Intel Security


McAfee is a leader in the Gartner Magic Quadrant for SIEM

Read Report

Real-time visibility into all activity on systems, networks, databases, and applications

As the foundation of our security information and event management (SIEM) solution, McAfee Enterprise Security Manager delivers actionable intelligence and integrations required for security organizations to prioritize, investigate, and respond to threats, while the embedded compliance framework and built-in security use case content packs simplify analyst and compliance operations.

Improve your effectiveness through continuous visibility into threats and risk, actionable analysis to guide triage and speed investigations, and orchestration of security remediation. An extensible and distributed design integrates with more than three dozen partners, hundreds of standardized data sources, and industry threat intelligence. McAfee Enterprise Security Manager makes it practical to support your organization’s current and future security and compliance goals.

Download Data Sheet Free Trial

Enabling fast, risk-based decisions

Advanced threat intelligence

Prioritized alerts surface potential threats before they occur while analyzing data for patterns that may indicate a larger threat. Leverage contextual information, such as vendor threat feeds and indicators of compromise (IOCs), for a better understanding of how security events can impact real business processes.

Critical facts in minutes, not hours

Highly tuned appliances collect, process, and correlate log events from multiple years with other data streams, including STIX-based threat intelligence feeds, at the speed you require. Store billions of events and flows, keeping information available for immediate ad hoc queries, forensics, rules validation, and compliance. Access long-term event data storage to investigate attacks, search for signs of advanced persistent threats (APTs) or IOCs, and remediate failed compliance audits.

Optimize security operations

An analyst-centric user experience offers increased flexibility, customization, and faster response to investigations. With fast and smart access to threat information, analysts with any level of experience, from beginner to expert, will find it easier to prioritize, investigate, and respond to evolving threats.

McAfee rated in Gartner Critical Capabilities for SIEM

Read Report
ESG SC Magazine Gartner

Product Reviews

Leading independent analysts have evaluated the features and performance of McAfee SIEM solutions.

Bringing Efficiency and Collaboration to the Security Operations Center

Bringing Efficiency and Collaboration to the Security Operations Center (SOC)

This new study shows that incident response could be 38% to 100% more effective through SOC to operational collaboration.

Download Infographic Read Report


System Requirements

McAfee Enterprise Security Manager (ESM) can be deployed with physical and virtual appliances. It can also be part of an all-in-one SIEM deployment that includes McAfee Enterprise Log Manager (ELM) and McAfee Event Receiver (ERC). McAfee SIEM appliance specifications and descriptions are provided for information only, subject to change without notice, and provided without warranty of any kind, expressed or implied.

Model Number Appliance Size Local Storage1 Network Interfaces (10/100/1000) System Requirements
All-in-One SIEM: Enterprise Security Manager, Enterprise Log Manager & Event Receiver
ESM-ELM-ERC-VM-8 VM Recommended 250GB VM (AWS, ESX, KVM) 8 processor cores, 4GB of memory
ESM-ELM-ERC-VM-12 VM Recommended 500GB+480GB SSD2 VM (AWS, ESX, KVM) 12 processor cores, 64GB of memory
ESM-ELM-ERC-4600 2U 3TB + 480GB SSD 23 N/A
ESM-ELM-ERC-5600 2U 8TB + 480GB SSD 23 N/A
ESM-ELM-ERC-6000 2U 14TB + 480GB SSD 23 N/A
Enterprise Security Manager
ESM-VM-8 VM Recommended 250GB VM (AWS, ESX, KVM) 8 processor cores, 4GB of memory
ESM-VM-12 VM Recommended 500GB+480GB SSD2 VM (AWS, ESX, KVM) 12 processor cores, 64GB of memory
ESM-VM-32 VM Recommended 2TB+800GB SSD2 VM (AWS, ESX, KVM) 32 processor cores, 96GB of memory
ESM-5600 2U 8TB + 480GB SSD 23 N/A
ESM-6000 2U 14TB + 480GB SSD 23 N/A
ESM-X4 2U 14TB + 800GB SSD 23 N/A
ESM-X6 2U 14TB +3.2TB SSD 23 N/A

1Usable event and flow data storage capacity will vary by customer event types, event rates, software version, and other factors.
2Minimum 50K IOPS for SSD; additional storage should be a minimum of 100 IOPS.
3 IPMI: Please note that all McAfee SIEM appliances, except DAS-50 and DAS-100, have IPMI adapters; for ERC HA, IPMI is used for the HA configuration.

Need additional technical resources? Visit the McAfee Expert Center

McAfee SIEM-Integrated Partners

Many organizations deploy security products from multiple vendors that do not interact with each other. In today’s fast evolving threat landscape, this not only increases operational costs, it increases risk. Evolving security challenges require open, collaborative approaches to detect threats, reduce risk, and ensure compliance. Below is a selection of Security Innovation Alliance partners with McAfee SIEM integrated solutions that allow you to resolve more threats faster with fewer resources.

Automation & Orchestration

User & Entity Behavior Analytics

Authentication & Encryption

Application & Database Security

Incident Response & Forensics

See All SIEM-Integrated Partners