We performed a comparison between Exabeam Fusion SIEM and McAfee ePolicy Orchestrator based on real PeerSpot user reviews.
Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are able to deploy within half an hour and we only require one person to complete the implementation."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The solution's initial setup process is easy."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"It's a very user-friendly product and it's a very comprehensive technology."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"Timeline based analysis; good platform support"
"The advanced analytics has a really great overview of user behavior."
"The most valuable feature of the solution is the central management console, which is used for DLP, endpoint security, drive encryption, and application control."
"The graphical interface of the solution is its most valuable aspect."
"The most valuable features of this solution are the antivirus and the DLP."
"The solution's best part is that it is very easy to manage McAfee Agent."
"We implemented data transfer protection, which allows transfer in one direction only. Users can copy from the PC to the USB but not from the USB to the PC. That way, if someone is carrying a virus on a USB, it will not be transferred to the PC."
"McAfee ePolicy Orchestrator has a built-in advanced pattern, which is very useful because it can detect any pattern."
"We get fewer false positives than with other solutions."
"The general endpoint protection is valuable, and it is easy to manage."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The solution could improve the playbooks."
"One key area that can be improved is by building a strong integration with our XDR platform."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The only thing is sometimes you can have a false positive."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"I believe if it were more flexible it would be a better product."
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"We still have questions surrounding hardware deployment."
"The only problem is that the UI is not very impressive."
"The organzation is rigid and not flexible in the way they operate"
"There is a problem when it comes to agent communication and duplicate records, where the rebooting of a machine leads to the installation of a new agent and you get a lot of duplicate records that ultimately affect your compliance monitoring."
"We would like to see more integration with different platforms and extend this to other platforms. We are migrating to the cloud and want to extend it from our on-premises setup to the cloud."
"The issues with the integration capabilities of the product, specifically the ones that are deployed on an on-premises model, need to be improved."
"McAfee ePolicy Orchestrator could improve by supporting container microservices, such as Docker and Kubernetes."
"The solution sometimes has some false positives on IP addresses, from the web control aspect of the product. This needs to be improved."
"Lacks a single plug-in for multiple uses."
"The rollout to cover the online resources, such as SharePoint, One Drive, and Office 365 doesn't seem to have a very clear path."
"There are some issues relating to the automation of reports. That's why I wanted the DLP reports. There are some problems in this area. Sometimes it does not work even though all the configuration words are right. There are also some problems with automatic updates."
Exabeam Fusion SIEM is ranked 13th in Security Orchestration Automation and Response (SOAR) with 10 reviews while McAfee ePolicy Orchestrator is ranked 9th in Security Orchestration Automation and Response (SOAR) with 39 reviews. Exabeam Fusion SIEM is rated 8.0, while McAfee ePolicy Orchestrator is rated 8.0. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of McAfee ePolicy Orchestrator writes "Useful agent communication, reliable, but lacking support for microservices". Exabeam Fusion SIEM is most compared with IBM Security QRadar, Splunk User Behavior Analytics, Splunk Enterprise Security, Palo Alto Networks Cortex XSOAR and Cortex XSIAM, whereas McAfee ePolicy Orchestrator is most compared with Splunk SOAR, Symantec Data Loss Prevention, Zscaler DLP, Trend Micro Integrated Data Loss Prevention and Elastic Security. See our Exabeam Fusion SIEM vs. McAfee ePolicy Orchestrator report.
See our list of best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.