We performed a comparison between Elastic Security and McAfee ePolicy Orchestrator based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The machine learning and artificial intelligence on offer are great."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The most valuable feature is the ability to collect authentication information from service providers."
"Stability-wise, I rate the solution a ten out of ten."
"It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten."
"The product has huge integration varieties available."
"The most valuable feature is the speed, as it responds in a very short time."
"The solution is quite stable. The performance has been good."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"Their support is really good. I would rate it a nine out of ten. I have never any issues with their support. They always reply and follow our queries on time."
"The policy auditing, policy management, and device auditing are all valuable features. Our customers appreciated the ability to get alerts to system-wide events from a single view."
"We get fewer false positives than with other solutions."
"The most valuable features of McAfee ePolicy Orchestrator are the easy-to-use console, and lots of reports, such as customized reports and inventory reports. Additionally, overall the centralized management is very good where you can see the compliance levels and inventory."
"It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten."
"Application control and traffic encryption are the most valuable features."
"I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs."
"The most valuable features of this solution are the antivirus and the DLP."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"We'd like to see more connectors."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"They don't provide user authentication and authorisation features (Shield) as a part of their open-source version."
"It's a little bit of a learning curve to understand the logic of searching for things and trying to find what you're looking for in Elastic Security."
"In terms of improvement, there could be more automation in responding to and evaluating detections."
"Their visuals and graphs need to be better."
"The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."
"In terms of what could be improved with Elastic, in some use cases, especially on the advanced level, they are not ready made, so you'll have to write some scripts."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"The solution could also use better dashboards. They need to be more graphical, more matrix-like."
"The impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this."
"The way that ePolicy launches the updates is very slow. It would be great if that was faster."
"The installation process is quite difficult and requires technical support."
"As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers."
"The rollout to cover the online resources, such as SharePoint, One Drive, and Office 365 doesn't seem to have a very clear path."
"McAfee ePolicy Orchestrator should improve its integration with other tools."
"McAfee should improve in terms of customer support and assigning a knowledgeable TAM to customers."
"I would like to see McAfee reduce the amount of manual work required."
Elastic Security is ranked 6th in Security Orchestration Automation and Response (SOAR) with 59 reviews while McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews. Elastic Security is rated 7.6, while McAfee ePolicy Orchestrator is rated 8.0. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Trend Micro Integrated Data Loss Prevention and Forcepoint Data Loss Prevention. See our Elastic Security vs. McAfee ePolicy Orchestrator report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.