We performed a comparison between CRITICALSTART and McAfee ePolicy Orchestrator based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The initial setup is very simple and straightforward."
"The analytic rule is the most valuable feature."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The main difference between the other options and this one is the quality of the personnel within the SOC. It's their knowledge and depth and the way they handle customers."
"Outside of using the platform to manage alerts, the feature of the service that we get the most value from is being able to reach out to them and say, "Hey, we might go buy a SIEM," for example. They give us their overview of what's out there, what they've dealt with, what they integrate with, and what that looks like. That's been pretty powerful over the years for us."
"There is a team of people who monitor our traffic and processes 24/7, so if anything raises a flag or alert, it will escalate back to me right away. That's the most incredible part: Humans working behind the scenes 24/7 to monitor our networks."
"The quick interaction between the agents is the most valuable feature. If we have questions, they're quick to answer. If we make a change to our system, they quickly make the changes that are necessary to filter the logs correctly."
"Customer service and their response are phenomenal. I would give their customer support a nine point five (out of 10). Our easy access to their SOC analyst, sales team, and leadership team instills confidence in me that they are there for us 24/7."
"Their Zero Trust Analytics Platform (ZTAP) engine, which is kind of their correlation engine, is by far and away one of the best in the business. We can filter and utilize different lists to build out different alerts, such as, what to alert on and when not to alert. This engine helps reduce our number of alerts and false positives."
"My impression of the transparency of the data is that it has good detail. It allows you to see how many events have come in, how many of those events have made it down to their analysts to review, and then however many from their analysts to be able to close out, have been able to been escalated to us. It's a good metric that we can share with my management. They see the value of what the SOC is bringing on top of what my team is already doing."
"There are two parts of CRITICALSTART's services that are most valuable to us. The MDR solution where they monitor our computers, laptops, and users across the board; and their knowledge of Palo Alto firewalls."
"McAfee is helping us to clean all of the viruses from the machines, protecting our desktops from the latest threats."
"The graphical interface of the solution is its most valuable aspect."
"The initial setup is very easy."
"I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs."
"From a single dashboard, I can take a look at several things including the endpoint protection, the file integrity section, the data activity monitor, and more."
"The central management console is the solution's most valuable aspect."
"The solution's best part is that it is very easy to manage McAfee Agent."
"If you set it up right, it can really manage a very complex environment which require fine tuning where there are a lot of exceptions. That's what it caters to. It can just do those specifics in those exceptional situations, which is good."
"The solution could improve the playbooks."
"We'd like to see more connectors."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"I would like to be able to monitor applications outside of the Azure Cloud."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"I think the number one area of improvement for Sentinel would be the cost."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The biggest room for improvement is not necessarily in their service or offering, but in the products that they support. I would like them to further their knowledge and ability to integrate with those tools. They have base integrations with everything, and we haven't come across anything. They should just continue to build on that API interface between their applications and other third-party consoles."
"There is room for improvement with the new UI, and that's about it. I would like to see a more intuitive design."
"They just did a user interface overhaul to the website portal that you use for troubleshooting tickets. The old one was fine. The new one is not intuitive..."
"In terms of responsiveness, when I open up an alert, sometimes it takes a bit of time to load. However, it only happened once or twice."
"The updated UI is actually pretty bad. Regarding the intuitiveness, it is fairly easy to use, but the responsiveness, on a scale of one to 10, is a one. It's really poor performance."
"It has frustrated us that they don't have a native Slack integration, because most things do now. That's something we've asked for, for years, and it just doesn't really seem like it's a priority."
"The UI has become slower but it's not something I would call them out on."
"During the six-month integration and rollout, there were some bumpy roads along the way. There were communication breakdowns between the project manager, CRITICALSTART leadership, and us (as the customer). I expressed my displeasure during the integration in their inability to effectively communicate when there were holdups or issues. They were going through some growing pains at that time, but they have been right there for us ever since."
"McAfee ePolicy Orchestrator could improve by supporting container microservices, such as Docker and Kubernetes."
"It's a little bit complex to configure it, but when you start using it, it is much easier. There are many policies that you need to create, and in three or four places"
"The issues with the integration capabilities of the product, specifically the ones that are deployed on an on-premises model, need to be improved."
"They have to do something to make the solution more resilient or recoverable from power failure events, which may include creating their own database."
"While there are bugs and a few functionality issues, it is just a matter of raising them with the support team. However, support is part of the problem as well. You want everything to be seamless in a perfect world, but the support is spread across different countries. They have Level 1, 2, and 3. Level 1 is most likely in a developing country. They don't provide the best service."
"There are some issues we are having with updating our Windows server. So we need to contact support or access our support portal."
"McAfee should improve in terms of customer support and assigning a knowledgeable TAM to customers."
"I would like to see McAfee reduce the amount of manual work required."
Earn 20 points
CRITICALSTART is ranked 29th in Security Orchestration Automation and Response (SOAR) while McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 38 reviews. CRITICALSTART is rated 9.4, while McAfee ePolicy Orchestrator is rated 8.0. The top reviewer of CRITICALSTART writes "Offers the ability to close review tickets or alerts through a mobile phone and to interact with engineers on their side via the app". On the other hand, the top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". CRITICALSTART is most compared with Arctic Wolf Managed Detection and Response, BlueVoyant CORE, ReliaQuest GreyMatter, CrowdStrike Falcon Complete and Red Canary MDR, whereas McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Forcepoint Data Loss Prevention and Elastic Security.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.