Excellent solution for attack detection and raising alarms
July 06, 2023
Excellent solution for attack detection and raising alarms
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Sentinel
Microsoft Sentinel is a cloud-based comprehensive and robust SIEM (Security information and event management) that is used for a variety of company FW/VPN infrastructure security events tracking as well as end-user protection monitoring (it is easily connected to MS Defender). The huge list of built-in connectors for different solutions/hardware eliminates any deployment issues that we had with previous SIEM system deployments. With Microsoft Sentinel, we are able to centralize all the security operations at a single point.
- Advanced analytics and machine learning algorithms
- Easy to deploy, manage, and update
- Huge list of out-of-the-box dashboards, reports and automation playbooks
- Query language is quite difficult
- Automation playbooks some times have false positives alerts/responses
- Ease of integration
- Threat detection and data collection
- Analytics
- Increase of intrusion reaction time
- Increase of end users protection
- Splunk Enterprise Security (ES) and CrowdStrike Falcon
As the vast majority of our users have Windows machine and uses all 365 cloud features, we finally decided not to implement any 3rd party security solutions on desktops/laptops in order to keep our infrastructure simple. In this case, Microsoft Sentinel is the best way to provide a unique point of attack detection and alert monitoring. We do not need to keep 3rd party SaaS solution and spend any efforts for their integration.
Do you think Microsoft Sentinel delivers good value for the price?
Yes
Are you happy with Microsoft Sentinel's feature set?
Yes
Did Microsoft Sentinel live up to sales and marketing promises?
Yes
Did implementation of Microsoft Sentinel go as expected?
Yes
Would you buy Microsoft Sentinel again?
Yes