McAfee Enterprise Security Manager
Quickly identify, investigate, and resolve threats
McAfee Enterprise Security Manager delivers a real-time understanding of the world outside—threat data, reputation feeds, and vulnerability status—as well as a view of the systems, data, risks, and activities inside your enterprise.
As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers the performance, actionable intelligence, and real-time situational awareness required for organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance.Download Data Sheet Free Trial
Get actionable information on all collected events with contextual information, such as vendor threat feeds and shared indicators of compromise (IOC), to deliver prioritized, actionable information in minutes.
Store billions of events and flows, keeping information available for immediate ad hoc queries, forensics, rules validation, and compliance. Access long-term event data storage to investigate attacks, search for indications of advanced persistent threats (APTs) or IOC, and remediate a failed compliance audit.
Centralize the view of your organization’s security posture, compliance status, and prioritized security issues that require investigation. Access hundreds of reports, views, rules, alerts, and dashboards.
Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.
McAfee Enterprise Security Manager (ESM) can be deployed with physical and virtual appliances. It can also be part of an all-in-one SIEM deployment that includes McAfee Enterprise Log Manager (ELM) and McAfee Event Receiver (ERC). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.
|Model Number||Appliance Size||Local Storage1||Network Interfaces (10/100/1000)||System Requirements|
|All-in-One SIEM: Enterprise Security Manager, Enterprise Log Manager & Event Receiver|
|ESM-ELM-ERC-VM-8||VM||Recommended 250GB||VM (AWS, ESX, KVM)||8 processor cores, 4GB of memory|
|ESM-ELM-ERC-VM-12||VM||Recommended 500GB+480GB SSD2||VM (AWS, ESX, KVM)||12 processor cores, 64GB of memory|
|ESM-ELM-ERC-4600||2U||3TB + 480GB SSD||23||N/A|
|ESM-ELM-ERC-5600||2U||8TB + 480GB SSD||23||N/A|
|ESM-ELM-ERC-6000||2U||14TB + 480GB SSD||23||N/A|
|Enterprise Security Manager|
|ESM-VM-8||VM||Recommended 250GB||VM (AWS, ESX, KVM)||8 processor cores, 4GB of memory|
|ESM-VM-12||VM||Recommended 500GB+480GB SSD2||VM (AWS, ESX, KVM)||12 processor cores, 64GB of memory|
|ESM-VM-32||VM||Recommended 2TB+800GB SSD2||VM (AWS, ESX, KVM)||32 processor cores, 96GB of memory|
|ESM-5600||2U||8TB + 480GB SSD||23||N/A|
|ESM-6000||2U||14TB + 480GB SSD||23||N/A|
|ESM-X4||2U||14TB + 800GB SSD||23||N/A|
|ESM-X6||2U||14TB +3.2TB SSD||23||N/A|
1Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
2Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
3 IPMI: Please note that all McAfee SIEM appliances, except DAS-50 and DAS-100, have IPMI adapters; for ERC HA, IPMI is used for the HA configuration.
Need additional technical resources? Visit the McAfee Expert Center
Leveraging the value of the Security Connected framework from McAfee allows for faster response, lower TCO, and business-wide visibility across systems, networks, and data—helping organizations respond to attacks more quickly and efficiently. Security Innovation Alliance partner solutions integrated with McAfee Enterprise Security Manager turn billions of “so what?” events into actionable information via context and advanced analytics. Below are a selection of our Enterprise Security Manager-integrated partners that provide a variety of workflows across organizations.See All SIEM-Integrated Partners