One stop solution for all security needs. Transforming Security with AI and Automation
Updated June 09, 2024

One stop solution for all security needs. Transforming Security with AI and Automation

Namandeep Bhatia | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Microsoft Sentinel

We use it to addres various security-related challenges and streamline our security operations. We mainlu use it for : - Threat Detection and Analysis - Security Automation and Orchestration:

Pros

  • Detection of cyber threts, malware, and suspicious activities etc. across whole IT environment.
  • Streamlining the process of identifying and responding to security incidents, minimizing their impact
  • Real-time monitoring

Cons

  • Price is on higher side as compared to competitive products
  • Process of Onboarding and connecting with system can be simplified
  • If software is hosted anywhere else from Azure then integration is bit time taking.
  • Difficult to work with KQL. Enhanced support for more standard query languages, like SQL, could be beneficial.
  • With its integration, Instead of requirement whole team we managed by 2 resources
  • We would be able to manage security compliances better.
  • Better process established
We connected Microsoft Sentinel from AWS. I know that it can be connected with Azure or GCP also. Not sure about others.
I think, this feature gives it upperhand from competitors and hence high pricing. We used: 1. Anomaly Detection : Microsoft Sentinel can generate alerts for potential anomalies. For example, it can identify unusual login patterns, data access, or network traffic. 2. Behavioural Analytics: By analysing user and entity behaviour, Microsoft Sentinel can identify abnormal or suspicious activities
We checked, McAfee Enterprise Security Manager (ESM).
In my opinion, Microsoft Sentinel is beter wit AI capacity and good community.

Do you think Microsoft Sentinel delivers good value for the price?

Not sure

Are you happy with Microsoft Sentinel's feature set?

Yes

Did Microsoft Sentinel live up to sales and marketing promises?

Yes

Did implementation of Microsoft Sentinel go as expected?

Yes

Would you buy Microsoft Sentinel again?

Yes

As stated earlier, it might uses some sort of advanced analytics and machine learning to detect threats and anomalies in real-time. It can identify suspicious activities, potential security breaches, and other security incidents very well. So it is beneficial if you don't want to keep a team for real time threats detection. It only takes one time integration process and then good to go.

Microsoft Sentinel Feature Ratings

Security Information and Event Management (SIEM)
7.3
Centralized event and log data collection
8
Correlation
7
Event and log normalization/management
7
Custom dashboards and workspaces
8
Host and network-based intrusion detection
7
Log retention
7
Data integration/API management
7
Response orchestration and automation
8
Incident indexing/searching
7

Configuring Microsoft Sentinel

It is bit on complex side, you might need support from a trained person to accomplish it.
- During configuration make sure to first leverage Built-In analytics rules.
- Most of the requirements can be fulfilled with built in configuration, still if require tailoring do it after basic setup completion.
- Write your own KQL.
- Define Key matrics to track very clearly and setup visualize analytics accordingly.
Some - we have done small customizations to the interface - It was not so difficult.
No - we have not done any custom code
- Role specific dashboard, its very helpful.

Comments

More Reviews of Microsoft Sentinel

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Microsoft Sentinel Reviews
  4. User Review of Microsoft Sentinel