Solved

McAfee Enterprise Security Manager (v9.2.0)

Posted on 2013-05-14
2
1,018 Views
Last Modified: 2013-11-29
Hi Experts!

     Wanted to pick your brains for a sec.  For those that have used or have researched extensively McAfee's ESM product, what are some of the pro's and con's of this this SIEM?  Your input is GREATLY APPRECIATED!  

     For example, one of the CON's that I've noticed right off the bat is that you need a minimum of a 22' monitor in order to view the dashboard optimally.  On the other hand, One of the PRO's that I've noticed are that it seems to perform better than QRadar.  e.g. It has few issues with latency or sluggish behavior when refreshing screens or the dashboards.  

     What are some of your pro's and con's with this software?
0
Comment
Question by:itsmevic
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39168078
really if you are looking at SIEM, I suggest you look and demand the functionality and reliability first. Meaning the performance and scalability aspects & the flexible rule detection cum correlation before drilling to the aesthetic parts such as reporting which may have better reporting candidates  (full of graphics, statistic representation..). It essentially is NitroSecurity acquired by McAfee. It is in Leader Garnter quadrant if I recalled...

I see the huge pro is ESM to be "high-performance" such as able to cope with huge EPS e.g. 200K based on clustered or equivalent. Of course, this may not seems significant if it reaches that number by having more boxes, but such EPS is not easily maintained and scaled up to and if business needs it adhoc or in long term hugh SOC setup or multiple huge site pumping in logs, that is better as a kickstart then searching or replacing when we hit the roadblock in performance crunch. One key bottleneck for SIEM is always the storage or database, I understand it has a ultralight database so that is supposed to be an advantage.

Also since the Nitro acquisition, I supposed it is leveraging Nitro natively (or in roadmap), it would already has strong support in SCADA systems within power generation industry since 2011 - there was talk then to integrate network IPS technology to also block basedon NitroView event analysis - not sure if ESM does that (probably :p). Not all SIEMS support SCADA though...

Likewise, I see rule configured are just as good to how the rich the device source are to how tightly interoperable to ESM analysis and triggers. I.e. Can it read and intepret syslog format and act on specific field - more than just severity. Contextual rule based is good and leverage upon to build intelligence but not resource eating if there are such partnership...so we do expect ESM to demand wide coverage in sources such as security scanner and NAC/perimeter/Endpoint security s/w to make detection and alerts more informative to the analysts. Such integration include solution such as FireScout CounterACT NAC, etc. Also related, it has a Database Activity Monitor and Application Data Monitor for deep forensic analysis of the collected data from database and application logs. Maybe there is more, good to find more..like reading from security SCAP based scanner, to sieve out the hole being attacked or "touched". Mcafee has its suite of those scanner (foundstone is under the :p) and also a Vulnerability Mgr solution, if I am not wrong.

Mcafee does claims to preloaded with more than 200 different predefined compliance report templates and rich end user support/knowledge. Hope it helps but SIEMS is not just reactive and if we can squeeze more out of it rather than just a single big LCD, it will be then be "gainfully employed"

Good to catch this webinar too
Advanced Intelligence in Action: Review of McAfee Enterprise Security Manager 9.2
https://www.sans.org/webcasts/advanced-intelligence-action-review-mcafee-enterprise-security-manager-92-96432
0
 

Author Comment

by:itsmevic
ID: 39169476
Informative response, thank you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Error viewing ASP page 12 150
Server 2012 R2 Term Server Directory/File Permissions 5 119
wireshark 2 computers 8 44
creating custom .audit file with Nessus Tenable 3 56
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now