring a secondary management interface, as well as multiple monitoring interfaces - which are not actually assigned IP addresses, adding a degree of stealth to the product. After completing the wizard, we added data sources and the tool began processing.
Enterprise Security Manager is actually a suite of products composed of a number of different components, divided into the Interface, Data Storage, Management and Analysis and Data Acquisition categories. The Data Acquisition category consists primarily of such standalone components as the Nitro IPS; the Application Data Monitor, which captures data provided by the IPS service; and the Database Event Monitor, which handles information on the collection, analysis, audit trails and reporting on database access for a number of database platforms. It also includes the Event Receiver service, which handles the acquisition of syslog and flow data to the storage and analysis engine.
The Data Storage, Management and Analysis components cover the Advanced Correlation Engine, which is a standalone appliance that offloads correlation activities from the primary Enterprise Security Manager; the Enterprise Log Manager, which handles the storage, management and access to log data; and the Enterprise Security Manager itself, which is the central administration point for the entire product suite, controls all component communication via encrypted channels and hosts the product's user interface.
McAfee's product documentation is top-notch. PDF files are downloadable through the company's support portal, which cover the product's installation, administration and general use. Content from those guides are also available on the device itself through its help feature.
McAfee offers a number of different support options. The gold business support package includes daily product updates, upgrades and malware alerts and analysis services. It also includes chat, web and around the clock phone support, best practice guides and online test environments. The gold enhanced business support option adds access to product specialists, and the platinum support tier provides a named support account manager.
The tool is priced at £28,973, which includes the first year of support. The gold level software and advanced return merchandise authorisation (RMA) costs £5,794, and one year of next-business-day onsite support is £5,794.Prices are US-based, thus indicative only.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- The information security implications of M&A deals
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears
- Report: Mirai 'is just the tip of the iceberg'
- Avalanche takedown involved searches in 40 countries
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime