Try our new research platform with insights from 80,000+ expert users

McAfee ePolicy Orchestrator vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

McAfee ePolicy Orchestrator
Ranking in Security Orchestration Automation and Response (SOAR)
9th
Average Rating
8.0
Reviews Sentiment
7.5
Number of Reviews
40
Ranking in other categories
No ranking in other categories
Microsoft Sentinel
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
90
Ranking in other categories
Security Information and Event Management (SIEM) (3rd), Microsoft Security Suite (5th), AI-Powered Cybersecurity Platforms (5th)
 

Mindshare comparison

As of December 2024, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of McAfee ePolicy Orchestrator is 0.7%, down from 0.8% compared to the previous year. The mindshare of Microsoft Sentinel is 21.0%, up from 20.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

DavidJones7 - PeerSpot reviewer
Offers automation alert features with easy integrations and impressive scalability
I would rate the initial setup an eight out of ten. There are a few technical challenges with the deployment, but it can easily solved by an experienced professional but not by a beginner user of the tool. The complete implementation and migration to McAfee ePolicy Orchestrator will take around three months. If someone is using a software platform already with implemented use cases in their environment, it might be difficult to implement the same use cases when the customer is migrating to McAfee ePolicy Orchestrator. The conditions and prior alert settings needs to be accurate when migrating to McAfee ePolicy Orchestrator, otherwise false positive alerts might get generated.
Nitin Arora - PeerSpot reviewer
Gives us one place to investigate and respond to threats, and automation eliminates manual work
They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature of the McAfee ePolicy Orchestrator is agent communication."
"The policy auditing, policy management, and device auditing are all valuable features. Our customers appreciated the ability to get alerts to system-wide events from a single view."
"Application control and traffic encryption are the most valuable features."
"The automation alert for the ticketing tool is one of the vital features"
"It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten."
"The best part is management in McAfee ePolicy Orchestrator."
"The general endpoint protection is valuable, and it is easy to manage."
"I really like the auditing component because it really looks at exactly what has happened on the network."
"The features that stand out are the detection engine and its integration with multiple data sources."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"While Microsoft Sentinel provides a log of security events, its true power lies in its integration with Microsoft Defender."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"We feel safe knowing that we have a solution that we can use to react in case of an emergency."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
 

Cons

"The rollout to cover the online resources, such as SharePoint, One Drive, and Office 365 doesn't seem to have a very clear path."
"The way that ePolicy launches the updates is very slow. It would be great if that was faster."
"McAfee ePolicy Orchestrator should improve its integration with other tools."
"McAfee ePolicy Orchestrator needs to upgrade its technology since the solution's EDR function is not good compared to other vendors in the market."
"We need to consolidate multiple features into one console. It would be beneficial to have all the important features on a single platform."
"While there are bugs and a few functionality issues, it is just a matter of raising them with the support team. However, support is part of the problem as well. You want everything to be seamless in a perfect world, but the support is spread across different countries. They have Level 1, 2, and 3. Level 1 is most likely in a developing country. They don't provide the best service."
"The Virtual Patching feature needs to be improved."
"The solution could improve the EDR component in many areas, such as the zero-day and persistent threats. The implementation is also complex for this feature."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"From a client perspective, they'd like to see more cost savings."
"The on-prem log sources still require a lot of development."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
 

Pricing and Cost Advice

"On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a three out of ten."
"McAfee tries to package different things into different products, then sell them as different products with different licenses. They just split everything up into multiple things. That's just their sales pitch and how they do it."
"It's an expensive solution"
"Compared to other Antivirus products, the cost of this solution is a bit high."
"This solution is priced in the mid-range."
"It is attractively priced. It is a fraction of what we're going to pay for CrowdStrike or SentinelOne, but it only has a fraction of the capabilities as well."
"There is a license required to use this solution. If we use the additional components, such as DLP encryption, there is an additional cost. However, it is similar to a separate product altogether. If you want to use that or not, it is optional, but when you use it, it will cost you additional pricing."
"For large enterprise companies, the price should be alright, but for small businesses, the uptake might be slow because, for these clients, the price doesn't look very attractive."
"In comparison to other security solutions, Microsoft Sentinel offers a reasonable price for the features included."
"There are no additional costs other than the initial costs of Sentinel."
"From a cost perspective, Microsoft Sentinel is quite costly."
"I don't know yet because they gave us a 30-day test window for free."
"The current licensing is based on the logs that are being ingested on the platform. Most of the SIEM solutions utilize that pricing model, but Microsoft should give us a customization option for controlling the kind of logs that we feed into Microsoft Sentinel. That will be much better. Otherwise, the pricing is a bit higher."
"I'm not happy with the pricing on the integration with Defender for Endpoint. Defender for Endpoint is log-rich. There is a lot of information coming through, and it is needed information. The price point at which you ingest those logs has made a lot of my customers make the decision to leave that within the Defender stack."
"Microsoft Sentinel is pretty expensive, and they recently announced that they will increase the price of all Microsoft services running in Azure by 11 percent. Luckily, I'm not responsible for the financial side. For one of my clients, the estimated cost is 880,000 euros for one year. There are additional costs for the service agreement."
"The combination of the ease of accessibility and the free cost of the service is great. But we buy storage based on our events per second and on how many sources are integrated into the solution."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
817,234 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Government
14%
Computer Software Company
11%
Financial Services Firm
10%
Manufacturing Company
10%
Computer Software Company
16%
Financial Services Firm
10%
Government
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Mcafee's MVision ePO or ePolicy Orchestrator?
Our organization ran comparison tests to determine whether Mcafee's MVision ePO or ePolicy Orchestrator network security software was the better fit for us. We decided to go with Mcafee's ePolicy O...
What do you like most about McAfee ePolicy Orchestrator?
I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs.
What is your experience regarding pricing and costs for McAfee ePolicy Orchestrator?
I do not have exact pricing details, however, I would rate the price at a four out of ten overall. There may be some extra costs for support if you get it from a partner.
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

McAfee ePO, ePolicy Orchestrator, Intel Security ePolicy Orchestrator, McAfee MVISION ePO
Azure Sentinel
 

Learn More

 

Overview

 

Sample Customers

Brelje & Race, Cognizant, Sutherland Global Services, Eagle Rock Energy, Arab National Bank, Bank Central Asia, Kleberg Bank, Leading Mexican Bank, SF Police Credit Union, Macquarie Telecom, Seagate Technology, Blackburn & Darwen Council, California Department of Corrections & Rehabilitation, IRCEP, Major U.S. State Government, State of Alaska, State of Colorado, Cemex, Deutsche Edelstahlwerke
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about McAfee ePolicy Orchestrator vs. Microsoft Sentinel and other solutions. Updated: October 2024.
817,234 professionals have used our research since 2012.