We performed a comparison between McAfee ePolicy Orchestrator and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are able to deploy within half an hour and we only require one person to complete the implementation."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The security is a key feature and the console is very user friendly."
"I really like the auditing component because it really looks at exactly what has happened on the network."
"The valuable feature of the McAfee ePolicy Orchestrator is the management of the policies."
"The general endpoint protection is valuable, and it is easy to manage."
"McAfee ePolicy Orchestrator has a built-in advanced pattern, which is very useful because it can detect any pattern."
"McAfee ePolicy Orchestrator's performance is good."
"Application control and traffic encryption are the most valuable features."
"If you set it up right, it can really manage a very complex environment which require fine tuning where there are a lot of exceptions. That's what it caters to. It can just do those specifics in those exceptional situations, which is good."
"We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process."
"The ease of use is great."
"My favorite feature is the application vulnerability scanner."
"Reduces time to closure and closure metrics for vulnerabilities."
"The solution is stable."
"It has helped optimize security costs by consolidating multiple tools into one platform."
"The solution is available over the cloud and is easy to manage."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"We'd like to see more connectors."
"The troubleshooting has room for improvement."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"McAfee ePolicy Orchestrator support has been helpful. However, sometimes when I raise the case they take a while to answer. For example, the last time I used them it took them two weeks to reply back by email. No one has contacted me back since. They should improve their service."
"The impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this."
"The solution sometimes has some false positives on IP addresses, from the web control aspect of the product. This needs to be improved."
"McAfee ePolicy Orchestrator could improve by supporting container microservices, such as Docker and Kubernetes."
"We would like to see more integration with different platforms and extend this to other platforms. We are migrating to the cloud and want to extend it from our on-premises setup to the cloud."
"McAfee should improve in terms of customer support and assigning a knowledgeable TAM to customers."
"McAfee ePolicy Orchestrator needs to upgrade its technology since the solution's EDR function is not good compared to other vendors in the market."
"McAfee ePolicy Orchestrator needs to upgrade the technology; it's like their area function is not quite as good as compared to other market vendors."
"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."
"The threat intelligence module needs a better dashboard."
"There is room for improvement in terms of developer support and documentation."
More ServiceNow Security Operations Pricing and Cost Advice →
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews while ServiceNow Security Operations is ranked 7th in Security Orchestration Automation and Response (SOAR) with 15 reviews. McAfee ePolicy Orchestrator is rated 8.0, while ServiceNow Security Operations is rated 8.0. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Elastic Security and Trend Micro Integrated Data Loss Prevention, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Resilient, Swimlane and Fortinet FortiSOAR. See our McAfee ePolicy Orchestrator vs. ServiceNow Security Operations report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.