We performed a comparison between McAfee ePolicy Orchestrator and Splunk SOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The main benefit is the ease of integration."
"The features that stand out are the detection engine and its integration with multiple data sources."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs."
"We get fewer false positives than with other solutions."
"The general endpoint protection is valuable, and it is easy to manage."
"It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten."
"The most valuable feature of the solution is the central management console, which is used for DLP, endpoint security, drive encryption, and application control."
"McAfee ePolicy Orchestrator has a built-in advanced pattern, which is very useful because it can detect any pattern."
"The most valuable features of McAfee ePolicy Orchestrator are the easy-to-use console, and lots of reports, such as customized reports and inventory reports. Additionally, overall the centralized management is very good where you can see the compliance levels and inventory."
"The DLP feature in McAfee ePolicy Orchestrator is good."
"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."
"The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point."
"The most valuable feature is the risk-based access control."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"The solution’s dashboard is really good and customizable. It also has a good UI."
"Technical support is helpful."
"I would like to be able to monitor applications outside of the Azure Cloud."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"One key area that can be improved is by building a strong integration with our XDR platform."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The way that ePolicy launches the updates is very slow. It would be great if that was faster."
"As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers."
"The impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this."
"We need to consolidate multiple features into one console. It would be beneficial to have all the important features on a single platform."
"It's a little bit complex to configure it, but when you start using it, it is much easier. There are many policies that you need to create, and in three or four places"
"The solution could improve the EDR component in many areas, such as the zero-day and persistent threats. The implementation is also complex for this feature."
"McAfee ePolicy Orchestrator support has been helpful. However, sometimes when I raise the case they take a while to answer. For example, the last time I used them it took them two weeks to reply back by email. No one has contacted me back since. They should improve their service."
"We would like to see more integration with different platforms and extend this to other platforms. We are migrating to the cloud and want to extend it from our on-premises setup to the cloud."
"The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."
"The UI can be more customizable for the clients."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews while Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Splunk SOAR is rated 8.0. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". McAfee ePolicy Orchestrator is most compared with Symantec Data Loss Prevention, Zscaler DLP, Forcepoint Data Loss Prevention, Trend Micro Integrated Data Loss Prevention and Elastic Security, whereas Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and ThreatConnect Threat Intelligence Platform (TIP). See our McAfee ePolicy Orchestrator vs. Splunk SOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
