Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
ReliaQuest GreyMatter
Score 10.0 out of 10
N/A
ReliaQuest offers Open XDR-as-a-Service via ReliaQuest GreyMatter, a cloud-native Open XDR platform that brings together telemetry from any security and business solution—on-premises, in one or multiple clouds--to unify detection, investigation, response and resilience. ReliaQuest combines technology and 24/7/365 security expertise to give organizations the visibility and coverage they require to make their cybersecurity program more effective. ReliaQuest, headquartered in Tampa, boasts hundreds…
It's certainly well-suited in environments that rely heavily on Microsoft products, and it's well-suited for environments where you have other business drivers to go to the E5 license. If I were to say where I would not and why, I only gave it a seven on the recommendation, that answer would probably vary if you already owned E5 or not. It's extremely expensive. And if there are other alternatives, if you don't have any other driving reason to go to E5, I would coach you not to go to Microsoft Sentinel. But if you're there, it's a fantastic property. It's certainly part of the cost argument for moving to E5, but it's only a part. It can't by itself justify the move to E5.
Our company generates more than a terrabyte of log a day and it can easily go above 2 TB a day. We were using out of the box SOC Solution from splunk to manage our SOC. We lacked the know how of using splunk and also lacked the staff to keep the product up to date to help us tackle the latest threats. We outsourced our SIEM/SOAR service to RQ and they helped us with creating new use cases which addressed the latest threat to our organization. RQ has people who research the latest threats and helps us keep up to date on the day-to-day security operations. RQ also helps with data onboarding if required. So we would recommend RQ to customers who are short-staffed and who lack personnel who could research security threats to keep your organization safe from threat actors.
It's the scale. Having built-in detections and vulnerabilities and the ability to see into the traffic flows is absolutely key. Look at it from my perspective as network security. We want to see what's going on east, west, between all the kinds of subscriptions and the tenants. We don't have that. We don't have that with any other product. Microsoft Sentinel gives us that kind of visibility.
An area for improvement is how case management is surfaced within the Microsoft Sentinel experience, as clearer integration into Sentinel workflows would reduce context switching and improve incident handling.
There is an opportunity to further expand agentic, autonomous investigation and response capabilities.
Some Analysts are relatively fresh to SOC. They sometimes get put into supporting large infrastructures.
RQ has a ton of correlation searches that they use to provide end-to-end visibility. Most of them can be restructured to get the same results and this can reduce the number of correlation searches.
Because, as I said, it still lacks a lot of things, like many playbooks outside the Copilot integrations and the actual remediation. For example, for Microsoft Sentinel and SAP, I would want to see Copilot doing a lot of remediations in Microsoft Sentinel at SAPN, like executing the transaction code, maybe creating certain increases, or remediating stuff like that, which is all customized.
Microsoft support is one of the highest rated on the market. It has global and multilingual support. Calls can be made over the phone and the solution is virtually instantaneous with the help of Microsoft engineers. It's great!
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
Reliaquest is vendor agnostic. They have a lot of correlation searches that they use to provide security for your organizations. Compared to other products we have tried we felt that they are the only company that is doing proper market research on the latest and greatest threat to our vertical and coming out with the latest methods to keep up to date. RQ also has a good leadership structure that we could rely on if we run into any escalations. Compared to other products that we tried they try to work with you holding hands trying to resolve your problems.
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
RQ's Greymatter content has enriched our SOC experience because we always felt Splunk's out-of-the-box use cases were not sufficient enough to provide end-to-end coverage.
RQ specializes in a lot of big data solutions so that we can rely on them to help us troubleshoot tasks and also make sure our security solutions are working accurately.
