D3 Security in Vancouver provides a platform for security orchestration, automation, incident response, as well as investigation and case management. Core components of the D3 platform include integrations with SIEM and threat intelligence platforms, a NIST-compliant playbook library, a case management module for guided investigations, and analytics toolsets.
N/A
Microsoft Sentinel
Score 8.5 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
D3 is clearly tailoring their approach to large organizations with a significant geographical footprint who are largely in need of a tool that provides robust analytics and activity graphing to analyze productivity and supervisory efficiency at the executive level. However, small to medium-sized organizations and those with narrow geographical footprints may find the investment vastly more expensive than the return. The implementation of minimum purchasing guidelines means that smaller departments will be forced into purchasing tools they have little to no use for, and medium-size departments will be paying a high price for features they do find helpful but could get elsewhere for a substantially lower price. Additionally, small to medium-sized users may find that D3's focus on large organizational level tools is less helpful than some smaller competitor's software which provides a number of capabilities with more operational relevance for environments like office buildings, college campuses, university police departments, and housing associations. Overall, I would recommend D3 to large organizations who have need of the advanced tools included in their more expensive modules. The lack of some smaller levels of customization, 1st line operational features, and the high-end user interface is less important at that level of implementation.
Microsoft Sentinel excels in centralized monitoring, AI-driven threat detection, and automation, but improvements in cost transparency, user experience, third-party integrations, and support for emerging technologies could make it even more effective. Addressing these areas would enhance its appeal for small-to-medium businesses, large enterprises, and organizations with complex or specialized IT environments.
I appreciate that it keeps the data within our, what we call our, authorization boundary. The fact that the data remains within Microsoft's, I guess, walled garden if you will, is very helpful for certain compliance needs in particular.
The large library of ingestion: ability to ingest is basically as easy as I can basically get it to be most of the time. There's occasionally some vendors that it's a little bit more challenging for, but given the ease of integration for a lot of things, basically it's become one of my requirements when I am looking at other tools is how easily do they integrate with Sentinel.
I think it should include more third party integration with non microsoft products as well as with other cloud providers. These integrations should be native.
It should improve ML and AI capabilities.
I find its documentation a little bit difficult to understand at the start. So the words should be simple.
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
We decided to go with Microsoft Sentinel because it works really well with Microsoft tools we are already using. Microsoft Sentinel's intelligent features detect and resolve problems more quickly than Sumo Logic. It also allows us to pay for what we use and grow as we need. While Sumo Logic is good at analyzing data, Microsoft Sentinel fits our needs.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
