We performed a comparison between Elastic Security and McAfee ePolicy Orchestrator based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It has basic out-of-the-box integrations with multiple log sources."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The product can integrate with any device."
"While Microsoft Sentinel provides a log of security events, its true power lies in its integration with Microsoft Defender."
"The most valuable feature for me is Discover."
"Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of Elastic's efficient search engine."
"We chose the product based on the ability to scan for malware using a malware behavioral model as opposed to just a traditional hash-based antivirus. Therefore, it's not as intensive."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"It's simple and easy to use."
"We like Elastic Security because it's a REST API-based solution. That's the primary reason we use it."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"It is very quick to react. I can set it to check anomalies or suspicious behavior every 30 seconds. It is very fast."
"We get fewer false positives than with other solutions."
"McAfee ePolicy Orchestrator's performance is good."
"Application control and traffic encryption are the most valuable features."
"McAfee is helping us to clean all of the viruses from the machines, protecting our desktops from the latest threats."
"What I like the most is the ability to manage centrally, to manage the various devices, the platform, and the endpoint, all from one console."
"The central manager policy means we have almost all client modules in one solution."
"Technical support is very helpful."
"The policy auditing, policy management, and device auditing are all valuable features. Our customers appreciated the ability to get alerts to system-wide events from a single view."
"I think the number one area of improvement for Sentinel would be the cost."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The troubleshooting has room for improvement."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"With Elastic, you have to build the use cases for the specific requirement. Other products have a simple integration and more use cases to integrate out-of-the-box solutions for SIEM."
"We had issues with scalability. Logstash was not scaling and aggregation was getting delayed. We moved to Fluentd making our stack from ELK to EFK."
"Email notification should be done the same way as Logentries does it."
"The solution does not have a UI and this is one of the reasons we are looking for another solution."
"I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy."
"The solution needs to be more reactive to investigations. We need to be able to detect and prevent any attacks before it can damage our infrastructure. Currently, this solution doesn't offer that."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"If the documentation were improved and made more clear for beginners, or even professionals, then we would be more attracted to this solution."
"The installation process is quite difficult and requires technical support."
"The solution sometimes has some false positives on IP addresses, from the web control aspect of the product. This needs to be improved."
"The impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this."
"The issues with the integration capabilities of the product, specifically the ones that are deployed on an on-premises model, need to be improved."
"We need to consolidate multiple features into one console. It would be beneficial to have all the important features on a single platform."
"As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers."
"They have to do something to make the solution more resilient or recoverable from power failure events, which may include creating their own database."
"I would like to see McAfee reduce the amount of manual work required."
Elastic Security is ranked 6th in Security Orchestration Automation and Response (SOAR) with 59 reviews while McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews. Elastic Security is rated 7.6, while McAfee ePolicy Orchestrator is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Trend Micro Integrated Data Loss Prevention and Forcepoint Data Loss Prevention. See our Elastic Security vs. McAfee ePolicy Orchestrator report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
