Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
SolarWinds Security Event Manager (SEM)
Score 8.2 out of 10
N/A
SolarWinds LEM is security information and event management (SIEM) software.
Sentinel is the best "cloud-native" in the market yet, so if the organization has a cloud presence (which almost everyone has) then Sentinel is the right choice for having a single pane of glass for all your security monitoring needs. Sentinel is a very good tool for log analysis and event management purposes as well. With KQL and ASIM parsers, organizations can retrieve invaluable insights even from the most complex data. And of course, Sentinel is a great choice for automating the incident response process to a very good extent.
Solarwinds SEM is great for generating reports for investigation purposes. Once you set up the connectors you can walk away and the product runs without needing maintenance. It was however pretty difficult to create the reports and alerts when now starting out and it can be very intimidating for new users.
It does a great job of notifying us when accounts have been locked out. We can then find out the device on the network where the login attempt occurred.
Searching for incidents is now a lot faster with the implementation of the HTML 5 interface.
It takes some time to learn how to use and install it properly, and it does not connect effectively with external PaaS systems such as Salesforce CRM, Salesforce Commerce Cloud, and so on.
Microsoft can simplify the display of the logs to make them easier to study, and the user interface occasionally delays, which can also be enhanced.
All SolarWinds product suffer from slow response times in management portals. SolarWinds SEM is no exception. While it is much preferred over a "thick client" there is much room for improvement in speed.
If you use the email alert features with SolarWinds make sure to prepare you staff and team for the large amount of emails they could receive. Make sure to reduce the number of alerts so your team does not ignore the alerts.
It is pretty likely that we will renew SEM when the time comes up. It is easy to use and maintain so there isn't much of a need to replace this product. It is also a pretty fair price for the capabilities provided by the SEM
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
If you are familiar with SolarWinds then you can use this product it's as easy as that. If you have never used a SolarWinds product then it will take a minute to get how they do reports and make dashboards but that being said the tool is great and can make things very easy once you get a feel for how it works and get everything setup how you like it.
The quality of support can vary depending on whom you end up speaking with. I was fortunate enough to work with a support representative who was very familiar with the product. He had even authored some of the support documentation on the website. On the flip side, I had two other experiences where I was simply directed to online training material.
The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. Additionally, leveraging Threat Intel from Microsoft itself gives a sense of security, given their years of experience in the collection of intel. The AI and Machine learning features provided by MS is one of the finest.
Splunk was a pretty good product but the licensing structure needed a lot of work. They changed the structure three times that I am aware and I still had problems understanding LogRhythm had a lot of issues correlating users to IP addresses, the mappings were frequently wrong so this product could not be trusted in my environment as all our access logs are IP based and this needs to be matched to usernames from AD Fortianalzyer is a great product but it can only do logs from Fortigates so that was not helping for anything other than our firewalls.
Microsoft Sentinel is a good investment, especially when sided with other solutions such as Microsoft 365 Defender, as it provides 360° protection on every level of the infrastructure.
When deployed on infrastructures that have never had an SIEM, Microsoft Sentinel helps to assess vulnerabilities and misconfigurations.
As with any other SIEM, Microsoft Sentinel basically eliminates the need to put effort into every single platform (like EDR, NDR, XDR) and converge that effort on a single product that correlates and orchestrates the rest.
For the price, it produced a decent value. It did a lot of the easy stuff well. I can't give any specific data given the objective of the product was to monitor very basic events in the environment.
