Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security) is a multimode cloud access security broker.
N/A
ScienceLogic SL1
Score 8.8 out of 10
Enterprise companies (1,001+ employees)
ScienceLogic is a system and application monitoring and performance management platform. ScienceLogic collects and aggregates data across and IT ecosystems and contextualizes it for actionable insights with the SL1 product offering.
N/A
SolarWinds Security Event Manager (SEM)
Score 7.8 out of 10
N/A
SolarWinds LEM is security information and event management (SIEM) software.
N/A
Pricing
Microsoft Defender for Cloud Apps
ScienceLogic SL1
SolarWinds Security Event Manager (SEM)
Editions & Modules
No answers on this topic
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Microsoft Defender for Cloud Apps
ScienceLogic SL1
SolarWinds Security Event Manager (SEM)
Free Trial
No
No
Yes
Free/Freemium Version
No
No
No
Premium Consulting/Integration Services
No
Yes
No
Entry-level Setup Fee
No setup fee
Required
No setup fee
Additional Details
—
ScienceLogic SL1 offers four tiers:
SL1 Advanced – Application Health, Automated Troubleshooting and Remediation Workflows
SL1 Base – Infrastructure Monitoring, Topology & Event Correlation
SL1 Premium – AI/ML-driven Analytics, Low-Code Automated Workflow Authoring
SL1 Standard – Infrastructure Monitoring – with Agents, Business Services, Incident Automation, CMDB Synchronization, Behavioral Correlation
To get pricing for each tier, please contact the vendor.
Microsoft Defender for Cloud Apps is well suited when working with other Microsoft Applications. For example, if you are working with Microsoft Office 365 it works very well when implementing CASB features. It works when implementing monitoring or blocks on Sanctioned applications however customizing the message to users is not that great.
For Windows, the issue is in higher resource consumption related to WinRM monitoring, which provides better options then the SNMP monitoring, which on the other hand is less resource intensive. The problem is also with support for OS with other than English language.
Optimal for SolarWinds Security Event Manager needs for smaller companies - it is a very cool product but has some limitations around EPS (which gets chewed up quickly if you're doing it the right way & adding servers/storage/FW & other network devices)... Also pricing model is GREAT (not consumption-based, which is the greatest grift the SIEM industry has created).
The integration to Microsoft Entra ID is seamless, which allows Conditional Access to redirect the session to Microsoft Defender for Cloud App for it to take actions (Block or Monitor).
Tracker users' activity is very good when troubleshooting or running an investigate.
Detecting risky users through tight integration with Microsoft Entra ID is a very good feature.
Detecting mass downloads and blocking the download of files from non-manage company devices is a very good feature as well.
It does a great job of notifying us when accounts have been locked out. We can then find out the device on the network where the login attempt occurred.
Searching for incidents is now a lot faster with the implementation of the HTML 5 interface.
It takes some time to scan and apply the policies when there is some sensitive information.
After it applies the policies, it works, but there is a delay.
It doesn't provide any way to scan Microsoft Teams when an external exchange of images is happening. You can always do the filtering on the documents during the chat, but if there is an image, then some kind of OCR capability is required to detect it. At present, there is no way [Microsoft Cloud App Security] can go and detect those kinds of images and alert us
Dashboards are quite old and are of Iron age. Need to have AP2 dashboards only instead of AP1 and consistent new design across all functionalities.
Reporting is not improved since Y2020 and need to revamp completely. Need to integrate Dashboards and Reporting. PowerBI Like functionality to be given OOTB. Reports should be extracted in Excel, PDF, HTML and should be heavily automated.
Create and Open APIs for basic and advanced monitoring data extraction.
Topology based Event Correlation and Suppression should be improved drastically. Need to identify critical network interfaces based on Topology and monitor them. Basic customization of Dynamic App and/or Powerpack to exclude/include certain metrics/events to be permitted OOTB instead of customizations.
Integration with ServiceNow to be improved and to be taken to next level. Automation Powerpack should be made available OOTB as part of base product and to be priced attractively.
Take product to next level where we can monitor actual impacted IT or Business Service instead of metrics and events BSM and Topology map to be auto discovered and identify the network dependencies and alternate paths automatically instead of manual creation of BSM.
All SolarWinds product suffer from slow response times in management portals. SolarWinds SEM is no exception. While it is much preferred over a "thick client" there is much room for improvement in speed.
If you use the email alert features with SolarWinds make sure to prepare you staff and team for the large amount of emails they could receive. Make sure to reduce the number of alerts so your team does not ignore the alerts.
It is simply because of all the best possible autonomy solutions it is providing and getting better day by day. Using AI and Devops along with handy automation, The monitoring and Management of devices becomes much easier and the way it is growing in all the aspects is one the best reasons too. Evolution of the SL1 platform in the autonomy monitoring and management is quite appreciable.
It is pretty likely that we will renew SEM when the time comes up. It is easy to use and maintain so there isn't much of a need to replace this product. It is also a pretty fair price for the capabilities provided by the SEM
The interface is pretty simple and easy to use; however, you will need to do a lot of investigative research on your own to get comfortable with it. Originally, many of the Microsoft security tools had their own seperate consoles. Overtime, they have blended into one interface which is the ideal state. In some cases it is clear Microsoft had to pick which console a certain feature or setting was going to reside in and this leads to some confusion. For example, DLP is managed through Defender for Cloud Apps but you will also need to jump into Purview. For things like reverse proxy on your M365 tenant, you will need to go into Azure and setup conditional access rules. Not a big problem and I can understand why the settings are located where they are but for someone just starting out with Defender for Cloud Apps, it will take some time to figure out.
The core functions are there. The complexity is due to the complexity of the space. The score is based on comfort (I no longer notice the legacy UI) and the promise that I see in the 8.12 Unified UI (a vast improvement). It is also based on the fact that with 8.12, you can now do everything in the new UI but you still have the legacy UI as a fallback (which should now be unnecessary for new installations)
If you are familiar with SolarWinds then you can use this product it's as easy as that. If you have never used a SolarWinds product then it will take a minute to get how they do reports and make dashboards but that being said the tool is great and can make things very easy once you get a feel for how it works and get everything setup how you like it.
SL is always there and online when you need to get info from it. The only times when SL was not available in our own data center, was when network links from out side of the data center was down and those links were not in our controll. Having a central database and people accessing it all over the world, may put a bit of constarin on the performance of the dashboards when reports gets generated, but that is far and few n between.
SceinceLogic SL1 architecture helps the platform to give a top-notch performance in every respect, Data collection to reporting happens very smoothly. With the new user interface pages load much faster. Individual appliances carrying the individual task ensure things are working without lag. Integration with ticketing tool(SNOW) is well managed by the ScienceLogic, no issue or much delay has been observed while interacting with an external tool.
I have not utilized actual support but the Sales and Product teams have been super helpful in moving our implementation forward and showing us the best practices.
So far, it's good as part of my overall experience, except for a couple of use cases. The support team is well knowledgeable, has technical sound, and is efficient. When support escalates to engineering, the issue gets stuck and takes months to resolve.
The quality of support can vary depending on whom you end up speaking with. I was fortunate enough to work with a support representative who was very familiar with the product. He had even authored some of the support documentation on the website. On the flip side, I had two other experiences where I was simply directed to online training material.
It was good, Do the online training first and understand it and you will get the most out of the in-person training that way. This also takes you to an advanced level which is very good and the training as been overhauled once again along with new product coming in such as Zebruim / Skylar, worth going through again if it a while back that you first did this.
There are a lot of educational materials and courses on the SL1 training site (Litmos university). However the recording quality is sometimes not very good - screen resolution is low. There is a lack of professional rather than user-oriented documents and there are mistakes in documentation and education is not well structured.
Implementation is smooth if we are to just support the out-of-the-box features available in ScienceLogic. For any custom requirement, having to go to SL1 Professional Services is the worst part of procuring this suite. And more often than not, SL1 Professional Services also ask to raise feature request. So, you subscribe to Professional Services to only hear back from them that "This feature is not supported and needs to have a separate feature request". At times frustrating.
More flexible and more features with easy integration with cloud services like Microsoft Azure and other cloud services. Overall both gives similar features but we prefer Microsoft cloud app security due to its high threat detection rate. mostly we have been able to stop the threat in very very less time.
Science logic SL1 is so user friendly and it's really easy to navigate between function. I would recommend Sciene logic SL1 to all of them who are looking for really useful monitoring tool and expecting easy way of managing it.
Fortianalzyer can only do logs from FortiGate so usefulness is limited. Elasticsearch was a lot slower than Solarwinds and the filters were a lot harder to set up and use. The connectors for SEM were far more stable.
Our deployment model is vastly different from product expectations. Our global / internal monitoring foot print is 8 production stacks in dual data centers with 50% collection capacity allocated to each data center with minimal numbers of collection groups. General Collection is our default collection group. Special Collection is for monitoring our ASA and other hardware that cannot be polled by a large number of IP addresses, so this collection group is usually 2 collectors). Because most of our stacks are in different physical data centers, we cannot use the provided HA solution. We have to use the DR solution (DRBD + CNAMEs). We routinely test power in our data centers (yearly). Because we have to use DR, we have a hand-touch to flip nodes and change the DNS CNAME half of the times when there is an outage (by design). When the outage is planned, we do this ahead of the outage so that we don't care that the Secondary has dropped away from the Primary. Hopefully, we'll be able to find a way to meet our constraints and improve our resiliency and reduce our hand-touch in future releases. For now, this works for us and our complexity. (I hear that the HA option is sweet. I just can't consume that.)
Cloud App Security saves us thousands of dollars finding and rectifying apps security issues
Identity Security Posture helps the organization identity stay in shape, saving thousands of dollars on security consultations
The cost of suffering a breach cannot be quantified, CAS helps minimize the chances of the attackers succeeding, with excellent historical logging for most operations
Once a powerpack is developed and configured for a device for one customer, it is easy to deploy the same powerpack on a second customer estate and configure specifically for that customer without having to reinvent the powerpack. This saves time and therefore money.
Once the customer estate tuning is complete, the Operations team have come trust the alerts. This is especially true when transient or self-correcting alerts are automatically cleared without ops team involvement, but a record is still available for audit and debugging purposes. This saves time and therefore money.
When setup correctly, it provides good visibility into applications, devices and whole customer estates. This saves time and therefore money when issues arise.
For the price, it produced a decent value. It did a lot of the easy stuff well. I can't give any specific data given the objective of the product was to monitor very basic events in the environment.
