IT Central Station is now PeerSpot: Here's why

McAfee ePolicy Orchestrator Room for Improvement

BD
cybersecurity specialist at a mining and metals company with 10,001+ employees

In terms of what could be improved, I would say the impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this.

As for what I would like to see in the next release, that is related to the disadvantages, the drawbacks as I would call it. Some tuning of the inheritances for policies and things, so that we can extend policies to a lower level in the organization or in the structure. Inherit and extend rather than break the inheritance and start again on a lower level, because then, when on a higher level, and something changes, it has to be replicated on a lower level, rather than being taken automatically into account which complicates the management. Additionally, some performance tuning on the endpoints to make sure the agent does not take too much resources or it could be further granularly customized. Something like it should not take more than X percent of memory or of CPU in office hours, business hours, and could take more outside of those hours. So some tweaks, improvements, and configuration options in these areas.

View full review »
SambhajiBhosale - PeerSpot reviewer
Network Security Consultant at a tech services company with 10,001+ employees

The solution could improve the EDR component in many areas, such as the zero-day and persistent threats. The implementation is also complex for this feature.

There are different policies in the solution, such as EPO for EDR, and for Sandboxing, but when it comes to the EPO it is only for the policy orchestration and not for the analysis, incident management, or for the team who is working on the cyber security. They need to know how to use a different console, which is integrated nicely in their cloud platform called Envision but they have not done it in the EPO. 

I don't know what the McAfee strategy is, why they have not integrated the EDR analysis piece into the EPO. It is already available in the Envision, but not in the EPO. This is a difficulty. Whenever there needs to be any analysis, correlation, and in-depth EDR functionality it is not part of the EDR. There is a separate console for it. We need to depend on the inventory and the policy, and the EPO, but when it comes to analysis and in-depth alert details, then we need to dive into another console.

There are times when it is good to have one console to allow people to receive the trained analysis and historical data related to that particular incident.

View full review »
JF
Security Analyst at a financial services firm with 201-500 employees

The solution sometimes has some false positives on connections from the web control aspect of the product. This needs to be improved.

When you have false positive on the firewall, it rarely blocks off some legitimate connections to our network. 

The reporting could be better. 

Search or filter on Knowledge base gives broad choices instead of almost specific to your search. 

agent communication between client and server but products are not deployed.

View full review »
Buyer's Guide
McAfee ePolicy Orchestrator
June 2022
Learn what your peers think about McAfee ePolicy Orchestrator. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
610,518 professionals have used our research since 2012.
JD
Chief Information Security Officer at a venture capital & private equity firm with 201-500 employees

There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space.

View full review »
SM
Cyber Security Consultant at a tech services company with 10,001+ employees

The product could have a single plug-in that would have multiple uses rather than a single plug-in which is used for a single purpose. Each aspect has a separate plug-in. They should concentrate on providing something for all of the options that are available.

View full review »
Shreyansh Sharma - PeerSpot reviewer
Instrument and Control Engineer at a energy/utilities company with 10,001+ employees

Sometimes agents hang. We have to reinstall the agents. On top of that, we have too many advisories for ePO. There are stability issues. 

View full review »
AS
Cyber Security Consultant at a computer software company with 51-200 employees

McAfee ePolicy Orchestrator requires a lot of manual work. For example, if you use Symantec DLP, only one policy is needed, and you can apply it to all of the channels that are an endpoint, like the web or email. With McAfee, you need to create separate rules for all of those channels. One policy for email, one policy for web, and so on. I would like to see McAfee reduce the amount of manual work required.

In the next release, I would like to see an integration with third-party solutions for classification. We find that implementation is limited for some products. I would like an open API that we can integrate with other classification tools. 

View full review »
KR
Implementation Engineer at a tech vendor with 201-500 employees

As for improvements, I think that putting everything on a cloud and one console would be a great idea and would be useful for customers. 

View full review »
Buyer's Guide
McAfee ePolicy Orchestrator
June 2022
Learn what your peers think about McAfee ePolicy Orchestrator. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
610,518 professionals have used our research since 2012.