We performed a comparison between McAfee ePolicy Orchestrator and Symantec Data Loss Prevention based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"It's pretty powerful and its performance is pretty good."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The Log analytics are useful."
"The UI of Sentinel is very good and easy to use, even for beginners."
"McAfee ePolicy Orchestrator has a built-in advanced pattern, which is very useful because it can detect any pattern."
"We get fewer false positives than with other solutions."
"The initial setup is very easy."
"The most valuable features of McAfee ePolicy Orchestrator are the easy-to-use console, and lots of reports, such as customized reports and inventory reports. Additionally, overall the centralized management is very good where you can see the compliance levels and inventory."
"The central manager policy means we have almost all client modules in one solution."
"From a single dashboard, I can take a look at several things including the endpoint protection, the file integrity section, the data activity monitor, and more."
"The central management console is the solution's most valuable aspect."
"The graphical interface of the solution is its most valuable aspect."
"DLP's most valuable feature is that it's more granular in terms of creating block-based policies, which gives you more options to create policies in a filtered way."
"Users like the product because of its simplicity and the rate of detection."
"The product is very robust."
"The product is very stable."
"We are able to contain our confidential data in our environment."
"We find the product is easy to manage and maintain."
"Symantec DLP has many servers, and the solution is very powerful because you can use it in ports, endpoints, networks, and email servers to prevent the leakage of emails. DLP can be integrated with Symantec encryption."
"It has good options for policy findings. You can do granular policy enhancements with multiple options. And the SMB blocking is a very good feature."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"I think the number one area of improvement for Sentinel would be the cost."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"I would like to see McAfee reduce the amount of manual work required."
"There is a problem when it comes to agent communication and duplicate records, where the rebooting of a machine leads to the installation of a new agent and you get a lot of duplicate records that ultimately affect your compliance monitoring."
"The impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this."
"There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates."
"One thing that I don't like is that McAfee products change very often and upgrade very often."
"The installation process is quite difficult and requires technical support."
"McAfee ePolicy Orchestrator needs to upgrade its technology since the solution's EDR function is not good compared to other vendors in the market."
"The detection aspect should be improved so that signatures are updated more quickly."
"It is very difficult to log in to create a support ticket because no one is available to support our queries."
"I would like to see changes to the analytics."
"There should be more documentation with Symantec Data Loss Prevention. We had trouble with the first few deployments."
"Symantec could be better with infrastructure."
"Symantec Data Loss Prevention could improve by having better system resource management, cloud option, and more features."
"Technical support is pathetic."
"There are some features that are not available which are required by every data loss prevention solution."
"Virtualization is not currently supported."
More Symantec Data Loss Prevention Pricing and Cost Advice →
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews while Symantec Data Loss Prevention is ranked 3rd in Data Loss Prevention (DLP) with 53 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Symantec Data Loss Prevention is rated 8.0. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Symantec Data Loss Prevention writes "Consitent, accurate, and simple". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Zscaler DLP, Elastic Security, Trend Micro Integrated Data Loss Prevention and Forcepoint Data Loss Prevention, whereas Symantec Data Loss Prevention is most compared with Microsoft Purview Data Loss Prevention, Forcepoint Data Loss Prevention, Digital Guardian, Zscaler DLP and Code42 Incydr. See our McAfee ePolicy Orchestrator vs. Symantec Data Loss Prevention report.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.