Microsoft Sentinel

Score8.6 out of 10

155 Reviews and Ratings

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Categories & Use Cases

Media

Screenshot of Microsoft Sentinel Capabilities

1 / 3

Centralized event and log data collection
Effectiveness of real-time centralized event and log data collection
Category average: 8.5
Correlation
Correlation of logs and events to pinpoint significant threats
Category average: 8.4
Integration with Identity and Access Management Tools
Integration with access control tools like Active Directory and LDAP
Category average: 8.1

Data integration/API management
Ease and quality of data integrations between SIEM and other systems
Category average: 8
Reporting and compliance management
Ease and quality of reporting and compliance functions
Category average: 8.5
Deployment flexibility
Ability to tune system to maximize threat detection and minimize false positives
Category average: 7.4

#1 most frequent

Professional, Scientific, and Technical Services

25.0%

1,584 installations of 6,338

“Office 365”
— SOC Engineer, Dell technology (10,001+ employees)

#2 most frequent

Finance and Insurance

12.9%

820 installations of 6,338

#3 most frequent

Manufacturing

11.5%

732 installations of 6,338

Danisa Kaniaru

IT Specialist in Information Technology at Asociación de Internautas (51-200 employees employees)

Use Cases and Deployment Scope

We use Microsoft Sentinel to boost our security, and it works amazingly well. It is our primary SOAR and SIEM solution, ensuring we have the best visibility into our security operations. With the tool in place, detection and responding to threats is easy thanks to its AI capabilities. In addition, it boosts our security by making it easy to collect data from all users, devices, and applications for threat analytics. Finally, it integrates with Microsoft products for better protection and management.

Pros

It works well as a SIEM and SOAR solution.
It comes with amazing AI threat detection capabilities.
It works across on-premises and multi-cloud environments.
It offers automated threat response.
Works well when it comes to threat analytics.
It supports integrations more so with Microsoft products such as MS Azure.

Cons

So far Microsoft Sentinel has been awesome. No serious challenges to list.

Return on Investment

With Microsoft Sentinel, we protect both on-premises and multi-cloud business environments.
The AI features ensures fast and accurate threat detection.
With the tool in place, we enjoy automated threat response, which guarantees minimal to no threat-related damage.

Usability

Other Software Used

Zoho Assist, Microsoft 365, Zoho Meeting

Lilian Hyal

IT Admin in Information Technology at Cybele Systems (11-50 employees employees)

Use Cases and Deployment Scope

We use Microsoft Sentinel to boost our cybersecurity. It is our primary SIEM and SOAR solution, and it's reliable for detecting, investigating, responding to, and remediating cyber threats across our multi-cloud environments. It has greatly increased our security operations by effectively reducing false positives and centralizing security logs.

Pros

AI powered threat detection increases accuracy.
It automatically responds to threat incidences.
Proactive threat hunting adds a layer of security.
Comes with great threat intelligence features.
Makes monitoring and visualization easy.

Cons

We have experienced improper tiering.
Limited integration with non Microsoft ecosystems.

Return on Investment

Proactive threat hunting is very helpful.
Ability to auto responds to threats keeps our infrastructure secure.
Threat intelligence helps deal with known and unknown threats.

Usability

Other Software Used

Microsoft Defender for Business, Microsoft Defender XDR, Hornetsecurity Email Encryption

Sumer Tiwari

IT Director for Security in Information Technology at JBS USA (10,001+ employees employees)

Use Cases and Deployment Scope

We use Microsoft Sentinel as our primary SIM. We have many cloud applications that generate a lot of logs. We ingest all of those in Microsoft Sentinel. From there, we use other technologies to alert us.

Pros

Microsoft Sentinel integrates really well with SAP Rise, which is our ERP solution.

Cons

I would like to see some alerting options right in Microsoft Sentinel. For example, we have to use applications like PagerDuty and whatnot to then alert us on our cell phones. I wish Microsoft Sentinel would have that out of the box.

Return on Investment

It's really hard to justify ROI on anything security-related. You don't know what it has prevented or helped you with. So that's a very hard question to answer because you can't really quantify a number. But I hope it has stopped things from going bad.

Usability

Kiera Lille

Junior SOC Analyst in Information Technology at Quantum Flairs (501-1000 employees employees)

Use Cases and Deployment Scope

We support a mix of enterprise clients: banks, retail chains with weird legacy systems. So Microsoft Sentinel helps us wrangle all their logs into one place without losing our minds. My main day to day is triaging incidents coming from Microsoft Sentinel analytics and running KQL queries.

Pros

We get clean unified views across multiple clients
Built in hunting queries and analytics

Cons

As a junior analyst, I've struggled a lot with the learning curve. I had to pull off all-nighters at the start, just to wrap my head around Microsoft Sentinel

Return on Investment

I can't imagine a world without Microsoft Sentinel for investigations and triaging. The manual hours that would take is bogus
Peace of mind for our financial clients who make up the majority of our client base

Usability

Other Software Used

Splunk Enterprise Security, Splunk SOAR

Verified User

C-Level Executive in Corporate (10,001+ employees employees)

Use Cases and Deployment Scope

We use it to correlate logs, aggregate logs, automate alerts and incidents, and to investigate alerts and incidents.

Pros

The visual presentation of data is terrific, so including what we had prior to Microsoft Sentinel, it presents data in a much more usable way, so that's been quite refreshing. It's not quite as complex to understand what you're looking at.

Cons

Automation is still a bit manual and clunky, as is the case with all the products out there doing that. If your automation were as simple as your visual presentation, it would be a much better product. But yeah, it's still a little clunky to build automation.

Return on Investment

Certainly nothing negative, positive. Again, it was a partial justification for the move to E5 because it allows me to reduce costs elsewhere. It gives me some cost avoidance for tools that I don't need elsewhere. It's not just Microsoft Sentinel by itself; it's the other things that come with it, associated with data leakage protection, risk management, insider risk, and so on. It certainly enhanced the business case for a move to E5 and for gaining those approvals, and it allows us to demonstrate to the executives, the board, and so on that we're being good stewards of the money we have.

IBM Security QRadar SIEM

Securonix Next-Generation SIEM

Splunk Enterprise Security

Microsoft Sentinel

What is Microsoft Sentinel?

Categories & Use Cases

Media