Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more

x
?
Solved

McAfee Enterprise Security Manager (v9.2.0)

Posted on 2013-05-14
2
Medium Priority
?
1,039 Views
Last Modified: 2013-11-29
Hi Experts!

     Wanted to pick your brains for a sec.  For those that have used or have researched extensively McAfee's ESM product, what are some of the pro's and con's of this this SIEM?  Your input is GREATLY APPRECIATED!  

     For example, one of the CON's that I've noticed right off the bat is that you need a minimum of a 22' monitor in order to view the dashboard optimally.  On the other hand, One of the PRO's that I've noticed are that it seems to perform better than QRadar.  e.g. It has few issues with latency or sluggish behavior when refreshing screens or the dashboards.  

     What are some of your pro's and con's with this software?
0
Comment
Question by:itsmevic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 39168078
really if you are looking at SIEM, I suggest you look and demand the functionality and reliability first. Meaning the performance and scalability aspects & the flexible rule detection cum correlation before drilling to the aesthetic parts such as reporting which may have better reporting candidates  (full of graphics, statistic representation..). It essentially is NitroSecurity acquired by McAfee. It is in Leader Garnter quadrant if I recalled...

I see the huge pro is ESM to be "high-performance" such as able to cope with huge EPS e.g. 200K based on clustered or equivalent. Of course, this may not seems significant if it reaches that number by having more boxes, but such EPS is not easily maintained and scaled up to and if business needs it adhoc or in long term hugh SOC setup or multiple huge site pumping in logs, that is better as a kickstart then searching or replacing when we hit the roadblock in performance crunch. One key bottleneck for SIEM is always the storage or database, I understand it has a ultralight database so that is supposed to be an advantage.

Also since the Nitro acquisition, I supposed it is leveraging Nitro natively (or in roadmap), it would already has strong support in SCADA systems within power generation industry since 2011 - there was talk then to integrate network IPS technology to also block basedon NitroView event analysis - not sure if ESM does that (probably :p). Not all SIEMS support SCADA though...

Likewise, I see rule configured are just as good to how the rich the device source are to how tightly interoperable to ESM analysis and triggers. I.e. Can it read and intepret syslog format and act on specific field - more than just severity. Contextual rule based is good and leverage upon to build intelligence but not resource eating if there are such partnership...so we do expect ESM to demand wide coverage in sources such as security scanner and NAC/perimeter/Endpoint security s/w to make detection and alerts more informative to the analysts. Such integration include solution such as FireScout CounterACT NAC, etc. Also related, it has a Database Activity Monitor and Application Data Monitor for deep forensic analysis of the collected data from database and application logs. Maybe there is more, good to find more..like reading from security SCAP based scanner, to sieve out the hole being attacked or "touched". Mcafee has its suite of those scanner (foundstone is under the :p) and also a Vulnerability Mgr solution, if I am not wrong.

Mcafee does claims to preloaded with more than 200 different predefined compliance report templates and rich end user support/knowledge. Hope it helps but SIEMS is not just reactive and if we can squeeze more out of it rather than just a single big LCD, it will be then be "gainfully employed"

Good to catch this webinar too
Advanced Intelligence in Action: Review of McAfee Enterprise Security Manager 9.2
https://www.sans.org/webcasts/advanced-intelligence-action-review-mcafee-enterprise-security-manager-92-96432
0
 

Author Comment

by:itsmevic
ID: 39169476
Informative response, thank you.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

647 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question