Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
Both of the above tools are effective and vigilant in their own aspects but lack a interactive UI, cloud based experience, native integration with tools like EDR, IDPs, email gateways, productivity tools and rely a lot on agent deployments that causes the endpoints and servers …
I use most of the Sims that are out there, but RSAs, old Sim Log, logic, elastic, a lot of them. Sumo, we checked out Sumo too. We're a Microsoft shop and live almost entirely on top of a Microsoft ecosystem. We are considering other Microsoft security products to integrate …
As mentioned, the product was part of the purchase of several Microsoft Suites that we did earlier last year and with 200 licenses included, we can exclude those from the other SIEM and SOAR product, it just work well with the Microsoft's environment that we partially have Is …
Sentinel has a huge advantage of being the first cloud native SIEM which prevents a lot of deployment and technical overhead in comparison to the traditional SIEMs which requires a heavy software installation and even agent deployment in some scenarios. Not only this, Sentinel …
The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. …
ArcSight is an on-prem solution that has a different approach than Sentinel.
In a basis this product is more complex to maintain and deploy. The query functionality in Sentinel is more powerful and easier to maintain. ArcSight has a much slower performance and an interface that …
We don't need to maintain a third-party SaaS solution or spend any time integrating it since Microsoft Sentinel is the ideal option to give a single point of attack detection and alert monitoring.
Microsoft Sentinel really goes the extra mile when it comes to an SIEM that slowly improves toward a proper SOAR, this may be the best selling point of the entire solution. Highly scalable, cloud-based, and nearly perfect when dealing with Microsoft-based infrastructures, …
Most of those have been out in the industry for a longer time, so they have a lot more user friendliness to them. So I'd say it's in the mix. It's just not as high as it should be or I would expect it to be.
Previous to Azure Sentinel, we were using the McAfee SIM and it just wasn't keeping up with the times and that was the choice of moving to Azure Sentinel.
Elasticsearch, we did a demo about it. Also the CrowdStrike platform, we got a demo on it. How did they compare? I think Elasticsearch, for us, it's more hard to configure. Microsoft Sentinel is pretty straight to the point. We turn on stuff, it's plug-and-play. CrowdStrike, …
As the vast majority of our users have Windows machine and uses all 365 cloud features, we finally decided not to implement any 3rd party security solutions on desktops/laptops in order to keep our infrastructure simple. In this case, Microsoft Sentinel is the best way to …