No more typing reviews! Try our Samantha, our new voice AI agent.

McAfee ePolicy Orchestrator vs NetWitness NDR comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.8
Reviews Sentiment
6.5
Number of Reviews
14
Ranking in other categories
AI-SOC (1st), AI-Powered Security Automation (1st)
McAfee ePolicy Orchestrator
Ranking in Security Orchestration Automation and Response (SOAR)
16th
Average Rating
8.0
Reviews Sentiment
6.5
Number of Reviews
43
Ranking in other categories
No ranking in other categories
NetWitness NDR
Ranking in Security Orchestration Automation and Response (SOAR)
23rd
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
15
Ranking in other categories
Endpoint Protection Platform (EPP) (49th), Threat Intelligence Platforms (TIP) (34th), Endpoint Detection and Response (EDR) (59th), Network Detection and Response (NDR) (19th), Extended Detection and Response (XDR) (41st)
 

Mindshare comparison

As of July 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.8%, down from 5.7% compared to the previous year. The mindshare of McAfee ePolicy Orchestrator is 1.7%, up from 0.7% compared to the previous year. The mindshare of NetWitness NDR is 1.8%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Torq3.8%
McAfee ePolicy Orchestrator1.7%
NetWitness NDR1.8%
Other92.7%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

AD
Solutions Architect at Swimlane
Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency
Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.
Binu Haneef - PeerSpot reviewer
System Administrator at Sky News Arabia
Comprehensive security management enabled through efficient integration and automation
McAfee ePolicy Orchestrator helps automate routine security tasks. We created customized automation. For example, when we did not have an EDR or XDR solution, we created tasks exclusively for detection and response automation and automatic segregation of infected PCs. The ability to customize the dashboard in McAfee ePolicy Orchestrator helps us significantly. The main feature is automation for auto-segmentation and segregation. As we are in an AI era, McAfee can focus on AI tools. Instead of putting manual effort into each security-related task, it can implement more advanced automation using AI. This enhancement could improve cybersecurity significantly. Regarding the reporting area in McAfee ePolicy Orchestrator, we are satisfied with what we currently have. Our cybersecurity team needs customized reports beyond the default ones. We have more than 20 separate reports for identifying threats, managing, and understanding the security posture of our company and assets.
reviewer1799727 - PeerSpot reviewer
Manager, IT Security Operations at a non-profit with 11-50 employees
Reliable and good support but can be expensive
I have no real complaints about the solution. Threat detection could be better. They need to enhance their threat intelligence feeds. We would like to have more IOCs or more trade intelligence to not only rely on the intelligence of the engineer in charge but to have some threat intelligence and some seeds of IOCs and to have the host have some artificial intelligence to reduce the number of false positives. I don't see this solution being very scalable. The solution is pricey.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Under one SOC tool in Torq, analysts get to know everything within the context of an alert or incident they are working on, and this ability to view the whole picture within Torq is one of the major breakthroughs and best offerings of Torq."
"Almost four or five hours of work is now completed in four or five minutes."
"If I review about 100 vendors that I might work with, Torq is definitely in the top five that gave me personally investment back, just because every bit of effort I put into Torq eventually became a workflow that gave it back to me."
"What I appreciate most about Torq is that it is an essential part of our system."
"What I liked the most about Torq is the actual workflow builder, which is really great because they offer a lot of features and convenience features that are useful for any automation engineer."
"Since we started working with Torq, I am handling much fewer alerts, it is becoming really easy for me to handle an alert, I have all the information that I need, I do not need to connect to different vendors to receive this information, and the main thing I got from Torq is time, which now helps me to build another automated system and learn."
"Once I started to use the system and I saw the potential, it changed all of our work in IT."
"As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities."
"The solution provides excellent advanced analytics capabilities and the integration capabilities make it straightforward to integrate McAfee ePolicy Orchestrator with IT workflow systems."
"The best part is management in McAfee ePolicy Orchestrator."
"From a single dashboard, I can take a look at several things including the endpoint protection, the file integrity section, the data activity monitor, and more."
"In this cyberworld, McAfee is the best software to protect our machines."
"I like McAfee ePolicy Orchestrator software; it is great centralized security management software that allows management of various McAfee products on the client computers and makes risk and compliance management in the organization simpler and more reliable."
"It is a very manageable and effective orchestrator to manage all resources under one umbrella."
"The valuable feature of the McAfee ePolicy Orchestrator is the management of the policies."
"The user interface is great."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"Ability to isolate the machine when there are malicious files."
"I would highly recommend the solution. Just go ahead and get it."
"RSA NetWitness Endpoint has helped our organization from its many advantages and because it provides overall visibility of all of our endpoints within the enterprise network."
"The stability of the RSA NetWitness Endpoint is very good."
"This solution allows us to locate the malware in real-time."
"The interface of this solution is very flexible and easy to use."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
 

Cons

"Torq can probably use more ML and look at what can be closed and what cannot be closed in terms of data classification."
"Even now, we have workflows that are in production that use AI steps and I get different results, making it unusable to some degree."
"The workflow and execution-based charges seem misleading as this was not discussed initially, and creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers."
"I wish Torq's AI assistant for building templated workflows from scratch worked better; when you start with a blank slate, asking AI to help you build or template the workflow out does not go well."
"Regarding the pricing of Torq, I would say it is expensive."
"Torq does extensive marketing saying that SOAR is dead and markets itself as an all-in-one solution, but this is not actually true."
"Additionally, the documentation for Torq is not very clear. Most of the information is presented in videos, which are not ideal for reading; there are mostly paragraphs and other text-based content."
"Regarding stability, I have noticed some lagging, crashing, and downtime, which is one of my largest gripes."
"There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates."
"The solution could improve the EDR component in many areas, such as the zero-day and persistent threats. The implementation is also complex for this feature."
"It's a little bit complex to configure it, but when you start using it, it is much easier. There are many policies that you need to create, and in three or four places"
"I would like to see McAfee reduce the amount of manual work required."
"The fact that it uses MSSQL, and cannot be deployed on anything other than Windows, can be a problem."
"We need to consolidate multiple features into one console. It would be beneficial to have all the important features on a single platform."
"McAfee ePolicy Orchestrator could improve by supporting container microservices, such as Docker and Kubernetes."
"It would be highly beneficial if the metrics or dashboards could be customized"
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The problem with this product is that it's a bit slow."
"The initial setup requires a high level of skill, then the setup is good and smooth."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"The solution doesn't have a reporting engine which would be helpful."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The contamination feature could be improved."
 

Pricing and Cost Advice

Information not available
"Compared to other Antivirus products, the cost of this solution is a bit high."
"McAfee ePolicy Orchestrator is a cheaply priced product, meaning it is not expensive since McAfee provides a free version of ePO, which includes phone support as well."
"This solution is priced in the mid-range."
"It's an expensive solution"
"$The price of McAfee ePolicy Orchestrator is expensive, it is approximately $6,000 to $9,000 per license annually."
"On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a three out of ten."
"It is attractively priced. It is a fraction of what we're going to pay for CrowdStrike or SentinelOne, but it only has a fraction of the capabilities as well."
"For large enterprise companies, the price should be alright, but for small businesses, the uptake might be slow because, for these clients, the price doesn't look very attractive."
"We are on a three-year contract to use RSA NetWitness Network."
"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."
"It is an expensive product."
"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."
"The cost depends on the number of endpoints that you want to monitor, but it is not expensive."
"I do not have any opinion on the pricing or licensing of the product."
"They can easily adjust if you have the requirements which are required. If you have a budget cut or a budget constraint, they can bend."
"It is highly scalable. It can be bought based on your requirements."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
10%
Comms Service Provider
9%
Construction Company
13%
Manufacturing Company
10%
Financial Services Firm
10%
Marketing Services Firm
6%
Financial Services Firm
12%
Manufacturing Company
9%
Construction Company
8%
Computer Software Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business13
Midsize Enterprise11
Large Enterprise19
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise2
Large Enterprise6
 

Questions from the Community

What needs improvement with Torq?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...
What is your primary use case for Torq?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...
What advice do you have for others considering Torq?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...
Which is better - Mcafee's MVision ePO or ePolicy Orchestrator?
Our organization ran comparison tests to determine whether Mcafee's MVision ePO or ePolicy Orchestrator network secur...
What needs improvement with McAfee MVISION ePO?
There is a question regarding suggestions for additional tools or functions for McAfee ePolicy Orchestrator, and whet...
What is your primary use case for McAfee MVISION ePO?
The question pertains to describing the use case and process for which people utilize McAfee ePolicy Orchestrator.
Ask a question
Earn 20 points
 

Also Known As

No data available
McAfee ePO, ePolicy Orchestrator, Intel Security ePolicy Orchestrator, McAfee MVISION ePO
RSA ECAT, NetWitness Network
 

Overview

 

Sample Customers

Information Not Available
Brelje & Race, Cognizant, Sutherland Global Services, Eagle Rock Energy, Arab National Bank, Bank Central Asia, Kleberg Bank, Leading Mexican Bank, SF Police Credit Union, Macquarie Telecom, Seagate Technology, Blackburn & Darwen Council, California Department of Corrections & Rehabilitation, IRCEP, Major U.S. State Government, State of Alaska, State of Colorado, Cemex, Deutsche Edelstahlwerke
ADP, Ameritas, Partners Healthcare
Find out what your peers are saying about McAfee ePolicy Orchestrator vs. NetWitness NDR and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.