Microsoft Defender for Cloud Apps is well suited when working with other Microsoft Applications. For example, if you are working with Microsoft Office 365 it works very well when implementing CASB features. It works when implementing monitoring or blocks on Sanctioned applications however customizing the message to users is not that great.
Optimal for SolarWinds Security Event Manager needs for smaller companies - it is a very cool product but has some limitations around EPS (which gets chewed up quickly if you're doing it the right way & adding servers/storage/FW & other network devices)... Also pricing model is GREAT (not consumption-based, which is the greatest grift the SIEM industry has created).
The integration to Microsoft Entra ID is seamless, which allows Conditional Access to redirect the session to Microsoft Defender for Cloud App for it to take actions (Block or Monitor).
Tracker users' activity is very good when troubleshooting or running an investigate.
Detecting risky users through tight integration with Microsoft Entra ID is a very good feature.
Detecting mass downloads and blocking the download of files from non-manage company devices is a very good feature as well.
It does a great job of notifying us when accounts have been locked out. We can then find out the device on the network where the login attempt occurred.
Searching for incidents is now a lot faster with the implementation of the HTML 5 interface.
It takes some time to scan and apply the policies when there is some sensitive information.
After it applies the policies, it works, but there is a delay.
It doesn't provide any way to scan Microsoft Teams when an external exchange of images is happening. You can always do the filtering on the documents during the chat, but if there is an image, then some kind of OCR capability is required to detect it. At present, there is no way [Microsoft Cloud App Security] can go and detect those kinds of images and alert us
All SolarWinds product suffer from slow response times in management portals. SolarWinds SEM is no exception. While it is much preferred over a "thick client" there is much room for improvement in speed.
If you use the email alert features with SolarWinds make sure to prepare you staff and team for the large amount of emails they could receive. Make sure to reduce the number of alerts so your team does not ignore the alerts.
It is pretty likely that we will renew SEM when the time comes up. It is easy to use and maintain so there isn't much of a need to replace this product. It is also a pretty fair price for the capabilities provided by the SEM
The interface is pretty simple and easy to use; however, you will need to do a lot of investigative research on your own to get comfortable with it. Originally, many of the Microsoft security tools had their own seperate consoles. Overtime, they have blended into one interface which is the ideal state. In some cases it is clear Microsoft had to pick which console a certain feature or setting was going to reside in and this leads to some confusion. For example, DLP is managed through Defender for Cloud Apps but you will also need to jump into Purview. For things like reverse proxy on your M365 tenant, you will need to go into Azure and setup conditional access rules. Not a big problem and I can understand why the settings are located where they are but for someone just starting out with Defender for Cloud Apps, it will take some time to figure out.
If you are familiar with SolarWinds then you can use this product it's as easy as that. If you have never used a SolarWinds product then it will take a minute to get how they do reports and make dashboards but that being said the tool is great and can make things very easy once you get a feel for how it works and get everything setup how you like it.
I have not utilized actual support but the Sales and Product teams have been super helpful in moving our implementation forward and showing us the best practices.
The quality of support can vary depending on whom you end up speaking with. I was fortunate enough to work with a support representative who was very familiar with the product. He had even authored some of the support documentation on the website. On the flip side, I had two other experiences where I was simply directed to online training material.
More flexible and more features with easy integration with cloud services like Microsoft Azure and other cloud services. Overall both gives similar features but we prefer Microsoft cloud app security due to its high threat detection rate. mostly we have been able to stop the threat in very very less time.
Fortianalzyer can only do logs from FortiGate so usefulness is limited. Elasticsearch was a lot slower than Solarwinds and the filters were a lot harder to set up and use. The connectors for SEM were far more stable.
Cloud App Security saves us thousands of dollars finding and rectifying apps security issues
Identity Security Posture helps the organization identity stay in shape, saving thousands of dollars on security consultations
The cost of suffering a breach cannot be quantified, CAS helps minimize the chances of the attackers succeeding, with excellent historical logging for most operations
For the price, it produced a decent value. It did a lot of the easy stuff well. I can't give any specific data given the objective of the product was to monitor very basic events in the environment.
