We performed a comparison between McAfee ePolicy Orchestrator and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The connectivity and analytics are great."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The initial setup is very simple and straightforward."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"From a single dashboard, I can take a look at several things including the endpoint protection, the file integrity section, the data activity monitor, and more."
"We implemented data transfer protection, which allows transfer in one direction only. Users can copy from the PC to the USB but not from the USB to the PC. That way, if someone is carrying a virus on a USB, it will not be transferred to the PC."
"McAfee ePolicy Orchestrator has a built-in advanced pattern, which is very useful because it can detect any pattern."
"It is a scalable solution...I rate its scalability a nine out of ten."
"The security is a key feature and the console is very user friendly."
"The most valuable features of McAfee ePolicy Orchestrator are the easy-to-use console, and lots of reports, such as customized reports and inventory reports. Additionally, overall the centralized management is very good where you can see the compliance levels and inventory."
"The graphical interface of the solution is its most valuable aspect."
"Technical support is very helpful."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"The strengths of Palo Alto Networks Cortex XSOAR stem from the fact that it provides functionalities related to patching and URL blocking...It is a scalable solution."
"The solution provides threat intelligence with EDR."
"They have a portal where you can find any kind of integration that you need."
"The product is quite easy to use."
"The most valuable feature is automation."
"Many different playbooks are available and can be customized."
"The solution is very reliable."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The product can be improved by reducing the cost to use AI machine learning."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space."
"The areas of concern where improvements are needed are related to the product's assignment policy and tag assignment, where users can assign the policies with the help of tags and sort out the systems."
"Sometimes agents hang. We have to reinstall the agents."
"The installation process is quite difficult and requires technical support."
"There are some issues we are having with updating our Windows server. So we need to contact support or access our support portal."
"While there are bugs and a few functionality issues, it is just a matter of raising them with the support team. However, support is part of the problem as well. You want everything to be seamless in a perfect world, but the support is spread across different countries. They have Level 1, 2, and 3. Level 1 is most likely in a developing country. They don't provide the best service."
"As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers."
"The impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this."
"I would like to see Cortex become less dependent on Active Directory and group policies to manage the deployment. Maybe I need to update my understanding of how to deploy it, but that's the way I know how to use it."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"There is room for improvement in support. The response time could be faster."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"The solution should be made a bit cheaper."
"The dashboard performance could be improved."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
McAfee ePolicy Orchestrator is ranked 8th in Security Orchestration Automation and Response (SOAR) with 38 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 39 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Forcepoint Data Loss Prevention and Zscaler Cloud DLP, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our McAfee ePolicy Orchestrator vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.