Egnyte provides a unified content security and governance solution for collaboration, data security, compliance, and threat detection for multicloud businesses. More than 16,000 organizations trust Egnyte to reduce risks and IT complexity, prevent ransomware and IP theft, and boost employee productivity on any app, any cloud, anywhere.
$25
per month
Microsoft Sentinel
Score 8.7 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Splunk Enterprise Security
Score 8.6 out of 10
N/A
Splunk Enterprise Security is an analytics-driven SIEM that helps to combat threats with actionable intelligence and advanced analytics at scale.
Microsoft Sentinel feels on another different level from these solutions , all in the cloud . No need for troubleshooting , deployment or upgrades. Constant updates from the vendor and good support
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and …
Prior to using Sentinel, we were using Splunk specifically Splunk Enterprise Security and Splunk Cloud, so their on-prem and their cloud-based products. We switched originally for cost reasons, specifically cost control, but I have found that the ability to create reports, the …
As the vast majority of our users have Windows machine and uses all 365 cloud features, we finally decided not to implement any 3rd party security solutions on desktops/laptops in order to keep our infrastructure simple. In this case, Microsoft Sentinel is the best way to …
I did not choose this product. Overall although I like ES, I think Sentinel in certain ways is the superior product. The Kusto Query language is a lot easier to use. For instance anything that requires manual parsing in query can be more difficult with this product. Also some …
We piloted Sentinel for one of our regional logistics hubs but it struggled to handle our volume on-prem iot and telematics data cleanly. Splunk on the other hand gave us more control than its competitors
Using Splunk Enterprise Security allows the combination of security data sources from any number of services or products, giving analysts a single view of the entire security footprint throughout the organization and correlating events across services that may otherwise be …
Egynte is best suited for companies that SharePoint is not the best fit for. This includes managers unfamiliar with SharePoint specifically, and those really looking for a replacement for a file server in the more traditional Windows sense. SharePoint has more or less done away with any management that resembles Active Directory or File Explorer. Egnyte's web portal is incredibly straightforward. I would say Egnyte is less suited for companies that have licensing access to SharePoint already and do not have a ton of files or granular sharing and security needs
I recommend Microsoft Sentinel for effective threat detection and response. It is a great SIEM and SOAR solution for businesses, and we have used it effectively, which is why I recommend it. Since it works across on-premises and multi-cloud environments, it is ideal for businesses of all sizes. Being AI-equipped and its ability to handle threat analytics make it irresistible.
Well suited: Splunk ES is highly recommended in an environment with many data sources and experienced computer engineers. It has a steep learning curve, but once that hurdle is crossed, it is absolutely a beast. It is also very expensive, so a company putting a high amount of budget in Security is needed. Not well suited: Splunk ES is not recommended if a company has only a few sources and some non-technical IT users. The price won't justify the fewer data sources and scratching just the surface level. Moreover, non-technical IT users would be better off with something that has a query builder, unlike Splunk.
Sharing files externally with passwords, link expiration and granular control of permissions
File syncing across end-user devices using a client installed onto the computer for seamless integration for end-users as if they had mapped a drive directly to their machine
I appreciate that it keeps the data within our, what we call our, authorization boundary. The fact that the data remains within Microsoft's, I guess, walled garden if you will, is very helpful for certain compliance needs in particular.
The large library of ingestion: ability to ingest is basically as easy as I can basically get it to be most of the time. There's occasionally some vendors that it's a little bit more challenging for, but given the ease of integration for a lot of things, basically it's become one of my requirements when I am looking at other tools is how easily do they integrate with Sentinel.
Advanced Threat Detection and Correlation: ES stands out in its ability to detect sophisticated threats by correlating data from multiple sources. For instance, it can identify unusual patterns in user behavior, cross-referencing with network logs to flag potential insider threats.
Real-time Monitoring and Alerting: ES offers robust real-time monitoring capabilities. It excels in promptly alerting us to critical security events, such as suspicious network traffic spikes or unauthorized access attempts, allowing for immediate response.
Comprehensive Log Analysis: ES ingests and analyzes an extensive range of log data. It's particularly adept at parsing and making sense of complex log formats, making it a versatile tool for understanding system activities and security events.
The main drawback of the system that it is lacking in managing the uploading of large or huge files, even though the large files can be easily downloadable but the upload takes a lot of time.
While uploading the system sometimes starts lagging and the file after sometimes needs to upload again.
Egnyte is lacking in syncing multiple platforms at the same time. It gives access to one platform at a time which somehow hinders the work while migrating a large amount of data.
I think it should include more third party integration with non microsoft products as well as with other cloud providers. These integrations should be native.
It should improve ML and AI capabilities.
I find its documentation a little bit difficult to understand at the start. So the words should be simple.
ES on the cloud (SaaS) has too many limitations with platform administration.
Supported integrations are not always on par with enterprise support especially when dependent on 3rd-party proprietary APIs.
In later versions, unforeseen glitches seem to show up that have no resolution except version upgrade. This used to not be the case in prior versions which were very stable.
We found that usage of Egnyte in our supported clients, with sufficient bandwidth, provided all the features and stability we required. The billing setup was fair and the support provided was ample for end users and well as our in house admins. There was a concern about high usage clients but this was taken into account during the vetting process.
Really easy to use the interface. The web browser is very intuitive and I have not had any notable issues with this. It's easy to work on documents as a team, and the only issues we have to tend to come with Apple apps and downloading large files to WebEdit. It's very similar to the filing systems that come on Apple and Windows devices so not a steep learning curve.
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Maintaining hundreds or even 1000+ SOC use cases is really difficult, considering that the Data sources may not always send the data. A module that detects data freshness issues and detect data format changes would be a great help. the main challenge today using Splunk Enterprise Security is making sure that the detection rules are still working properly given all the changes that occur in data source applications. Also, maintaining the data collects on tens of thousands of servers and more than 100k workstations is a real company IT challenge: the splunkbase forwarder may not support old OS anymore, while these are the most important to monitor. Moving to the Open Telemetry collector has become essential so that only 1 agent is required for both SIEM and application observability.
Egnyte works very well across all platforms and as an add-on to other programs. Load time is close to nothing. Reports can be made in no time as well. All in all no performance issues. We can see that it depends on the local network connection. If you're running with fiber there won't be any issues.
It takes a long time for items to load if you are just generally searching through logs. It is best to use the data models which load faster but can be strange in terms of what is coming from which logs where. Yes, you can look it up, but this also requires familiarity with where things are and how to look them up.
I never had to reach out to customer support for Egnyte. I don't know any coworkers who have had to reach out to Egnyte for support either. As far as I am concerned, the support team is doing a good job since I have not had to reach out to them.
It's good when it's responsive, but I've had times where I had to wait quite a while for a response. But these are typically the exceptions rather than the rule. When you do get a response it is always well-informed and appropriate. I would say they've been trending better over time with this.
I experienced only on-line training, but the trainers were very professional and competent. Maybe it could be more useful if they also have an experience in projects because sometimes they didn't have a real project experience to communicate to the students. Anyway, it was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself, aven if I have more than 10 years of Splunk activity experience.
It was very interesting and I learned many thing that's very difficoult (or maybe impossible!) to have by myself. The only problem was that, when I worked with the Splunk Professional Services, I found some difference between the training contents and the information from PS. In addition is required a long experience on Splunk Enterprise for the data ingestion part, in other words I'm able to work with ES because I'm worling on Splunk since 11 years, otherwise I'd some problem.
At the time when this was implemented (over 5 years ago and still in production), there were issues with syncing and reliability that Egnyte did not have, and have continued to impress with. Other providers have improved a lot and Egnyte is fairly costly, but switching costs would be high to move away from it to similar solutions.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
Splunk enterprise is the only solution that we’ve been able to identify that provides risk based alerting, which allows our SOC to reduce analyst fatigue which would be a huge problem without it. Before RBA, there were thousands of alerts a day and it was impossible to review all of them
for my exterience, unit pricing and billing frequency are correct. As I already said, I hint to have more discount flexibility, expecially with new customers, because there are competitors less expensive and very aggressive that are dangerous. In addition the possibility to don't pay the license for the development period could be a very interesting feature for the final customers.
- 8 out of 10 and took 2 for the data pipeline and administration part. Even if you'd like to improve yourself or your team, you have to pay a lot of money and it could be more than GIAC education + cert. - Normalization for Data models and CPU-based searches can be a problem sometimes.
I had a fantastic experience with Splunk Professional Services: they worked with us in our last SON project (a SOC migration for a very large customer) and helped to build a multi tenent environment even if ES isn't a multi tenant platform. Th Splunk PS was a very professional and competent people, he is italian and was able to speak with our italian customers.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
ES has highly impacted ROI because as the customer of the ES the work we do for creating use cases for clients in terms of security-related aspects by their logs has given more return than investment.
The correlation searches we run to get detailed results from the Data models are very less time-consuming than Splunk Enterprise itself we can get quick responses to the use cases and dashboards populated because of ES.
The CIM compliance feature is ES has made more jobs easy in the terms of finding more Authentication related data we can get data onboarded in the Email data model from O365 and search is email data model instead of searching for particular indexes.
