We changed our name from IT Central Station: Here's why
Get our free report covering IBM, Splunk, Micro Focus, and other competitors of McAfee ESM. Updated: January 2022.
563,327 professionals have used our research since 2012.

Read reviews of McAfee ESM alternatives and competitors

reviewer1285209
Tech Lead at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Scalable and versatile with a lot of good features and good integration with AWS
Pros and Cons
  • "There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS."
  • "SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar. It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want."

What is our primary use case?

We are a product-based organization. We use this solution for a shared SOC service and security audits and compliance.

What is most valuable?

There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson.

It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS. 

What needs improvement?

SOAR is what is expected the most from QRadar. They have something called SOAR Resilient, and it would be great if that gets induced in SIEM. IBM QRadar (as well as McAfee ESM) should have analytics platform integration. Currently, SIEMs don't have full-fledged integration with analytics where we are able to dump our data in SIEM, and the same data can be called from different analytics applications. We should be able to bring this data to a platform like Hadoop for big data and run the analytics there. Currently, people are seeing the past data and taking some actions in the present, but when it comes to analytics, there should be futuristic data where you can predict something out of your present and past data. Apart from that, I would like to see a full-fledged ITSM tool in QRadar.

It sometimes has some technical issues that need to be checked. It requires a dedicated QRadar engineer to completely manage it. It has different module sets, such as event collector and event processor, and some technical glitches come in between. It takes the log but doesn't exactly process it in the way we want. 

If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment.

What do I think about the stability of the solution?

It is stable. There are no incidents when SIEM completely stopped. 

What do I think about the scalability of the solution?

I have expanded it. It is very good in terms of scalability. Because it is on the cloud, it can be scaled anytime. If I want to increase my CPU's RAM, I can do it. At any point in time, if I want to get additional licenses, I can just call support, and they will provide that.

I have around six customers who are using QRadar in a shared model. We do have plans to increase its usage. We are looking after different customers, and when they're ready, we can integrate it.

How are customer service and technical support?

They are good and responsive. However, because of COVID, of late everyone is working from home, and sometimes, their response has been a little bit slow for incidents. They did apologize for that.

How was the initial setup?

It is straightforward. AWS has a feature called Marketplace in its environment. When we click it, we can load it directly. It doesn't take more than two to three days to completely deploy the infrastructure. 

What's my experience with pricing, setup cost, and licensing?

They can give us some scalability and flexibility on pricing. If its pricing can be reduced, it would help a lot of customers in bringing in a new SIEM environment and grow business in the market. If I start a license today and take around 10,000 EPS, and after a month, there is an increase in the number of clients on my platform, I can increase the number of licenses. I can add 5,000 EPS on a yearly basis.

Which other solutions did I evaluate?

We chose QRadar over McAfee ESM.

What other advice do I have?

It has good integration with AWS. AWS has come up with a Marketplace click-in option that provides direct integration between your AWS and data centers or cloud solutions through a small VPN. It allows you to bring up small environments with 5,000 EPS or 6,000 EPS or even 3,500 EPS or 2,500 EPS very quickly. It is very flexible and not at all tough for a startup engineer to click and bring solutions inside. It is quite easy.

I would rate IBM QRadar an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PredragSkundric
Chief Information Security Officer at a financial services firm with 51-200 employees
Real User
Top 20
Out of date and not scalable, but the reporting is good
Pros and Cons
  • "The most valuable feature of this solution is the reporting."
  • "RSA enVision log manager is out of date and is not in use anymore."

What is our primary use case?

We use this solution to collect system events from different log sources.

How has it helped my organization?

RSA enVision provides the full system visibility of your events within your IT ecosystem.

What is most valuable?

The most valuable feature of this solution is the reporting.

What needs improvement?

RSA enVision log manager is out of date and is not in use anymore.

For how long have I used the solution?

I have used this solution in more than one company. I have been working with RSA enVision for six years.

What do I think about the stability of the solution?

It's very stable. We had no issue with stability.

What do I think about the scalability of the solution?

It is not scalable at all. This is an area that could have been improved, but it is out of date and no longer used. RSA enVision does not share the system anymore.

We have only one user in our organization. I am the only one who is using this solution. I am the system administrator.

How are customer service and technical support?

We do not pay for support. I do everything myself.

How was the initial setup?

Most of the systems are an out-of-the-box process, but if you want some exotic logs to sell, you will have to create patches.

For a fine-tuned deployment, it will take three to four months.

What's my experience with pricing, setup cost, and licensing?

We no longer pay a licensing fee because it is out of date and don't pay for support.

Which other solutions did I evaluate?

We evaluated McAfee and IBM QRadar.

What other advice do I have?

I still use this solution in my company every day but everything is out of date.

I have learned how to write parsers.

My recommendation to others is to be careful in the evaluation of SIEM solutions.

There is no future for this solution. It does not exist anymore. I would rate RSA enVision a four out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Operation Manager at Checksum Consultancy
Real User
Top 20
Easy to deploy, good integration with OTX, and good at asset discovery and vulnerability scanning
Pros and Cons
  • "Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment."
  • "Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira. It is also a bit slow, and its replication engine can be improved."

What is our primary use case?

We provide information security services to clients. We are seeking some clients to provide monitoring services by using AlienVault. We are also providing AlienVault USM Anywhere, which is cloud-based and has integration with cloud platforms such as AWS, Azure, and Google Cloud. 

What is most valuable?

Asset discovery and vulnerability scanner are good features. The integration between this solution and OTX, which is an AlienVault platform for Open Threat Exchange, is also a valuable feature. It is also quick and easy to deploy, so you can quickly engage with a customer's environment.

What needs improvement?

Its reporting tools need improvements. It would be good if they can provide integration with other ticketing systems. Currently, we only have integration with Slack and Jira.

It is also a bit slow, and its replication engine can be improved.

For how long have I used the solution?

I have been using this solution for six months.

How are customer service and technical support?

We provide technical support for our clients.

Which solution did I use previously and why did I switch?

I have used McAfee ESM. McAfee ESM has many good features, but it is not very integrated with cloud-based assets. AlienVault is already a cloud-based solution, and it is native to cloud assets, which gives AlienVault an advantage over McAfee ESM. On the other hand, McAfee ESM is much better than AlienVault in terms of search engine, data collection, and events. 

How was the initial setup?

It is very easy to deploy. It just takes one or two days and allows you to engage with your customer's environment quickly.

What's my experience with pricing, setup cost, and licensing?

Its price is much lower than McAfee ESM.

What other advice do I have?

I would encourage others to go with this solution because it is easy to deploy, and it provides good tools to know more about your network and the traffic on it. Its reporting needs some improvements, but it fulfills the needs.

I would rate AlienVault USM an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Security Engineer/Architect at Telecom Italia
Real User
Top 5
Offers good security, integrates well, and they have good technical support
Pros and Cons
  • "The most valuable feature is the security that it provides."
  • "It is not so easy to customize this product."

What is our primary use case?

We are a solution provider and RSA NetWitness is one of the products that we implement for our clients. We also use it ourselves, They primarily use it for threat protection.

What is most valuable?

The most valuable feature is the security that it provides.

The log-related capabilities are good.

It integrates well with other risk-assessment tools.

What needs improvement?

It is not so easy to customize this product.

This product would be improved with the addition of machine learning functionality.

For how long have I used the solution?

I have been working with this product for perhaps eight years.

What do I think about the stability of the solution?

Stability is not a problem with NetWitness.

What do I think about the scalability of the solution?

We have not heard any complaints about scalability. This is generally for enterprise-level companies.

How are customer service and technical support?

The technical support is good and our customers are satisfied with it.

Which solution did I use previously and why did I switch?

We use McAfee for internal purposes.

How was the initial setup?

The complexity of the initial setup depends on the environment, but overall, I would say that it is quite easy. It isn't the easiest product to install, although it is not difficult, either.

What other advice do I have?

They have just introduced an orchestration tool, although I don't know how it works yet.

Overall, this is a good product and I recommend it. However, I always suggest doing a proof of concept first, to make sure that it meets your needs.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering IBM, Splunk, Micro Focus, and other competitors of McAfee ESM. Updated: January 2022.
563,327 professionals have used our research since 2012.