We performed a comparison between DFLabs IncMan SOAR and McAfee ePolicy Orchestrator based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The connectivity and analytics are great."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"The pricing of the product is excellent."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The vendors themselves will actually help with any customizations a client may require"
"I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs."
"The valuable feature of the McAfee ePolicy Orchestrator is the management of the policies."
"Their support is really good. I would rate it a nine out of ten. I have never any issues with their support. They always reply and follow our queries on time."
"What I like the most is the ability to manage centrally, to manage the various devices, the platform, and the endpoint, all from one console."
"We get fewer false positives than with other solutions."
"The DLP feature in McAfee ePolicy Orchestrator is good."
"The policy auditing, policy management, and device auditing are all valuable features. Our customers appreciated the ability to get alerts to system-wide events from a single view."
"The central management console is the solution's most valuable aspect."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"One key area that can be improved is by building a strong integration with our XDR platform."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The troubleshooting has room for improvement."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The support is not 24/7."
"There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space."
"I would like to see McAfee reduce the amount of manual work required."
"McAfee ePolicy Orchestrator could improve by supporting container microservices, such as Docker and Kubernetes."
"As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers."
"There needs to be support for Mac computers. Currently, McAfee does not work on iOS."
"There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates."
"The detection aspect should be improved so that signatures are updated more quickly."
"The solution sometimes has some false positives on IP addresses, from the web control aspect of the product. This needs to be improved."
Earn 20 points
DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR) while McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 38 reviews. DFLabs IncMan SOAR is rated 0.0, while McAfee ePolicy Orchestrator is rated 8.0. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". DFLabs IncMan SOAR is most compared with IBM Resilient and Palo Alto Networks Cortex XSOAR, whereas McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Forcepoint Data Loss Prevention and Trend Micro Integrated Data Loss Prevention.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.