We performed a comparison between McAfee ePolicy Orchestrator and Symantec Data Loss Prevention based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The main benefit is the ease of integration."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The solution's best part is that it is very easy to manage McAfee Agent."
"The central management console is the solution's most valuable aspect."
"McAfee ePolicy Orchestrator has a built-in advanced pattern, which is very useful because it can detect any pattern."
"Application control and traffic encryption are the most valuable features."
"From a single dashboard, I can take a look at several things including the endpoint protection, the file integrity section, the data activity monitor, and more."
"The security is a key feature and the console is very user friendly."
"You have to have some experience, however, it's pretty simple to understand."
"The initial setup is very easy."
"The product is very robust."
"Technical support is very professional and responsive."
"Symantec Data Loss Prevention is the number one product in its field. It does its job well and it has all the necessary features. It is definitely better than any other solution on the market."
"It can prevent copying and encoding of HTTP data to various sites like Google, and Webex."
"I have found the most valuable feature to be partial enlisting."
"The solution offers great reporting."
"We can integrate with some other tools such as Splunk, which is very useful."
"It has good options for policy findings. You can do granular policy enhancements with multiple options. And the SMB blocking is a very good feature."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"The only thing is sometimes you can have a false positive."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The issues with the integration capabilities of the product, specifically the ones that are deployed on an on-premises model, need to be improved."
"There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates."
"Lacks a single plug-in for multiple uses."
"The rollout to cover the online resources, such as SharePoint, One Drive, and Office 365 doesn't seem to have a very clear path."
"McAfee ePolicy Orchestrator should improve its integration with other tools."
"The areas of concern where improvements are needed are related to the product's assignment policy and tag assignment, where users can assign the policies with the help of tags and sort out the systems."
"The solution is difficult to tune to avoid false positives."
"One thing that I don't like is that McAfee products change very often and upgrade very often."
"They need to expand the channels they check."
"The product's technical support services need improvement."
"The policies need to be improved."
"Data Masking could be improved."
"The Symantec DLP solution is very complex, and installation requires many components."
"We are finding delayed response if the macOS is updated. They need to make sure their solution is compatible."
"Technical support is pathetic."
"Symantec Data Loss Prevention's setup needs to be easier and support needs to be improved."
More Symantec Data Loss Prevention Pricing and Cost Advice →
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 38 reviews while Symantec Data Loss Prevention is ranked 3rd in Data Loss Prevention (DLP) with 53 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Symantec Data Loss Prevention is rated 8.0. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Symantec Data Loss Prevention writes "Consitent, accurate, and simple". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Zscaler DLP, Forcepoint Data Loss Prevention, Elastic Security and Trend Micro Integrated Data Loss Prevention, whereas Symantec Data Loss Prevention is most compared with Microsoft Purview Data Loss Prevention, Forcepoint Data Loss Prevention, Digital Guardian, CoSoSys Endpoint Protector and Code42 Incydr. See our McAfee ePolicy Orchestrator vs. Symantec Data Loss Prevention report.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.