Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Prometheus
Score 8.0 out of 10
N/A
Prometheus is a service monitoring and time series database, which is open source.
I recommend Microsoft Sentinel for effective threat detection and response. It is a great SIEM and SOAR solution for businesses, and we have used it effectively, which is why I recommend it. Since it works across on-premises and multi-cloud environments, it is ideal for businesses of all sizes. Being AI-equipped and its ability to handle threat analytics make it irresistible.
This program works from the roots of the problem and creates a professional matrix for each of its users. This will give them more skills and resources to carry out tasks and reduce the difficulties of operating each of the processes of my work, as well as being An ally for the manipulation and operability of all your master data; Prometheus is very easy to recommend since it is a program that fulfills its mission.
I appreciate that it keeps the data within our, what we call our, authorization boundary. The fact that the data remains within Microsoft's, I guess, walled garden if you will, is very helpful for certain compliance needs in particular.
The large library of ingestion: ability to ingest is basically as easy as I can basically get it to be most of the time. There's occasionally some vendors that it's a little bit more challenging for, but given the ease of integration for a lot of things, basically it's become one of my requirements when I am looking at other tools is how easily do they integrate with Sentinel.
I think it should include more third party integration with non microsoft products as well as with other cloud providers. These integrations should be native.
It should improve ML and AI capabilities.
I find its documentation a little bit difficult to understand at the start. So the words should be simple.
Customer Service: since this is an open-source tool, customer service is not that great. Generally, you get all answers to your problems in online forums, but in case you got stuck, nobody will assist you in a channelised manner. You will have to find the way out on your own, and it may become frustrating at times.
More metrics for dashboards shall be added per the application being monitored. Standards metrics will work in most cases but may not in specific applications. Therefore, customised metrics shall be created for some of the industry-standard niche applications.
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
It is usable and one can learn if few people in the team are already using it. It can be difficult to understand at the beginning because of non intuitive UI and syntax of the rules. So, I've gone for 7 points as there is some room for improvement in user interface and rules syntax.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
Highly customized pricing plans to choose from. Lower pricing for the same features compared to competitors. Easy to reach the support team, which provided detailed documentation and helped set up the Prometheus. Monitoring metrics gets very easy after the integration with Grafana. It also has a sophisticated alert setting mechanism to ensure we don't miss anything critical.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
The ROI mentioned during the purchase has not been achieved, however this could be due to lack of data from our side. 2 years of implementation is too early to calculate and confirm the ROI.
