Solved

McAfee Enterprise Security Manager (v9.2.0)

Posted on 2013-05-14
2
1,026 Views
Last Modified: 2013-11-29
Hi Experts!

     Wanted to pick your brains for a sec.  For those that have used or have researched extensively McAfee's ESM product, what are some of the pro's and con's of this this SIEM?  Your input is GREATLY APPRECIATED!  

     For example, one of the CON's that I've noticed right off the bat is that you need a minimum of a 22' monitor in order to view the dashboard optimally.  On the other hand, One of the PRO's that I've noticed are that it seems to perform better than QRadar.  e.g. It has few issues with latency or sluggish behavior when refreshing screens or the dashboards.  

     What are some of your pro's and con's with this software?
0
Comment
Question by:itsmevic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39168078
really if you are looking at SIEM, I suggest you look and demand the functionality and reliability first. Meaning the performance and scalability aspects & the flexible rule detection cum correlation before drilling to the aesthetic parts such as reporting which may have better reporting candidates  (full of graphics, statistic representation..). It essentially is NitroSecurity acquired by McAfee. It is in Leader Garnter quadrant if I recalled...

I see the huge pro is ESM to be "high-performance" such as able to cope with huge EPS e.g. 200K based on clustered or equivalent. Of course, this may not seems significant if it reaches that number by having more boxes, but such EPS is not easily maintained and scaled up to and if business needs it adhoc or in long term hugh SOC setup or multiple huge site pumping in logs, that is better as a kickstart then searching or replacing when we hit the roadblock in performance crunch. One key bottleneck for SIEM is always the storage or database, I understand it has a ultralight database so that is supposed to be an advantage.

Also since the Nitro acquisition, I supposed it is leveraging Nitro natively (or in roadmap), it would already has strong support in SCADA systems within power generation industry since 2011 - there was talk then to integrate network IPS technology to also block basedon NitroView event analysis - not sure if ESM does that (probably :p). Not all SIEMS support SCADA though...

Likewise, I see rule configured are just as good to how the rich the device source are to how tightly interoperable to ESM analysis and triggers. I.e. Can it read and intepret syslog format and act on specific field - more than just severity. Contextual rule based is good and leverage upon to build intelligence but not resource eating if there are such partnership...so we do expect ESM to demand wide coverage in sources such as security scanner and NAC/perimeter/Endpoint security s/w to make detection and alerts more informative to the analysts. Such integration include solution such as FireScout CounterACT NAC, etc. Also related, it has a Database Activity Monitor and Application Data Monitor for deep forensic analysis of the collected data from database and application logs. Maybe there is more, good to find more..like reading from security SCAP based scanner, to sieve out the hole being attacked or "touched". Mcafee has its suite of those scanner (foundstone is under the :p) and also a Vulnerability Mgr solution, if I am not wrong.

Mcafee does claims to preloaded with more than 200 different predefined compliance report templates and rich end user support/knowledge. Hope it helps but SIEMS is not just reactive and if we can squeeze more out of it rather than just a single big LCD, it will be then be "gainfully employed"

Good to catch this webinar too
Advanced Intelligence in Action: Review of McAfee Enterprise Security Manager 9.2
https://www.sans.org/webcasts/advanced-intelligence-action-review-mcafee-enterprise-security-manager-92-96432
0
 

Author Comment

by:itsmevic
ID: 39169476
Informative response, thank you.
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question