Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Proofpoint Email Protection
Score 8.1 out of 10
N/A
Proofpoint Email Protection is available as an on-premise or cloud based solution and blocks unwanted, malicious and impostor emails with granular search capabilities and visibility into all messages. Outbound controls include encryption and data loss prevention, while continuity capabilities ensure business communications can continue as normal in the event of an email outage. With Proofpoint's Email Protection, you can protect your people, data, and brand from today’s threats…
It's certainly well-suited in environments that rely heavily on Microsoft products, and it's well-suited for environments where you have other business drivers to go to the E5 license. If I were to say where I would not and why, I only gave it a seven on the recommendation, that answer would probably vary if you already owned E5 or not. It's extremely expensive. And if there are other alternatives, if you don't have any other driving reason to go to E5, I would coach you not to go to Microsoft Sentinel. But if you're there, it's a fantastic property. It's certainly part of the cost argument for moving to E5, but it's only a part. It can't by itself justify the move to E5.
Well suited: Proofpoint does a pretty good job at protecting us from spam emails. I was able to block a lot of emails coming from SendGrid by blocking SendGrid emails with a custom spam filter. However, SendGrid has a lot of legit emails too so I was able to create another rule to allow those emails from certain people, then block the rest. That way business need was met but spam emails are blocked. Less Appropriate If you are trying to monitor internal to internal emails Proofpoint is probably a little over featured for that.
It's the scale. Having built-in detections and vulnerabilities and the ability to see into the traffic flows is absolutely key. Look at it from my perspective as network security. We want to see what's going on east, west, between all the kinds of subscriptions and the tenants. We don't have that. We don't have that with any other product. Microsoft Sentinel gives us that kind of visibility.
An area for improvement is how case management is surfaced within the Microsoft Sentinel experience, as clearer integration into Sentinel workflows would reduce context switching and improve incident handling.
There is an opportunity to further expand agentic, autonomous investigation and response capabilities.
Because, as I said, it still lacks a lot of things, like many playbooks outside the Copilot integrations and the actual remediation. For example, for Microsoft Sentinel and SAP, I would want to see Copilot doing a lot of remediations in Microsoft Sentinel at SAPN, like executing the transaction code, maybe creating certain increases, or remediating stuff like that, which is all customized.
Very robust and solid product in protecting our emails. The engineers who assisted with our implementation was very knowledgable and great to work with. Easy to use by end-users. Administration and management are also easy for IT. Great dashboard and reporting tools for business reviews.
Microsoft support is one of the highest rated on the market. It has global and multilingual support. Calls can be made over the phone and the solution is virtually instantaneous with the help of Microsoft engineers. It's great!
We use ProofPoint support quite often to fix issues and assist with setting up features and rules. Each time we have created a ticket, they have been very helpful and respectful. Each ticket has been treated with the appropriate SLA time and attention. We also enjoy the regular check-ins from the engineers when tickets are open but we get busy with other tasks.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
We previously used halon anti-spam, which lasted us well until our organization really started to grow and it was not able to keep up with the amount of mail we were receiving. The support is also nothing compared to Proofpoint's professional services offering. Halon was also not able to have the complex rules that Proofpoint can offer.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
Having easy-to-reach backups of all employee emails has made Proofpoint worth it by itself. That plus the countless times that spam/malicious emails did not make it through to the intended person that could have potentially cost the organization a lot of money.
