We performed a comparison between McAfee ePolicy Orchestrator and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"It has basic out-of-the-box integrations with multiple log sources."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"It's pretty powerful and its performance is pretty good."
"The initial setup is very simple and straightforward."
"The valuable feature of the McAfee ePolicy Orchestrator is the management of the policies."
"The most valuable features of McAfee ePolicy Orchestrator are the easy-to-use console, and lots of reports, such as customized reports and inventory reports. Additionally, overall the centralized management is very good where you can see the compliance levels and inventory."
"The DLP feature in McAfee ePolicy Orchestrator is good."
"The central manager policy means we have almost all client modules in one solution."
"The security is a key feature and the console is very user friendly."
"The most valuable feature of the McAfee ePolicy Orchestrator is agent communication."
"What I like the most is the ability to manage centrally, to manage the various devices, the platform, and the endpoint, all from one console."
"The policy auditing, policy management, and device auditing are all valuable features. Our customers appreciated the ability to get alerts to system-wide events from a single view."
"The solution provides threat intelligence with EDR."
"It is a scalable solution."
"The most valuable features are simplicity and ease of integration."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"We use the solution to automate our SIEM tools and incidents."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"The product can automate security tasks."
"The product is quite easy to use."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"The only thing is sometimes you can have a false positive."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"McAfee should improve in terms of customer support and assigning a knowledgeable TAM to customers."
"There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space."
"They have to do something to make the solution more resilient or recoverable from power failure events, which may include creating their own database."
"We would like to see more integration with different platforms and extend this to other platforms. We are migrating to the cloud and want to extend it from our on-premises setup to the cloud."
"I would like to see McAfee reduce the amount of manual work required."
"McAfee ePolicy Orchestrator support has been helpful. However, sometimes when I raise the case they take a while to answer. For example, the last time I used them it took them two weeks to reply back by email. No one has contacted me back since. They should improve their service."
"The solution could improve the EDR component in many areas, such as the zero-day and persistent threats. The implementation is also complex for this feature."
"The areas of concern where improvements are needed are related to the product's assignment policy and tag assignment, where users can assign the policies with the help of tags and sort out the systems."
"The solution requires DV but does not support open-source DV elastic searches."
"The configuration of the solution could improve it is difficult."
"XSOAR could have more integration options."
"The solution's correlation rules and playbooks should be improved."
"It doesn't offer automatic internet reports out of the box."
"I think they should increase their collaboration base."
"The dashboard could be better."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP and Forcepoint Data Loss Prevention, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations. See our McAfee ePolicy Orchestrator vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.