Solved

McAfee Enterprise Security Manager (v9.2.0)

Posted on 2013-05-14
2
1,015 Views
Last Modified: 2013-11-29
Hi Experts!

     Wanted to pick your brains for a sec.  For those that have used or have researched extensively McAfee's ESM product, what are some of the pro's and con's of this this SIEM?  Your input is GREATLY APPRECIATED!  

     For example, one of the CON's that I've noticed right off the bat is that you need a minimum of a 22' monitor in order to view the dashboard optimally.  On the other hand, One of the PRO's that I've noticed are that it seems to perform better than QRadar.  e.g. It has few issues with latency or sluggish behavior when refreshing screens or the dashboards.  

     What are some of your pro's and con's with this software?
0
Comment
Question by:itsmevic
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39168078
really if you are looking at SIEM, I suggest you look and demand the functionality and reliability first. Meaning the performance and scalability aspects & the flexible rule detection cum correlation before drilling to the aesthetic parts such as reporting which may have better reporting candidates  (full of graphics, statistic representation..). It essentially is NitroSecurity acquired by McAfee. It is in Leader Garnter quadrant if I recalled...

I see the huge pro is ESM to be "high-performance" such as able to cope with huge EPS e.g. 200K based on clustered or equivalent. Of course, this may not seems significant if it reaches that number by having more boxes, but such EPS is not easily maintained and scaled up to and if business needs it adhoc or in long term hugh SOC setup or multiple huge site pumping in logs, that is better as a kickstart then searching or replacing when we hit the roadblock in performance crunch. One key bottleneck for SIEM is always the storage or database, I understand it has a ultralight database so that is supposed to be an advantage.

Also since the Nitro acquisition, I supposed it is leveraging Nitro natively (or in roadmap), it would already has strong support in SCADA systems within power generation industry since 2011 - there was talk then to integrate network IPS technology to also block basedon NitroView event analysis - not sure if ESM does that (probably :p). Not all SIEMS support SCADA though...

Likewise, I see rule configured are just as good to how the rich the device source are to how tightly interoperable to ESM analysis and triggers. I.e. Can it read and intepret syslog format and act on specific field - more than just severity. Contextual rule based is good and leverage upon to build intelligence but not resource eating if there are such partnership...so we do expect ESM to demand wide coverage in sources such as security scanner and NAC/perimeter/Endpoint security s/w to make detection and alerts more informative to the analysts. Such integration include solution such as FireScout CounterACT NAC, etc. Also related, it has a Database Activity Monitor and Application Data Monitor for deep forensic analysis of the collected data from database and application logs. Maybe there is more, good to find more..like reading from security SCAP based scanner, to sieve out the hole being attacked or "touched". Mcafee has its suite of those scanner (foundstone is under the :p) and also a Vulnerability Mgr solution, if I am not wrong.

Mcafee does claims to preloaded with more than 200 different predefined compliance report templates and rich end user support/knowledge. Hope it helps but SIEMS is not just reactive and if we can squeeze more out of it rather than just a single big LCD, it will be then be "gainfully employed"

Good to catch this webinar too
Advanced Intelligence in Action: Review of McAfee Enterprise Security Manager 9.2
https://www.sans.org/webcasts/advanced-intelligence-action-review-mcafee-enterprise-security-manager-92-96432
0
 

Author Comment

by:itsmevic
ID: 39169476
Informative response, thank you.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now