We performed a comparison between McAfee ePolicy Orchestrator and Zscaler DLP based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel pricing is good"
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"McAfee ePolicy Orchestrator has a built-in advanced pattern, which is very useful because it can detect any pattern."
"The central manager policy means we have almost all client modules in one solution."
"The most valuable feature of the solution is the central management console, which is used for DLP, endpoint security, drive encryption, and application control."
"The policy auditing, policy management, and device auditing are all valuable features. Our customers appreciated the ability to get alerts to system-wide events from a single view."
"We get fewer false positives than with other solutions."
"Application control and traffic encryption are the most valuable features."
"The general endpoint protection is valuable, and it is easy to manage."
"We implemented data transfer protection, which allows transfer in one direction only. Users can copy from the PC to the USB but not from the USB to the PC. That way, if someone is carrying a virus on a USB, it will not be transferred to the PC."
"The customer service and support are very good."
"The solution is the best for storage."
"The most valuable aspect of Zscaler Cloud DLP is its automatic DLP feature."
"The product’s most valuable features are data discovery, activity control, and zero trust exchange."
"The policies are very easy to implement."
"The UI is easy to use."
"It is a very scalable solution. Scalability-wise, I rate the solution a ten out of ten."
"On DLP terms, Zscaler Cloud DLP ensures that data doesn't go outside of the organization. So on the network level, Zscaler does a pretty good job."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"The product can be improved by reducing the cost to use AI machine learning."
"There is room for improvement in entity behavior and the integration site."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"The areas of concern where improvements are needed are related to the product's assignment policy and tag assignment, where users can assign the policies with the help of tags and sort out the systems."
"The rollout to cover the online resources, such as SharePoint, One Drive, and Office 365 doesn't seem to have a very clear path."
"McAfee ePolicy Orchestrator needs to upgrade its technology since the solution's EDR function is not good compared to other vendors in the market."
"The impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this."
"The detection aspect should be improved so that signatures are updated more quickly."
"While there are bugs and a few functionality issues, it is just a matter of raising them with the support team. However, support is part of the problem as well. You want everything to be seamless in a perfect world, but the support is spread across different countries. They have Level 1, 2, and 3. Level 1 is most likely in a developing country. They don't provide the best service."
"As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers."
"The Virtual Patching feature needs to be improved."
"Another area of improvement is implementation through non-client connectors. The solution can be implemented in two ways. One uses the back file; the other one uses client connectors. So the client connector is pretty fast, but when it comes to non-client connectors and procedures, it's kind of delayed and slow."
"We have issues with the tool's maintenance and networking. It should be able to work in offline mode as well."
"In the next release, I would like to see RE2 Regex supported."
"There could be additional ways to define proximity. Additionally, they should provide some exclusion options for specific policies and an ability to control the DLP engine."
"The customers would benefit from more robust documentation and conversations around configurations, as it is slightly complex."
"Price-wise, it is a costly product and it should be reduced."
"On the improvement side, when we bypass certain internet traffic types, it's currently recommended to have a one-click option, but audio and video aren't always supported. Thus, we need to bypass that kind of traffic. So, it is an area of improvement."
"There aren't really any missing features that I have witnessed."
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews while Zscaler DLP is ranked 4th in Data Loss Prevention (DLP) with 15 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Zscaler DLP is rated 8.6. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Zscaler DLP writes "Provides a range of security measures to protect network traffic". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Forcepoint Data Loss Prevention, Trend Micro Integrated Data Loss Prevention and Elastic Security, whereas Zscaler DLP is most compared with Microsoft Purview Data Loss Prevention, Forcepoint Data Loss Prevention, Symantec Data Loss Prevention, Varonis Platform and Cyberhaven.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
