Logz.io in Boston offers their enterprise-grade log analytics application, oriented towards providing data security and eliminating the need for capacity management.
$0.84
per ingested GB 3 day of log retention
Microsoft Sentinel
Score 8.7 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Pricing
Logz.io
Microsoft Sentinel
Editions & Modules
Log Management - Community
$0
1 day of log retention.
Log Management - Pro
$.92
per ingested GB. 7 days retention.
Distributed Tracing - Pro
$5
Per million spans.
Infrastructure Monitoring - Pro
$12
per month per 1000 time-series metrics.
Log Management - Enterprise
Custom
Cloud SIEM - Enterprise
from $1.49
per ingested GB. Price includes Logz.io Log Management
Logz.io is an effective solution if your alerting needs are fairly straightforward and you don't need long-term retention of logs with easy access. If being able to maintain easy access to logs longer than this is necessary, another solution might be better. If you need a high degree of precision with alerting triggers and the ability to suppress alerts, you will need to combine Logz.io with an integration to get this or you might consider a different solution.
Specifically for Microsoft Sentinel, it's going to have what's next to no value if you're not on Azure. You have to be in as your customer. If you want greater insight into what is going on in your cloud environment, turn Microsoft Sentinel on, but focus on where you enable it. You're not going to turn it on to see everything because it's not like focus on the areas where you are at risk or you believe you're at risk or something that you're, depending on your environment, do you have multiple subscriptions? Do you have a Microsoft Sentinel subscription that you just turned on, but it's not getting the visibility, and then you can alert on stuff that goes out of trend, etc.?
Strong integration with the Microsoft security ecosystem allows seamless connection to services such as Microsoft Defender, Microsoft 365, and Azure. This makes it easy to bring together identity, endpoint, and cloud signals to support investigation and detection scenarios.
Effective correlation of alerts and incidents in collaboration with Microsoft Defender XDR helps combine related signals into higher‑fidelity incidents. This reduces noise and improves visibility into attack context, making investigations more efficient.
High scalability for data ingestion and processing enables large volumes of security telemetry to be handled efficiently.
I think it's primarily going to be cost, since Microsoft Sentinel uses Microsoft Log Analytics as its base, right? So storing the logs and log retention is very expensive. That might result in users not adopting it as quickly. Second, I think Copilot for security can just do summarization and not many remediation tasks. In the future, we would like to see Copilot create many playbooks, including all box playbooks, to remediate many security issues.
I initially struggled trying to ensure the correct data was returned in the Kibana search, but I found it overall easy to use. Some of the UI is not as seamless as I'd expect, like changing the environment completely resets your search criteria and filters, which is annoying since it's a common use case to search something in multiple environments
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Their support team is the best in the world! They supported us in most of the critical times and helped to resolve the issue in real time. Also their email support is well maintained and never a mail is missed unanswered. Kudos to the support team of logz.io for maintaining professionalism.
Logz.io is more affordable, less work to maintain, and has more features. It was an easy choice. After my last team had to manage their own ELK stack, this was a no brainer. It helps us be focused on our core competencies.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
