Solved

McAfee Enterprise Security Manager (v9.2.0)

Posted on 2013-05-14
2
1,028 Views
Last Modified: 2013-11-29
Hi Experts!

     Wanted to pick your brains for a sec.  For those that have used or have researched extensively McAfee's ESM product, what are some of the pro's and con's of this this SIEM?  Your input is GREATLY APPRECIATED!  

     For example, one of the CON's that I've noticed right off the bat is that you need a minimum of a 22' monitor in order to view the dashboard optimally.  On the other hand, One of the PRO's that I've noticed are that it seems to perform better than QRadar.  e.g. It has few issues with latency or sluggish behavior when refreshing screens or the dashboards.  

     What are some of your pro's and con's with this software?
0
Comment
Question by:itsmevic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39168078
really if you are looking at SIEM, I suggest you look and demand the functionality and reliability first. Meaning the performance and scalability aspects & the flexible rule detection cum correlation before drilling to the aesthetic parts such as reporting which may have better reporting candidates  (full of graphics, statistic representation..). It essentially is NitroSecurity acquired by McAfee. It is in Leader Garnter quadrant if I recalled...

I see the huge pro is ESM to be "high-performance" such as able to cope with huge EPS e.g. 200K based on clustered or equivalent. Of course, this may not seems significant if it reaches that number by having more boxes, but such EPS is not easily maintained and scaled up to and if business needs it adhoc or in long term hugh SOC setup or multiple huge site pumping in logs, that is better as a kickstart then searching or replacing when we hit the roadblock in performance crunch. One key bottleneck for SIEM is always the storage or database, I understand it has a ultralight database so that is supposed to be an advantage.

Also since the Nitro acquisition, I supposed it is leveraging Nitro natively (or in roadmap), it would already has strong support in SCADA systems within power generation industry since 2011 - there was talk then to integrate network IPS technology to also block basedon NitroView event analysis - not sure if ESM does that (probably :p). Not all SIEMS support SCADA though...

Likewise, I see rule configured are just as good to how the rich the device source are to how tightly interoperable to ESM analysis and triggers. I.e. Can it read and intepret syslog format and act on specific field - more than just severity. Contextual rule based is good and leverage upon to build intelligence but not resource eating if there are such partnership...so we do expect ESM to demand wide coverage in sources such as security scanner and NAC/perimeter/Endpoint security s/w to make detection and alerts more informative to the analysts. Such integration include solution such as FireScout CounterACT NAC, etc. Also related, it has a Database Activity Monitor and Application Data Monitor for deep forensic analysis of the collected data from database and application logs. Maybe there is more, good to find more..like reading from security SCAP based scanner, to sieve out the hole being attacked or "touched". Mcafee has its suite of those scanner (foundstone is under the :p) and also a Vulnerability Mgr solution, if I am not wrong.

Mcafee does claims to preloaded with more than 200 different predefined compliance report templates and rich end user support/knowledge. Hope it helps but SIEMS is not just reactive and if we can squeeze more out of it rather than just a single big LCD, it will be then be "gainfully employed"

Good to catch this webinar too
Advanced Intelligence in Action: Review of McAfee Enterprise Security Manager 9.2
https://www.sans.org/webcasts/advanced-intelligence-action-review-mcafee-enterprise-security-manager-92-96432
0
 

Author Comment

by:itsmevic
ID: 39169476
Informative response, thank you.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question