McAfee ePolicy Orchestrator Reviews

We use McAfee ePolicy Orchestrator for security and protection from ransomware, malware, and malicious files.

The most valuable feature of the solution is the central management console, which is used for DLP, endpoint security, drive encryption, and application control.

McAfee ePolicy Orchestrator should improve its integration with other tools.

I have been using McAfee ePolicy Orchestrator for five years.

I rate McAfee ePolicy Orchestrator ten out of ten for stability.

Around 600 users use the solution in our organization.

I rate McAfee ePolicy Orchestrator ten out of ten for scalability.

The solution's initial setup is easy.

For the solution's implementation, we have an on-premise server. We are using the APO application on that server, and we are managing all endpoints from the APO console. We have created multiple policies for USB blocking, ransomware protection, and URL blocking from the APO console. We have also created the schedule for weekly scanning.

McAfee ePolicy Orchestrator is expected to be deployed in two hours.

On a scale from one to ten, where one is cheap, and ten is expensive, I rate the solution's pricing a three out of ten.

Overall, I rate McAfee ePolicy Orchestrator ten out of ten.

We use it to encrypt the shared folder file our customers receive containing information about the many rules and teams. So we abide by them and allow each team to access just files on it.

I believe the encryption is interrupting the file, and they're guiding it to a specific growth.So, that's a variety.

There are some issues we are having with updating our Windows server. So we need to contact support or access our support portal.

So, they should modify the cybersecurity suites to allow the customer to work properly again.

I have been using the solution for a year. 

Most of the data is stable until we apply hundreds of updates, so when it comes to updating, it is not stable. We will have to modify the type of suits by our sale. For the console services, the ePO server is not the end user. We are doing it in one hour.

It is a scalable solution. There are around 3,000 to 4,000 customers, and end users using the product. I rate its scalability a nine out of ten.

They are good and give quick responses. I rate it ten out of ten.

Positive

The initial setup is easy. It de[pends on the way you install it. The solution was deployed within a couple of hours. Four to five people are required for the maintenance.

I recommend the solution to those planning to use it. I rate the overall solution ten out of ten.

We use McAfee ePolicy Orchestrator to see attacks in real time. We also use it for storage as well.

I like the solution's feasibility. McAfee ePolicy Orchestrator is also better and easier to use than other ePOs.

The installation process is quite difficult and requires technical support.

I've been using this solution for one month.

It is a stable solution.

McAfee ePolicy Orchestrator is scalable, and we have 25 users in our organization. We are an enterprise level company.

The implementation process is complex and requires four to six people, including a QA person.

It was a complex process because we needed access approvals to use SaaS, and the URLs would get decommissioned most of the time. We also faced problems with end-to-end encryption.

I implemented it with the help of my senior architect.

On a scale from one to ten, I would rate McAfee ePolicy Orchestrator at eight.

We're using this solution for its antivirus and device control. We are partners with McAfee and resellers, and I am an engineer. 

The MVISION Insights is a good feature because it gives users the ability to see what's out there, which is what our customers are looking for. I know that they are adding ISO application control which is also a good feature.

There are some features available with the on-premise version that are unfortunately not available on cloud such as encryption. For now, there is only management for native encryption and not full drive encryption. I'd like to see more integration and a lighter antivirus; most of the complaints from customers relate to the search utilization.

There needs to be more integration. Customers want to see MVISION Cloud integrated with things like SIEM, whether it's Microsoft, Fortinet, or something else.

The solution is stable, quite a number of our customers are running it and there haven't really been any problems. 

The solution is scalable. 

The technical support is very good and they respond quite quickly. 

The initial setup is very easy and the system only requires one person that has reasonable knowledge to manage it. 

I think that licensing costs are reasonable and you get your money's worth.  

Companies like Palo Alto and Check Point have amazing SOAR solutions; in the case of Check Point it's an EDR type solution. I think McAfee MVISION is much better now that we have things like Insights. McAfee's advantage is that there are fewer false positives compared to some of these other vendors, so I'd say they're doing well.

There is a trade-off between the on-prem version and the cloud version. Some features that are available on-prem are not available on cloud but there are other features we can get on cloud that are not available on-prem. I believe this is a good solution and rate it nine out of 10. 

We have deployed McAfee ePolicy Orchestrator in the cloud and on-premise.

We are using McAfee ePolicy Orchestrator mainly for device policy management. We have many different solutions that we manage with McAfee ePolicy Orchestrator.

The valuable feature of the McAfee ePolicy Orchestrator is the management of the policies.

I have used McAfee ePolicy Orchestrator within the last 12 months.

I have found McAfee ePolicy Orchestrator to be stable.

We have approximately 1,200 users using McAfee ePolicy Orchestrator in my organization. If we expand we will purchase more licenses.

McAfee ePolicy Orchestrator support has been helpful. However, sometimes when  I raise the case they take a while to answer. For example, the last time I used them it took them two weeks to reply back by email. No one has contacted me back since. They should improve their service.

I have not used another solution in this category.

The implementation of the McAfee ePolicy Orchestrator is simple, it took us approximately 45 minutes.

We did the implementation of the McAfee ePolicy Orchestrator in-house.

McAfee ePolicy Orchestrator is not an expensive solution.

I would recommend this solution to others.

I rate McAfee ePolicy Orchestrator an eight out of ten.

McAfee ePolicy Orchestrator improves our general endpoint security - wherever a user might be tricked into clicking on a link or downloading a file or bringing a file on an external medium or getting it from somewhere on the internet. After having detected that it could be malicious, it blocks it. That's the main reason we protect our endpoints.

McAfee ePolicy Orchestrator is our general endpoint protection platform. The agent is deployed to all of our endpoints and according to the endpoint's purpose, e.g. industrial or office-like, it is configured properly and is managed centrally. That's quite all there is to explain about that.

The feature that I have found most valuable is its general purpose of protecting our endpoints from infections, malicious files, and all those kinds of things. Also the fact that there are organized policies and policy inheritance. The general management, in fact, nothing particular.

In terms of what could be improved, I would say the impact of the agent on the endpoint's performance - the resources it takes. Additionally, the difficulties we experience with inheriting and breaking inheritance on the organization's structure breakdown for policy inheritance and then for rules inheritance. We are actually struggling with this.

As for what I would like to see in the next release, that is related to the disadvantages, the drawbacks as I would call it. Some tuning of the inheritances for policies and things, so that we can extend policies to a lower level in the organization or in the structure. Inherit and extend rather than break the inheritance and start again on a lower level, because then, when on a higher level, and something changes, it has to be replicated on a lower level, rather than being taken automatically into account which complicates the management. Additionally, some performance tuning on the endpoints to make sure the agent does not take too much resources or it could be further granularly customized. Something like it should not take more than X percent of memory or of CPU in office hours, business hours, and could take more outside of those hours. So some tweaks, improvements, and configuration options in these areas.

I have been using McAfee ePolicy Orchestrator for four or five years. It's still our current platform.

It is quite stable. We're not having any issues with that.

It is scalable. That's not an issue.

All the endpoints are protected with the platform and the servers, as well. It is something like 8,000 endpoints and 500 servers, quite a lot. In our Belgium branch of the company we're actually talking about almost everyone, we're like 5,000 employees, so that's only for Belgium. But there are more endpoints than the number of employees, of course.

There are the general workstations. Some users have more than one endpoint assigned to them, or a business or team's endpoints that are used in common within the team. That explains the larger number of endpoints compared to the number of employees we have in Belgium. There are different levels of the management who use this.

We have one guy in our team, in our Belgium site, that is almost fully dedicated to managing the antivirus product on the endpoint level, the workstation level. And then another person who is partially occupied, one third or half of his time for the server component. But as I told you, the endpoint workstations are being managed on a higher corporate level. There is also at least one person who concentrates some of his time on the management level. So, in total, for Belgium, let's say, two FTs.

I don't think we have any plans to increase because in fact, all our endpoints are covered. It grows and shrinks with the number of endpoints we have. The percentage stays the same.

That's a question I can't answer because I haven't had to deal with them, personally. In general, when we're having issues, we turn to the higher corporate level, the Europe level, to know what their approach to the problem we might experience is. I've not noticed us having to deal directly with McAfee's technical support.

The initial setup was long before I arrived. Sorry, I couldn't tell you more.

The deployment is strongly dependent on our environment's size, the number of workstations to deploy on and to deploy new versions on. But in general to get to 90% coverage when we have to deploy a new version, it takes at least a month. That's mainly due to the number of endpoints and then to manage and to control them, to make sure they're communicating correctly, that they're powered on, and that they're on the network.

McAfee ePolicy Orchestrator is a well-known product. It is a big one. It is quite easy to compare on those different criteria. It's not a new kid on the block, it's a known value, it's been there for a long time. In my point of view, it's worth comparing it to other products to see if it integrates with something you already have, because now there is a tendency to have more ecosystems of endpoint protection and server protection.

The Microsoft ecosystem, or parts of the Microsoft ecosystem, are already in place in the organization. There will be eventual integration with a corporate data center or pyramid in firewalling. Whether they are already in place or not, it is important to consider these elements and to make a decision after these considerations. Not that I would advise particularly for or against McAfee, but there are a lot of elements to take into account.

I think it serves its purpose, that's fair and square. But there are always things that could be optimized. Whether it's the performance impact on the endpoint, or the management, in general. No solution will ever fit 100% to an environment, whether it's your own or another, it will not always fit 100%. There will always be little drawbacks, little things that could be optimized. Then it's a question of how to handle it.

You have to live with some minor inconveniences. There are advantages, there are the things that are good. In general, it's a good product. I would not advise against it.

On a scale of one to ten, I would give McAfee ePolicy Orchestrator a seven because of the reasons I told you. It does the job. It's quite solid. It's stable, of course. It's not something new, something experimental, it's proven itself already. And yeah, why not higher? Because of the things I told you already.

McAfee ePolicy Orchestrator is used to manage endpoints, networks, compliance, and data security.

The most valuable features of McAfee ePolicy Orchestrator are the easy-to-use console, and lots of reports, such as customized reports and inventory reports. Additionally, overall the centralized management is very good where you can see the compliance levels and inventory.

The solution could improve the EDR component in many areas, such as the zero-day and persistent threats. The implementation is also complex for this feature.

There are different policies in the solution, such as EPO for EDR, and for Sandboxing, but when it comes to the EPO it is only for the policy orchestration and not for the analysis, incident management, or for the team who is working on the cyber security. They need to know how to use a different console, which is integrated nicely in their cloud platform called Envision but they have not done it in the EPO. 

I don't know what the McAfee strategy is, why they have not integrated the EDR analysis piece into the EPO. It is already available in the Envision, but not in the EPO. This is a difficulty. Whenever there needs to be any analysis, correlation, and in-depth EDR functionality it is not part of the EDR. There is a separate console for it. We need to depend on the inventory and the policy, and the EPO, but when it comes to analysis and in-depth alert details, then we need to dive into another console.

There are times when it is good to have one console to allow people to receive the trained analysis and historical data related to that particular incident.

I have been using McAfee ePolicy Orchestrator for approximately 10 years.

A lot of the components of McAfee ePolicy Orchestrator, such as Sandboxing, DX, and  ATP are not stable. However, the antivirus is stable.

The scalability of the McAfee ePolicy Orchestrator is good.

We have more than 75,000 users using this solution. We are using a combination of McAfee and FireEye where the antivirus part is provided by McAfee and the EDR part is covered by FireEye. Our next target is to combine both of these elements, either FireEye or McAfee.

The technical support of McAfee is great.

I have used other solutions, such as FireEye and Cisco solutions.

The deployment of the McAfee ePolicy Orchestrator is very easy on the endpoints. However, deploying the solution in a large enterprise is very difficult. In terms of all the components of McAfee, it is difficult. There are lots of false positives and manual effort required for deploying the advanced component section.

McAfee ePolicy Orchestrator requires lots of maintenance and we have had many performance issues. We have done maintenance for our databases approximately three times and it is a difficult job. The maintenance is time-consuming and it's a very difficult job to do.

When the database that we are managing is almost 70 - 80,000 systems, it is quite difficult to have an EPO, wherein everything is central, such as policy, database, asset, and inventory. There is a lot of load on the central server. For a long time, McAfee has been using central management where there are no distributed components. Everything is getting loaded on EPO and it is creating lots of maintenance work.

There is a license required to use this solution. If we use the additional components, such as DLP encryption, there is an additional cost. However, it is similar to a separate product altogether. If you want to use that or not, it is optional, but when you use it, it will cost you additional pricing.

My team worked on FireEye and Cisco solutions. When comparing McAfee ePolicy Orchestrator to both these solutions, there are pros and cons for each. Some features are positive and really good in McAfee in terms of the UI, and easy-to-use Console. However, when compared to advanced features, such as EDR, FireEye and Cisco are better compared to McAfee.

The antivirus measurement, compliance, and deploying the agents, are much easier in McAfee ePolicy Orchestrator compared to FireEye and Cisco.

My advice to those wanting to implement McAfee ePolicy Orchestrator is to keep it distributed. Whatever components you can distribute in terms of connectors need to be put in different locations. It will be taken care of properly. Otherwise, there will be lots of noncompliance issues and lots of loads on the network because it is bandwidth-intensive.

If we have a larger user database for the organization, then keep it local. To allow a minimum load on the EPO. We should do the maintenance of the EPO quarterly in terms of the database maintenance or in terms of the laws, policies. It should be reviewed periodically with the help of your support to make sure that your policies will not go wrong or your database will not create any errors. If there are errors there will be a problem to recover the data. If we don't do the maintenance, then there are quite chances of crashing the database

I rate McAfee ePolicy Orchestrator an eight out of ten.

We're pretty much using it as a traditional AV.

It has brought what it is built for. It has brought traditional AV capabilities and signature-based scanning.

The general endpoint protection is valuable, and it is easy to manage.

There should be more insights and completeness into the cyber kill chain, similar to CrowdStrike and SentinelOne. It just seems a little outdated in being 100% signature-based without all of the insights and protections that come with CrowdStrike and SentinelOne. Overall, they've got some catching up to do if they plan to compete in the comprehensive EDR space.

I have been using this solution for five years.

It is stable. There are no concerns there. It didn't consume a lot of resources and things like that. We didn't see issues from that perspective.

It is fairly easy to add new devices. It is controlled within our environment. 

All employees and all servers are using it. It is being used extensively, but we don't plan to increase its usage because we're looking to get a replacement for this solution.

Their technical support is average.

It wasn't McAfee ePO. It was the even lesser AV five years ago. It has been McAfee ever since from my AV protection standpoint.

Its initial setup was straightforward. It took a couple of days. It has been pretty easy to add new machines ever since.

It was an in-house job. In terms of maintenance, it requires minimal maintenance. We have our security services provider to take care of maintenance.

It is attractively priced. It is a fraction of what we're going to pay for CrowdStrike or SentinelOne, but it only has a fraction of the capabilities as well.

It is great if you're looking for a traditional signature-based AV product, but if you're looking for a more comprehensive EDR solution, then CrowdStrike and SentinelOne are clearly the top two within that space.

Overall, I would rate it a seven out of 10. If I'm rating it for a traditional AV product, I'd give it a nine or 10 because it totally solves that use case, but if I'm rating it against a comprehensive EDR solution, which includes traditional AV and next-gen behavioral capability, then it would be a five, but they're not necessarily apples to apples.