Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Onapsis
Score 9.8 out of 10
N/A
Onapsis, headquartered in Boston, offers application security software to enterprises in the form of the Onapsis Security Platform for SAP and the Onapsis Security Platform for Oracle E-Business Suite.
Specifically for Microsoft Sentinel, it's going to have what's next to no value if you're not on Azure. You have to be in as your customer. If you want greater insight into what is going on in your cloud environment, turn Microsoft Sentinel on, but focus on where you enable it. You're not going to turn it on to see everything because it's not like focus on the areas where you are at risk or you believe you're at risk or something that you're, depending on your environment, do you have multiple subscriptions? Do you have a Microsoft Sentinel subscription that you just turned on, but it's not getting the visibility, and then you can alert on stuff that goes out of trend, etc.?
In assess, it does a whitebox and blackbox testing of the ERP systems that have been added to the Onapsis console. It highlights relevant application issues and automates the process, also provides the solutions to implement the fix. In comply, it provides a governance on the various regulatory compliances which the firm has to follow, as well as provides a firm grip to the audit and ERP admin team. In control, it enables a workflow of 15 pre-defined parameter values within the SAP system and helps monitor, and track the changes made to those parameters. The capabilities are to either block, or request for an approval for changes made to those parameters in addition to just monitoring them. In defend, it goes through the SAP logs; and compares it with a pre-defined ruleset to alert the end-users via email or SIEM tool or both.
Strong integration with the Microsoft security ecosystem allows seamless connection to services such as Microsoft Defender, Microsoft 365, and Azure. This makes it easy to bring together identity, endpoint, and cloud signals to support investigation and detection scenarios.
Effective correlation of alerts and incidents in collaboration with Microsoft Defender XDR helps combine related signals into higher‑fidelity incidents. This reduces noise and improves visibility into attack context, making investigations more efficient.
High scalability for data ingestion and processing enables large volumes of security telemetry to be handled efficiently.
Eliminating the manual process improves the overall accuracy of results and also frees up valuable resources to focus on other different projects.
Onapsis provides great leverage to our technical teams in order to review in a standardized way of the landscape.
Onapsis always matches vulnerabilities with useful context and finds possible solutions.
Onapsis is usually implemented to continuously monitor, and alert us on any issues on the SAP systems. Not only this but implementing Onapsis also eliminates the network on the year-end and month-end audits and helps in making the overall process faster, smooth, efficient as well as accurate.
I think it's primarily going to be cost, since Microsoft Sentinel uses Microsoft Log Analytics as its base, right? So storing the logs and log retention is very expensive. That might result in users not adopting it as quickly. Second, I think Copilot for security can just do summarization and not many remediation tasks. In the future, we would like to see Copilot create many playbooks, including all box playbooks, to remediate many security issues.
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
Honestly, I havent use something like Onapsis before and currently I am not aware if there is something similiar out there. They are one of a kind and is a complete suit, so is unlikelly that someone from outside will appear with a better solution.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
