McAfee Enterprise Security Manager
Quickly identify, investigate, and resolve threats
McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.
As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.Download Data Sheet
Get actionable information on all collected events with contextual information, such as vendor threat feeds and shared indicators of compromise (IOC), to deliver prioritized, actionable information in minutes.
Store billions of events and flows, keeping information available for immediate ad hoc queries, forensics, rules validation, and compliance. Access long-term event data storage to investigate attacks, search for indications of advanced persistent threats (APTs) or IOC, and remediate a failed compliance audit.
Centralize the view of your organization’s security posture, compliance status, and prioritized security issues that require investigation. Access hundreds of reports, views, rules, alerts, and dashboards.
Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.
McAfee Enterprise Security Manager (ESM) can be deployed with physical and virtual appliances. It can also be part of an all-in-one SIEM deployment that includes McAfee Enterprise Log Manager (ELM) and McAfee Event Receiver (ERC). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.
|Model Number||Maximum EPS1||Appliance Size||Local Storage2||Network Interfaces (10/100/1000)||System Requirements|
|All-in-One SIEM: Enterprise Security Manager, Enterprise Log Manager & Event Receiver|
|ESM-ELM-ERC-VM-8||1,000||VM||Recommended 250GB||VM (AWS, ESX, KVM)||8 processor cores, 4GB of memory|
|ESM-ELM-ERC-VM-12||5,000||VM||Recommended 500GB+480GB SSD3||VM (AWS, ESX, KVM)||12 processor cores, 64GB of memory|
|ESM-ELM-ERC-4600||1,200||2U||3TB + 480GB SSD||24||N/A|
|ESM-ELM-ERC-5600||3,000||2U||8TB + 480GB SSD||24||N/A|
|ESM-ELM-ERC-6000||6,000||2U||14TB + 480GB SSD||24||N/A|
|Enterprise Security Manager|
|ESM-VM-8||1,500||VM||Recommended 250GB||VM (AWS, ESX, KVM)||8 processor cores, 4GB of memory|
|ESM-VM-12||40,000||VM||Recommended 500GB+480GB SSD3||VM (AWS, ESX, KVM)||12 processor cores, 64GB of memory|
|ESM-VM-32||85,000||VM||Recommended 2TB+800GB SSD3||VM (AWS, ESX, KVM)||32 processor cores, 96GB of memory|
|ESM-5600||60,000||2U||8TB + 480GB SSD||24||N/A|
|ESM-6000||84,000||2U||14TB + 480GB SSD||24||N/A|
|ESM-X4||180,000||2U||14TB + 800GB SSD||24||N/A|
|ESM-X6||360,000||2U||14TB +3.2TB SSD||24||N/A|
1Based on typical network environments using average event and flow aggregation. Depending on aggregation settings, collection type mix, overall SIEM activity, and related activities, the EPS levels for any given appliance, within an environment, may be lower.
2Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
3Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
4IPMI: Please note that all McAfee SIEM appliances, except DAS-50 and DAS-100, have IPMI adapters; for ERC HA, IPMI is used for the HA configuration.
Need additional technical resources? Visit the McAfee Expert Center