Microsoft Sentinel vs. Palo Alto Networks Cortex XSOAR

Sentinel is the best "cloud-native" in the market yet, so if the organization has a cloud presence (which almost everyone has) then Sentinel is the right choice for having a single pane of glass for all your security monitoring needs. Sentinel is a very good tool for log analysis and event management purposes as well. With KQL and ASIM parsers, organizations can retrieve invaluable insights even from the most complex data. And of course, Sentinel is a great choice for automating the incident response process to a very good extent.

Incentivized

XSOAR is well suited for phishing detection and response. Phishing alerts are as much of a
problem today as they were decades ago. This is because: ●Attackers Can leverage automation to launch high-quantity phishing attacks with the click
of a button.
●Spear Phishing attacks are sophisticated and sometimes indistinguishable from real
emails, resulting in compromise through human error.
●Security Teams aren’t able to follow set processes while responding to phishing alerts.
They must coordinate across email inboxes, threat intel, NGFW, ticketing, and
other tools. Each tool has different consoles, data conventions, and contexts,
making it difficult for security teams to fill in the gaps while minimizing
errors. XSOAR is less suited for analyzing traffic.

Incentivized

• It has a native integration with all Microsoft products, from Entra to Azure, Microsoft 365
• Being built upon native Azure functionality benefits in automation and infrastructual solutions
• The KQL language is relatively easy to learn and powerful.
• Microsoft is listening very careful to the customers and develops new functionality at a fast pace

Incentivized

• Automation with immediate security responses.
• Comprehensive phishing protection and increased email protection.
• Analysis and reporting feature.
• Intuitive and easy-to-view panels.
• Alerts by email and sms of incidents for the administration.
• Centralized monitoring.

Incentivized

• It takes some time to learn how to use and install it properly, and it does not connect effectively with external PaaS systems such as Salesforce CRM, Salesforce Commerce Cloud, and so on.
• Microsoft can simplify the display of the logs to make them easier to study, and the user interface occasionally delays, which can also be enhanced.

Incentivized

• The XSOAR bot creates a lot of noise on the summary page of any XSOAR incident. Although the filter is available to reduce the view, by default this should not be visible cluttering the whole scenario.
• The interface has too much data on a single pane. I would love to have many buttons to just click and do stuff.
• Also, I would love to have search areas more interactive and easier to navigate.

It has proven to be far to valuable and effective to consider getting rid of it. Until something better comes along, this is staying in our product stack.

Incentivized

The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.

Incentivized

Azure Sentinel is very easy to use and configure. If you are stuck somewhere, Microsoft support is excellent in assisting and solving your issue.

Incentivized

It was much easier than we all anticipated.

Incentivized

The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. Additionally, leveraging Threat Intel from Microsoft itself gives a sense of security, given their years of experience in the collection of intel. The AI and Machine learning features provided by MS is one of the finest.

Incentivized

The quantity of integrations with security solutions is highest in Palo Alto Solution. The capacity to identify anomalous events is much better in Palo Alto Networks Cortex XSOAR. The flexibility of increased storage area is better as well. The dashboard is very intuitive about showing the most important incidents and how to resolve them.

Incentivized

Did not use professional services

Incentivized

• Microsoft Sentinel is a good investment, especially when sided with other solutions such as Microsoft 365 Defender, as it provides 360° protection on every level of the infrastructure.
• When deployed on infrastructures that have never had an SIEM, Microsoft Sentinel helps to assess vulnerabilities and misconfigurations.
• As with any other SIEM, Microsoft Sentinel basically eliminates the need to put effort into every single platform (like EDR, NDR, XDR) and converge that effort on a single product that correlates and orchestrates the rest.

Incentivized

• Demisto has Eased malware analysis and threat hunting
• With Demisto, it is simple to create playbooks and scripts
• This is helped automate policy configurations on our PA firewalls through Panorama

Incentivized