Google App Engine is Google Cloud's platform-as-a-service offering. It features pay-per-use pricing and support for a broad array of programming languages.
$0.05
Per Hour Per Instance
Microsoft Sentinel
Score 8.7 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
App Engine is such a good resource for our team both internally and externally. You have complete control over your app, how it runs, when it runs, and more while Google handles the back-end, scaling, orchestration, and so on. If you are serving a tool, system, or web page, it's perfect. If you are serving something back-end, like an automation or ETL workflow, you should be a little considerate or careful with how you are structuring that job. For instance, the Standard environment in Google App Engine will present you with a resource limit for your server calls. If your operations are known to take longer than, say, 10 minutes or so, you may be better off moving to the Flexible environment (which may be a little more expensive but certainly a little more powerful and a little less limited) or even moving that workflow to something like Google Compute Engine or another managed service.
Specifically for Microsoft Sentinel, it's going to have what's next to no value if you're not on Azure. You have to be in as your customer. If you want greater insight into what is going on in your cloud environment, turn Microsoft Sentinel on, but focus on where you enable it. You're not going to turn it on to see everything because it's not like focus on the areas where you are at risk or you believe you're at risk or something that you're, depending on your environment, do you have multiple subscriptions? Do you have a Microsoft Sentinel subscription that you just turned on, but it's not getting the visibility, and then you can alert on stuff that goes out of trend, etc.?
Strong integration with the Microsoft security ecosystem allows seamless connection to services such as Microsoft Defender, Microsoft 365, and Azure. This makes it easy to bring together identity, endpoint, and cloud signals to support investigation and detection scenarios.
Effective correlation of alerts and incidents in collaboration with Microsoft Defender XDR helps combine related signals into higher‑fidelity incidents. This reduces noise and improves visibility into attack context, making investigations more efficient.
High scalability for data ingestion and processing enables large volumes of security telemetry to be handled efficiently.
There is a slight learning curve to getting used to code on Google App Engine.
Google Cloud Datastore is Google's NoSQL database in the cloud that your applications can use. NoSQL databases, by design, cannot give handle complex queries on the data. This means that sometimes you need to think carefully about your data structures - so that you can get the results you need in your code.
Setting up billing is a little annoying. It does not seem to save billing information to your account so you can re-use the same information across different Cloud projects. Each project requires you to re-enter all your billing information (if required)
I think it's primarily going to be cost, since Microsoft Sentinel uses Microsoft Log Analytics as its base, right? So storing the logs and log retention is very expensive. That might result in users not adopting it as quickly. Second, I think Copilot for security can just do summarization and not many remediation tasks. In the future, we would like to see Copilot create many playbooks, including all box playbooks, to remediate many security issues.
App Engine is a solid choice for deployments to Google Cloud Platform that do not want to move entirely to a Kubernetes-based container architecture using a different Google product. For rapid prototyping of new applications and fairly straightforward web application deployments, we'll continue to leverage the capabilities that App Engine affords us.
I had to revisit the UI after a year of just setting up and forgetting. The UI got some improvements but the amount of navigation we have to go through to setup a new app has increased but also got easier to setup. Gemini now is integrated and make getting answers faster
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Good amount of documentation available for Google App Engine and in general there is large developer community around Google App Engine and other products it interacts with. Lastly, Google support is great in general. No issues so far with them.
We were on another much smaller cloud provider and decided to make the switch for several reasons - stability, breadth of services, and security. In reviewing options, GCP provided the best mixtures of meeting our needs while also balancing the overall cost of the service as compared to the other major players in Azure and AWS.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
Effective integration to other java based frameworks.
Time to market is very quick. Build, test, deploy and use.
The GAE Whitelist for java is an important resource to know what works and what does not. So use it. It would also be nice for Google to expand on items that are allowed on GAE platform.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
