Microsoft Sentinel Reviews & Insights

Summary

When discussing products similar to Microsoft Sentinel, reviewers frequently identify other security information and event management (SIEM) solutions that they have used or evaluated. Splunk is the most commonly cited alternative, mentioned by 3 of 16 reviewers. This suggests that Splunk, encompassing offerings such as Splunk Enterprise Security and Splunk Cloud Platform, is a significant competitor or complementary tool in the security operations landscape, often considered for its comprehensive capabilities. Another notable alternative is IBM Security QRadar SIEM, which 2 of 16 reviewers have either used or evaluated, sometimes alongside other platforms like LogRhythm. The consistent mention of these established SIEM platforms indicates that organizations often consider a range of robust solutions to meet their security monitoring, threat detection, and incident response needs, highlighting a competitive market for these critical tools.

Related topics

Summary

A significant majority of reviewers, representing 69% of the sample, utilize Microsoft Sentinel's AI, machine learning, and analytics capabilities primarily for enhanced threat detection and response. These features are frequently credited with enabling faster identification of suspicious activities and providing deeper insights into potential threats, which in turn supports proactive mitigation strategies. Reviewers frequently highlight the system's ability to detect anomalous patterns that might otherwise be missed by traditional rules-based systems. This advanced detection capability contributes to notable operational efficiencies, with 19% of reviewers specifically citing time savings and a reduction in the impact of security incidents. However, a segment of the user base, comprising 31% of reviewers, reports limited or no current use of these specific AI and machine learning features, often due to reliance on alternative tools, ongoing implementation plans, or a lack of direct experience in their current roles.

Related topics

Summary

Microsoft Sentinel's investigation tools are primarily valued for significantly enhancing the speed and efficiency of threat analysis, a benefit highlighted by 9 of 16 reviewers. The platform's ability to streamline the investigation process and enable quicker responses to incidents is a key advantage, often cited in comparison to other Security Information and Event Management (SIEM) solutions. Additionally, 3 of 16 reviewers praised the tool for its robust incident aggregation and detailed entity analysis capabilities, which provide a consolidated view of security events and deep insights into affected assets. While 4 of 16 reviewers expressed mixed sentiment regarding the ease of use, noting a learning curve for beginners, particularly with KQL, the overall sentiment points to a powerful tool that, once mastered, greatly improves security operations. Furthermore, 2 of 16 reviewers noted the value of its integration with other Microsoft tools like Logic Apps and Security Co-pilot, which further enrich data and automate workflows.

Related topics

Summary

Microsoft Sentinel users integrate data from a diverse array of sources, with a strong emphasis on Microsoft's own ecosystem and traditional IT infrastructure. A significant portion of reviewers, 38%, specifically highlight the integration of Microsoft 365 services, including SharePoint and Office 365, noting their utility in identifying and responding to threats due to comprehensive activity logging. Beyond Microsoft's cloud offerings, on-premises and server data are also frequently imported, with 31% of reviewers mentioning sources such as Windows and Linux servers, and various on-premise devices. Network and firewall data, including logs from Palo Alto and other firewalls, are cited by 25% of the reviewers as essential for security monitoring. Similarly, cloud infrastructure and services, particularly Azure and other hosting environments, are integrated by 25% of the user base. While most data ingestion is direct, a smaller segment of reviewers, 13%, leverages third-party connectors or APIs, sometimes with mixed results regarding scope and visibility, to curate and push data into Sentinel.

Related topics

Summary

Microsoft Sentinel primarily demonstrates a positive impact on business objectives through enhanced security capabilities, particularly in threat detection and response. Reviewers frequently highlight its ability to provide fast and accurate threat detection, often leveraging AI features, which helps prevent data loss and improve overall security posture, as noted by 10 of 16 reviewers. While the return on investment (ROI) is perceived as positive by some, 7 of 16 reviewers express mixed sentiment, citing challenges in quantifying security ROI and concerns regarding the product's cost. However, the platform also contributes to operational efficiency by automating threat responses and reducing manual work, a benefit observed by a quarter of reviewers. Furthermore, it supports business growth by enabling organizations to scale services and improve visibility into the threat landscape, as indicated by 4 of 16 reviewers.

Related topics

Summary

Reviewers frequently utilize a range of security and business productivity software in conjunction with Microsoft Sentinel, with a strong positive sentiment towards these tools. Microsoft Defender solutions are prominently mentioned, with five reviewers (31%) highlighting various components such as Defender for Endpoint, Cloud, Business, and XDR. This indicates a preference for integrating within the broader Microsoft ecosystem for security operations. Beyond Microsoft's offerings, Splunk is a notable security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platform, cited by three reviewers (19%). Similarly, Palo Alto Networks' security products, including Cortex XSOAR and XDR, are in use by two reviewers (13%), suggesting a diversified approach to advanced threat protection. Furthermore, productivity and collaboration tools from Zoho, such as Assist, Meeting, and Forms, are also part of the software stack for three reviewers (19%), demonstrating a blend of security and operational support systems. The consistent positive sentiment across all mentioned software implies a high likelihood of recommendation among users.

Related topics

Summary

Microsoft Sentinel is primarily adopted by organizations as a comprehensive platform for enhancing cybersecurity, with a strong focus on its capabilities as a Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. Over two-thirds of reviewers (11 of 16) highlight its role as their main SIEM and SOAR tool, emphasizing its effectiveness in detecting, investigating, and responding to cyber threats. This core functionality is complemented by its ability to provide extensive visibility into security operations and proactively identify anomalies, a benefit noted by 11 reviewers. The platform also serves as a centralized hub for log management and data ingestion, with 7 reviewers pointing out its utility in collecting and consolidating security logs from various sources, including multi-cloud environments. Furthermore, 6 reviewers appreciate its automation features, which streamline threat detection and response processes. A distinct use case, mentioned by 4 reviewers, involves leveraging Sentinel to offer managed security services to external clients, encompassing deployment, configuration, and incident response. Overall, the product addresses business problems related to fragmented security visibility, manual threat response, and the need for unified security operations across complex IT landscapes.

Related topics

Summary

Reviewers frequently identify several key areas where Microsoft Sentinel could be improved, primarily concerning its cost structure and integration capabilities. A significant number of reviewers, 7 out of 16, specifically highlight the complexity of its licensing model and the high cost associated with log retention, which is based on consumption. Beyond financial considerations, 5 reviewers expressed concerns about the product's integration and ecosystem, noting limitations with non-Microsoft environments and a desire for more robust, out-of-the-box alerting options. The user experience also presents challenges, with 4 reviewers criticizing the user interface and navigation for being cluttered or difficult to traverse. Similarly, 4 reviewers pointed to a steep learning curve and inconsistent documentation, particularly for connectors, as barriers for new users. Finally, issues related to alerting, such as an initial high volume of alerts and the occurrence of false positives, were raised by 3 reviewers, who also wished for native alerting features.

Related topics