We performed a comparison between McAfee ePolicy Orchestrator and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Sentinel pricing is good"
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The best part is management in McAfee ePolicy Orchestrator."
"The most valuable feature of the McAfee ePolicy Orchestrator is agent communication."
"The initial setup is very easy."
"We get fewer false positives than with other solutions."
"What I like the most is the ability to manage centrally, to manage the various devices, the platform, and the endpoint, all from one console."
"Technical support is very helpful."
"I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs."
"We implemented data transfer protection, which allows transfer in one direction only. Users can copy from the PC to the USB but not from the USB to the PC. That way, if someone is carrying a virus on a USB, it will not be transferred to the PC."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"Its agility and scalability are valuable."
"It is a scalable solution."
"The solution is very reliable."
"It was useful as a ticketing tool."
"The product is quite easy to use."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The only thing is sometimes you can have a false positive."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The solution could be more user-friendly; some query languages are required to operate it."
"The solution could improve the EDR component in many areas, such as the zero-day and persistent threats. The implementation is also complex for this feature."
"The solution sometimes has some false positives on IP addresses, from the web control aspect of the product. This needs to be improved."
"McAfee ePolicy Orchestrator should improve its integration with other tools."
"The way that ePolicy launches the updates is very slow. It would be great if that was faster."
"There needs to be support for Mac computers. Currently, McAfee does not work on iOS."
"Lacks a single plug-in for multiple uses."
"There is a problem when it comes to agent communication and duplicate records, where the rebooting of a machine leads to the installation of a new agent and you get a lot of duplicate records that ultimately affect your compliance monitoring."
"I would like to see McAfee reduce the amount of manual work required."
"The solution is very expensive."
"The platform’s setup procedures could be streamlined compared to one of its competitors."
"There is room for improvement in support. The response time could be faster."
"The solution requires DV but does not support open-source DV elastic searches."
"The configuration of the solution could improve it is difficult."
"It is been decommissioned by Palo Alto."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"We need a little hands-on experience to install the solution."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 38 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 40 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP and Forcepoint Data Loss Prevention, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our McAfee ePolicy Orchestrator vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.