We performed a comparison between McAfee ePolicy Orchestrator and ThreatConnect Threat Intelligence Platform (TIP) based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The connectivity and analytics are great."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The main benefit is the ease of integration."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Free ingestion for Azure logs (with E5 licence)"
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"We implemented data transfer protection, which allows transfer in one direction only. Users can copy from the PC to the USB but not from the USB to the PC. That way, if someone is carrying a virus on a USB, it will not be transferred to the PC."
"Their support is really good. I would rate it a nine out of ten. I have never any issues with their support. They always reply and follow our queries on time."
"The central management console is the solution's most valuable aspect."
"We get fewer false positives than with other solutions."
"The feature that I have found most valuable is its general purpose of protecting our endpoints from infections, malicious files, and all those kinds of things. The fact that there are organized policies and policy inheritance. The general management."
"The policy auditing, policy management, and device auditing are all valuable features. Our customers appreciated the ability to get alerts to system-wide events from a single view."
"The most valuable feature of the McAfee ePolicy Orchestrator is agent communication."
"From a single dashboard, I can take a look at several things including the endpoint protection, the file integrity section, the data activity monitor, and more."
"The product automatically generated a threat score based on the maliciousness of an IP."
"ThreatConnect has a highly user-friendly interface."
"The most valuable features are ease of use and the ability to customize it."
"It's a solid platform and is stable enough. It is not complicated and is easy to use."
More ThreatConnect Threat Intelligence Platform (TIP) Pros →
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"The troubleshooting has room for improvement."
"The solution should allow for a streamlined CI/CD procedure."
"One key area that can be improved is by building a strong integration with our XDR platform."
"There is room for improvement in entity behavior and the integration site."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"We need to consolidate multiple features into one console. It would be beneficial to have all the important features on a single platform."
"While there are bugs and a few functionality issues, it is just a matter of raising them with the support team. However, support is part of the problem as well. You want everything to be seamless in a perfect world, but the support is spread across different countries. They have Level 1, 2, and 3. Level 1 is most likely in a developing country. They don't provide the best service."
"There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space."
"One thing that I don't like is that McAfee products change very often and upgrade very often."
"The solution sometimes has some false positives on IP addresses, from the web control aspect of the product. This needs to be improved."
"It's a little bit complex to configure it, but when you start using it, it is much easier. There are many policies that you need to create, and in three or four places"
"The way that ePolicy launches the updates is very slow. It would be great if that was faster."
"There needs to be support for Mac computers. Currently, McAfee does not work on iOS."
"I couldn’t get any training videos online when I was working with the tool."
"It would be good to have more feeds and more integrated sources for enrichment."
"They should make it a little bit easier to generate events and share them with the community"
"Integration is an area that could use some improvement."
More ThreatConnect Threat Intelligence Platform (TIP) Cons →
More ThreatConnect Threat Intelligence Platform (TIP) Pricing and Cost Advice →
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 38 reviews while ThreatConnect Threat Intelligence Platform (TIP) is ranked 19th in Security Orchestration Automation and Response (SOAR) with 4 reviews. McAfee ePolicy Orchestrator is rated 8.0, while ThreatConnect Threat Intelligence Platform (TIP) is rated 8.0. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of ThreatConnect Threat Intelligence Platform (TIP) writes "The tool could be integrated into any environment, but it was expensive, and the deployment process was complex". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Forcepoint Data Loss Prevention and Trend Micro Integrated Data Loss Prevention, whereas ThreatConnect Threat Intelligence Platform (TIP) is most compared with Anomali ThreatStream, Recorded Future, ThreatQ, Palo Alto Networks Cortex XSOAR and Anomali Match. See our McAfee ePolicy Orchestrator vs. ThreatConnect Threat Intelligence Platform (TIP) report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
