Microsoft Sentinel Review
September 13, 2023
Microsoft Sentinel Review
Score 10 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Sentinel
So as far as the Security Operations Center, they utilized it to protect the boundary to make sure no assets are getting hacked. If somebody does attempt to hack it or whatnot, quarantine that asset during the investigation, try to find out what happened with that asset and once they figure it out, remediate it and clear it up, making sure they continue to utilize the product to monitor that and other product within the organization.
- It's pretty good. We're working with other Microsoft products for sure. If you got Outlook 365, it worked really well with that. You had the whole Microsoft Suite, if you got a property tuned up, it does pretty good at catching things. It's very intuitive. It's very quick at being able to quarantine assets that might've been compromised in a quick manner without having to go through a whole bunch of red tape and try to find a whole bunch of people or admins to be able to help you do your job or whatnot.
- Making it able to talk with other tools outside of Microsoft would be something that would work really well with it. I know a lot of organizations utilize Splunk and it seems like trying to get the Microsoft product top to Splunk is always a big issue, especially with the Sentinel, the 365 defender, and stuff like that. So having it be able to be able to speak to other vendors' tools would definitely help out because nobody wants to just use one tool suite because one tool suite might miss one thing, then another one might pick up. They all talk to each other and they are all able to be automated would definitely be a big help any security-positive organization.
- I think it had a positive impact because as we said before, it is very quick at seeing threat vectors coming in. It definitely helps with people that are sitting there watching to be able to quickly see that we got a notification or something's going on and they're able to act upon it, do the investigation fairly quickly.
- The only negative thing about it is the fact that sometimes you have to pay for some additional training from Microsoft because there are some little small intricacies that you might not figure out and might not be able to find on a YouTube or Google rule that only a Microsoft person who was working with the tool and got trained by Microsoft was able to tell you about to make your job a little bit easier.
So I think they pull from DNS, firewalls, HBSS, that's it.
Not to my knowledge.
The tool to look for any type of notification that anybody's trying to get into your boundary. When somebody gets a notification, they click on that notification and see what all systems were affected by the possible compromise. So being able to drill down to look at the root cause or whatever caused this alert to take place is part of the investigative process that we use within it. Being able to drill down to the root cause to determine whether it might be true positive or negative, it's beneficial because it helps us to knock it out and move on to the next alert that we might have in the queue and keeps us on hold and helps prevent sock fatigue.
No, this is the only one.
Do you think Microsoft Sentinel delivers good value for the price?
Not sure
Are you happy with Microsoft Sentinel's feature set?
Yes
Did Microsoft Sentinel live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Microsoft Sentinel go as expected?
Yes
Would you buy Microsoft Sentinel again?
Yes