We performed a comparison between McAfee ePolicy Orchestrator and NetWitness XDR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"It has a lot of great features."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Free ingestion for Azure logs (with E5 licence)"
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Their support is really good. I would rate it a nine out of ten. I have never any issues with their support. They always reply and follow our queries on time."
"It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten."
"From a single dashboard, I can take a look at several things including the endpoint protection, the file integrity section, the data activity monitor, and more."
"The DLP feature in McAfee ePolicy Orchestrator is good."
"The most valuable feature of the McAfee ePolicy Orchestrator is agent communication."
"If you set it up right, it can really manage a very complex environment which require fine tuning where there are a lot of exceptions. That's what it caters to. It can just do those specifics in those exceptional situations, which is good."
"I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs."
"The solution's best part is that it is very easy to manage McAfee Agent."
"The most valuable feature of RSA NetWitness Network is the single unified dashboard from which you can manage all the different products of RSA. Additionally, the integration with native applications is good."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"It is stable. We have been using it for some time, without any issues."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"The interface of this solution is very flexible and easy to use."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"This solution allows us to locate the malware in real-time."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"We'd like also a better ticketing system, which is older."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"The Virtual Patching feature needs to be improved."
"McAfee should improve in terms of customer support and assigning a knowledgeable TAM to customers."
"Features such as full drive encryption are lacking in the cloud version."
"The solution sometimes has some false positives on IP addresses, from the web control aspect of the product. This needs to be improved."
"We need to consolidate multiple features into one console. It would be beneficial to have all the important features on a single platform."
"There are some issues we are having with updating our Windows server. So we need to contact support or access our support portal."
"The way that ePolicy launches the updates is very slow. It would be great if that was faster."
"McAfee ePolicy Orchestrator needs to upgrade the technology; it's like their area function is not quite as good as compared to other market vendors."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The solution lacks a reporting engine."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"The initial setup requires a high level of skill."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"I would like to see Security Orchestration and Response Automation (SOAR) integration."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 38 reviews while NetWitness XDR is ranked 15th in Security Orchestration Automation and Response (SOAR) with 15 reviews. McAfee ePolicy Orchestrator is rated 8.0, while NetWitness XDR is rated 8.0. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Forcepoint Data Loss Prevention and Trend Micro Integrated Data Loss Prevention, whereas NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI. See our McAfee ePolicy Orchestrator vs. NetWitness XDR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.