We performed a comparison between McAfee ePolicy Orchestrator and Palo Alto Networks Cortex XSOAR based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"McAfee ePolicy Orchestrator has a built-in advanced pattern, which is very useful because it can detect any pattern."
"The most valuable features of McAfee ePolicy Orchestrator are the easy-to-use console, and lots of reports, such as customized reports and inventory reports. Additionally, overall the centralized management is very good where you can see the compliance levels and inventory."
"You have to have some experience, however, it's pretty simple to understand."
"I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs."
"The graphical interface of the solution is its most valuable aspect."
"The solution's best part is that it is very easy to manage McAfee Agent."
"The general endpoint protection is valuable, and it is easy to manage."
"The best part is management in McAfee ePolicy Orchestrator."
"Its agility and scalability are valuable."
"The most valuable features are simplicity and ease of integration."
"I have found the solution very useful, it integrates well with other platforms."
"It was useful as a ticketing tool."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"It is a scalable solution."
"It’s easy to install."
"Palo Alto is easy to use."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The solution could improve the playbooks."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"There are some issues we are having with updating our Windows server. So we need to contact support or access our support portal."
"The solution is difficult to tune to avoid false positives."
"McAfee ePolicy Orchestrator needs to upgrade the technology; it's like their area function is not quite as good as compared to other market vendors."
"The Virtual Patching feature needs to be improved."
"The rollout to cover the online resources, such as SharePoint, One Drive, and Office 365 doesn't seem to have a very clear path."
"There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates."
"Lacks a single plug-in for multiple uses."
"I would like to see McAfee reduce the amount of manual work required."
"The solution’s price and technical support could be improved."
"The configuration of the solution could improve it is difficult."
"We need a little hands-on experience to install the solution."
"Its dashboard features need improvement."
"The solution should be made a bit cheaper."
"The solution's correlation rules and playbooks should be improved."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"The solution is very expensive."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 38 reviews while Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews. McAfee ePolicy Orchestrator is rated 8.0, while Palo Alto Networks Cortex XSOAR is rated 8.4. The top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". On the other hand, the top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP and Forcepoint Data Loss Prevention, whereas Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient. See our McAfee ePolicy Orchestrator vs. Palo Alto Networks Cortex XSOAR report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.