Try our new research platform with insights from 80,000+ expert users

McAfee ePolicy Orchestrator vs Splunk SOAR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

McAfee ePolicy Orchestrator
Ranking in Security Orchestration Automation and Response (SOAR)
15th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
42
Ranking in other categories
No ranking in other categories
Splunk SOAR
Ranking in Security Orchestration Automation and Response (SOAR)
3rd
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
45
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of McAfee ePolicy Orchestrator is 0.7%, down from 0.7% compared to the previous year. The mindshare of Splunk SOAR is 7.6%, down from 8.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Binu Haneef - PeerSpot reviewer
Comprehensive security management enabled through efficient integration and automation
McAfee ePolicy Orchestrator helps automate routine security tasks. We created customized automation. For example, when we did not have an EDR or XDR solution, we created tasks exclusively for detection and response automation and automatic segregation of infected PCs. The ability to customize the dashboard in McAfee ePolicy Orchestrator helps us significantly. The main feature is automation for auto-segmentation and segregation. As we are in an AI era, McAfee can focus on AI tools. Instead of putting manual effort into each security-related task, it can implement more advanced automation using AI. This enhancement could improve cybersecurity significantly. Regarding the reporting area in McAfee ePolicy Orchestrator, we are satisfied with what we currently have. Our cybersecurity team needs customized reports beyond the default ones. We have more than 20 separate reports for identifying threats, managing, and understanding the security posture of our company and assets.
SAURABHYADAV4 - PeerSpot reviewer
Enables optimization by reducing manual intervention and increasing automation in the workflow
The product provides 100% automation for certain processes. It needs no manual intervention. We can integrate various tools like VirusTotal and ServiceNow. We can automate all the tasks. It is one of the best things about the tool. It also provides workforce protection. Whenever we get any alerts or make any configurations, we develop workflow automation using the playbooks. We can fully automate some of the security incident resolutions. We can also do identification and redirection using the product. I have integrated Splunk Phantom with Splunk Cloud. Previously, I used it with Splunk on-premise to get the logs into Splunk for tracking and audit purposes. Since Splunk is a SaaS-based product, it has certain maintenance windows. Over time, the vendor does some maintenance during off-production hours. Creating playbooks using the solution’s playbook editor is not tough. For someone who knows the solution, I rate the ease of creating playbooks as four out of five. The solution’s playbook viewer provides full visibility. The product provides different integrations. We can easily integrate the tool with VirusTotal, ServiceNow, and the asset and identity management system. The product is somewhat easier to use in an investigation. We have been able to identify the false positives using the product. The tool has helped reduce false positives by 30%. Splunk SOAR has helped reduce our mean time to detect by 10% to 15%. Splunk SOAR has a major impact on our meantime to resolve. Our mean time to resolve has been reduced by 35% to 40%. I have integrated VirusTotal with Splunk SOAR. Instead of doing manual checks, I can easily get the score by integrating the tool with Splunk SOAR. I have also synced Active Directory with the asset and identity management system. It's been a long time since we have implemented Splunk SOAR. It brings value to our organization. Before Splunk SOAR, everything was done using manual intervention. We had to educate the SOC team on how to do tasks. We also had to create playbooks for them. With Splunk SOAR, we only have to educate the team about how things are done so that they can perform a manual intervention when there is a failure, which is rare. After deploying the product, we had to provide some training to the SOC team. After getting trained, it was hands-on. Along with other Splunk solutions, Splunk SOAR provides the resilience to face any issues and hardships. We easily cope with downtimes. Splunk SOAR offers us end-to-end visibility across our environment. It depends on how much we utilize it. Visualizing and troubleshooting our cloud-native environment using Splunk SOAR is somewhat easy. I have to coordinate with the Phantom administrators if there is any issue. I work mostly on playbook development and integrating it with security instances.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"If you set it up right, it can really manage a very complex environment which require fine tuning where there are a lot of exceptions. That's what it caters to. It can just do those specifics in those exceptional situations, which is good."
"You have to have some experience, however, it's pretty simple to understand."
"The solution's best part is that it is very easy to manage McAfee Agent."
"The graphical interface of the solution is its most valuable aspect."
"I really like the auditing component because it really looks at exactly what has happened on the network."
"The DLP feature in McAfee ePolicy Orchestrator is good."
"McAfee ePolicy Orchestrator's performance is good."
"The central management console is the solution's most valuable aspect."
"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."
"The best feature in Splunk SOAR is the visual Playbook Editor. The drag-and-drop interfaces make visualizations and understanding workflows easy."
"Scalability is the best feature of the solution."
"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."
"In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board."
"My understanding is the initial setup isn't too hard."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"Technical support is helpful."
 

Cons

"The issues with the integration capabilities of the product, specifically the ones that are deployed on an on-premises model, need to be improved."
"It would be highly beneficial if the metrics or dashboards could be customized"
"There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space."
"McAfee ePolicy Orchestrator support has been helpful. However, sometimes when I raise the case they take a while to answer. For example, the last time I used them it took them two weeks to reply back by email. No one has contacted me back since. They should improve their service."
"Some drawbacks include difficulty in supporting improvements because we don't get proper response from Trellix support, so there is a need to improve the support."
"We need to consolidate multiple features into one console. It would be beneficial to have all the important features on a single platform."
"I would like to see McAfee reduce the amount of manual work required."
"McAfee ePolicy Orchestrator should improve its integration with other tools."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"They can improve on what they are currently doing. They can provide more playbooks or at least template playbooks that are in their repository."
"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."
"It could be easier to implement."
"There is a lot of room for improvement with the UI."
"The solution must provide more AIOps to improve predictability."
"To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
 

Pricing and Cost Advice

"Compared to other Antivirus products, the cost of this solution is a bit high."
"For large enterprise companies, the price should be alright, but for small businesses, the uptake might be slow because, for these clients, the price doesn't look very attractive."
"McAfee ePolicy Orchestrator is not an expensive solution."
"It is attractively priced. It is a fraction of what we're going to pay for CrowdStrike or SentinelOne, but it only has a fraction of the capabilities as well."
"It's an expensive solution"
"This solution is priced in the mid-range."
"McAfee ePolicy Orchestrator is a cheaply priced product, meaning it is not expensive since McAfee provides a free version of ePO, which includes phone support as well."
"On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a three out of ten."
"I found the price of Splunk SOAR to be good."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"The tool is not cheap."
"The cost is high and the licensing is on an annual basis."
"Splunk SOAR is more expensive compared to other options for SOAR."
"Splunk SOAR is an expensive solution for an organization of our size."
"I don't know the exact price, but for my region, it is very expensive."
"Splunk SOAR is moderately priced, neither cheap nor overly expensive."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
861,034 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Manufacturing Company
11%
Government
9%
Computer Software Company
8%
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
11%
University
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Mcafee's MVision ePO or ePolicy Orchestrator?
Our organization ran comparison tests to determine whether Mcafee's MVision ePO or ePolicy Orchestrator network security software was the better fit for us. We decided to go with Mcafee's ePolicy O...
What do you like most about McAfee MVISION ePO?
McAfee ePolicy Orchestrator's performance is good.
What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
What needs improvement with Splunk Phantom?
There are areas in Splunk SOAR that have room for improvement. To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced life...
 

Also Known As

McAfee ePO, ePolicy Orchestrator, Intel Security ePolicy Orchestrator, McAfee MVISION ePO
Phantom
 

Overview

 

Sample Customers

Brelje & Race, Cognizant, Sutherland Global Services, Eagle Rock Energy, Arab National Bank, Bank Central Asia, Kleberg Bank, Leading Mexican Bank, SF Police Credit Union, Macquarie Telecom, Seagate Technology, Blackburn & Darwen Council, California Department of Corrections & Rehabilitation, IRCEP, Major U.S. State Government, State of Alaska, State of Colorado, Cemex, Deutsche Edelstahlwerke
Recorded Future, Blackstone
Find out what your peers are saying about McAfee ePolicy Orchestrator vs. Splunk SOAR and other solutions. Updated: June 2025.
861,034 professionals have used our research since 2012.