We performed a comparison between McAfee ePolicy Orchestrator and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features of McAfee ePolicy Orchestrator are the easy-to-use console, and lots of reports, such as customized reports and inventory reports. Additionally, overall the centralized management is very good where you can see the compliance levels and inventory."
"The valuable feature of the McAfee ePolicy Orchestrator is the management of the policies."
"I really like the auditing component because it really looks at exactly what has happened on the network."
"It is a scalable solution...I rate its scalability a nine out of ten."
"From a single dashboard, I can take a look at several things including the endpoint protection, the file integrity section, the data activity monitor, and more."
"The DLP feature in McAfee ePolicy Orchestrator is good."
"We implemented data transfer protection, which allows transfer in one direction only. Users can copy from the PC to the USB but not from the USB to the PC. That way, if someone is carrying a virus on a USB, it will not be transferred to the PC."
"The policy auditing, policy management, and device auditing are all valuable features. Our customers appreciated the ability to get alerts to system-wide events from a single view."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates."
"Lacks a single plug-in for multiple uses."
"The solution is difficult to tune to avoid false positives."
"McAfee should improve in terms of customer support and assigning a knowledgeable TAM to customers."
"McAfee ePolicy Orchestrator should improve its integration with other tools."
"As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers."
"Features such as full drive encryption are lacking in the cloud version."
"I would like to see McAfee reduce the amount of manual work required."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"The solution could be more user-friendly; some query languages are required to operate it."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews while Microsoft Sentinel is ranked 1st in Security Orchestration Automation and Response (SOAR) with 86 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Elastic Security and Trend Micro Integrated Data Loss Prevention, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Wazuh, Microsoft Defender for Cloud and Elastic Security. See our McAfee ePolicy Orchestrator vs. Microsoft Sentinel report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
