We performed a comparison between McAfee ePolicy Orchestrator and ServiceNow Security Operations based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The analytic rule is the most valuable feature."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The automation feature is valuable."
"The security is a key feature and the console is very user friendly."
"The feature that I have found most valuable is its general purpose of protecting our endpoints from infections, malicious files, and all those kinds of things. The fact that there are organized policies and policy inheritance. The general management."
"McAfee ePolicy Orchestrator has a built-in advanced pattern, which is very useful because it can detect any pattern."
"Application control and traffic encryption are the most valuable features."
"The central management console is the solution's most valuable aspect."
"The most valuable feature of the McAfee ePolicy Orchestrator is agent communication."
"Their support is really good. I would rate it a nine out of ten. I have never any issues with their support. They always reply and follow our queries on time."
"The most valuable features of McAfee ePolicy Orchestrator are the easy-to-use console, and lots of reports, such as customized reports and inventory reports. Additionally, overall the centralized management is very good where you can see the compliance levels and inventory."
"It's stable."
"ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."
"The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product."
"The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user."
"Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence."
"My favorite feature is the application vulnerability scanner."
"The solution is stable."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"I would like to see more AI used in processes."
"We'd like to see more connectors."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"McAfee ePolicy Orchestrator support has been helpful. However, sometimes when I raise the case they take a while to answer. For example, the last time I used them it took them two weeks to reply back by email. No one has contacted me back since. They should improve their service."
"Features such as full drive encryption are lacking in the cloud version."
"Sometimes agents hang. We have to reinstall the agents."
"There needs to be support for Mac computers. Currently, McAfee does not work on iOS."
"Lacks a single plug-in for multiple uses."
"They have to do something to make the solution more resilient or recoverable from power failure events, which may include creating their own database."
"The issues with the integration capabilities of the product, specifically the ones that are deployed on an on-premises model, need to be improved."
"McAfee ePolicy Orchestrator could improve by supporting container microservices, such as Docker and Kubernetes."
"Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change."
"There is room for improvement in terms of developer support and documentation."
"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."
"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."
"It's very slow. When you click a button or update a field, it takes forever to actually react."
"The initial setup is difficult."
"An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate. As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution."
"The threat intelligence module needs a better dashboard."
More ServiceNow Security Operations Pricing and Cost Advice →
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 38 reviews while ServiceNow Security Operations is ranked 8th in Security Orchestration Automation and Response (SOAR) with 14 reviews. McAfee ePolicy Orchestrator is rated 8.0, while ServiceNow Security Operations is rated 8.0. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of ServiceNow Security Operations writes "Mature with nice UI and customizable workflows". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Forcepoint Data Loss Prevention and Elastic Security, whereas ServiceNow Security Operations is most compared with Palo Alto Networks Cortex XSOAR, Splunk SOAR, IBM Resilient, Fortinet FortiSOAR and Swimlane. See our McAfee ePolicy Orchestrator vs. ServiceNow Security Operations report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.