McAfee Enterprise Security Manager
Strengths: Feature-rich and highly customisable, this tool is loaded with templates and pre-built reports
Weaknesses: Nothing that we found
Verdict: Great to see this old friend in a new environment. It is powerful, easy to use and receives our Best Buy designation
McAfee Enterprise Security Manager is back this year after a full transformation from its former self, the Nitro ESM. Many of the obvious differences are skin deep and much of the robustness of the previous product remain intact, including the familiar management console.
For those who do not know this product, the Enterprise Security Manager is the ultimate high-powered SIEM. It uses a proprietary backend database that allows it to collect more than 18,000 events per second from a single receiver and feed them through an advanced correlation engine for deep analysis.
We found this appliance to be quite easy to deploy, configure and manage. The initial deployment is done by manually setting network and IP information through a monitor and keyboard connected to the appliance. After that, all further management and configuration is done via the web-based management interface, which we found to be easy and intuitive to navigate and to feature many easy-to-read charts and graphs. The dashboard itself is built on Flash, so it can be customised to include information that is relevant to a specific user, such as a security engineer or system administrator. The appliance also comes preloaded with many already configured dashboards.
From a functionality standpoint, McAfee ESM has it all. On top of prebuilt dashboards, many interactive charts and graphs, the ability to take data and logs from almost any source that has an IP address, and the ability to drill down into raw log data quickly and easily, it also features a multitude of prebuilt compliance reporting tools. It comes loaded with reports for PCI DSS, HIPAA, NERC-CIP, FISMA, GLBA and SOX, along with several others. Aside from reporting on events after they happen, this product can also help predict threats before they occur. This is done by monitoring and managing a baseline of activity while continuously looking for anomalies.
Documentation included installation and administrator guides in PDF format. The installation guide provided an excellent amount of detail on how to get the appliance up and running, as well as some basic configuration procedures. The user guide focused on overall use and management of the appliance, along with report creation. We found these to be well organised and easy to follow with many step-by-step instructions and screenshots.
McAfee includes the first year of product and technical support as part of the purchase price. After the first year, customers can purchase additional aid through a contract. This includes phone- and email-based technical assistance at eight-hours-a-day/five-days-a-week or 24/7 levels, as well as hardware support. Customers also have access to a large support area via the website, which includes a knowledgebase and product documentation.
At a price of £27,800, this product carries a big price tag. However, we find it provides a lot of bang for the buck. McAfee Enterprise Security Manager is a robust and feature-rich appliance that is easy to use and manage.