Instana, an IBM company since the December 2020 acquisition, provides APM services for SOA, microservices, containerized applications and Kubernetes, and cloud native applications, as well as discovery and monitoring for IT assets.
$75
per month per Managed Virtual Server (MVS)
Microsoft Sentinel
Score 8.6 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
With enterprise IT assets in a multitude of ecosystems, cloud infrastructures and sometimes still left stuck in a legacy on prem architecture, IBM Instana makes it easy to get the right data to drive development and / or DevSecOps processes with tangible input from the target environment itself.
It's certainly well-suited in environments that rely heavily on Microsoft products, and it's well-suited for environments where you have other business drivers to go to the E5 license. If I were to say where I would not and why, I only gave it a seven on the recommendation, that answer would probably vary if you already owned E5 or not. It's extremely expensive. And if there are other alternatives, if you don't have any other driving reason to go to E5, I would coach you not to go to Microsoft Sentinel. But if you're there, it's a fantastic property. It's certainly part of the cost argument for moving to E5, but it's only a part. It can't by itself justify the move to E5.
Can monitor application(s) and system(s) with very large throughput of transactions by the second ( it gets everything !!!)
Provide strong drill down for your applications and will tell you where the points of failure of an application's is ( servers , network , Databases , etc you name it )
Very easy to set up and have it up and running when using the SaaS solution. There's an on premise solution which works just as well but requires more effort and preparation from an infrastructure point of view for your teams to implement.
Continuously improve their features and their agents auto-update and keep up. All while not interfering with your applications.
Let's you create your own dashboards and visualizations that can be tailored for different kind of users with the data collected.
Create your own events and smart alerts so you can know on the spot if something is happening or is likely to happen that needs addressing on your applications / systems
It's the scale. Having built-in detections and vulnerabilities and the ability to see into the traffic flows is absolutely key. Look at it from my perspective as network security. We want to see what's going on east, west, between all the kinds of subscriptions and the tenants. We don't have that. We don't have that with any other product. Microsoft Sentinel gives us that kind of visibility.
It's very difficult to create custom dashboards, only a handful of scenarios can be visualized to dashboards.
Extracting information from Instana to further analysis into excel for example is something that can be improved. Using an API to get data is very limiting.
Open telemetry features which allow to send application data to Instana is not working as documented.
An area for improvement is how case management is surfaced within the Microsoft Sentinel experience, as clearer integration into Sentinel workflows would reduce context switching and improve incident handling.
There is an opportunity to further expand agentic, autonomous investigation and response capabilities.
Instana has been able to fulfill our all requirement and provide out of box solution for multiple component like AWS RDS Monitoring and real time alerting setup on basis of that. it is also easy to integrate with other open-source alerting and monitoring tools which makes it easier to incorporate into our solutions
IBM Instana totally alters our monitoring approach since it increases the stability of the system and simplifies the process of problem solving. And since it helps to lower the degree of alert exhaustion that we experience, it is a total game changer for us.
Because, as I said, it still lacks a lot of things, like many playbooks outside the Copilot integrations and the actual remediation. For example, for Microsoft Sentinel and SAP, I would want to see Copilot doing a lot of remediations in Microsoft Sentinel at SAPN, like executing the transaction code, maybe creating certain increases, or remediating stuff like that, which is all customized.
Microsoft support is one of the highest rated on the market. It has global and multilingual support. Calls can be made over the phone and the solution is virtually instantaneous with the help of Microsoft engineers. It's great!
Unlike the above-mentioned platforms, IBM Instana's real-time observability and multiple Cloud Application performance monitoring options are a productive, very impressive solution for tracing and detecting performance issues. Its root cause analytics production is a wonderful Cloud system with responsive, easy-to-use functions during initial configuration.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
