Surpassingly really good tool and a very interactive dashboard
December 06, 2023
Surpassingly really good tool and a very interactive dashboard
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Sentinel
We are hybrid company that allow folks to work from anywhere, as for the flexibility, the security portion is becoming more exposed, this is where the Microsoft Sentinel has helped us to manage, there are over 200 end point devices that we managed by it, the management include automatic threat detection, automatic defined intelligent security and overall security issue, both from SIEM Perspective and SOAR Perspective, the dashboard is really eye catching and with such dashboard any deviations from our pre-defined values are captured in automated way, despite that we only use it for 200 out of 1000 devices, the result we have has been helping us in managing incidents and most importantly prevent them to harm our organization
- Integration with intune is out of the box
- Integration with Microsoft Defender for End Point
- As we don't use the egress data, but this could be a very expensive cloud cost for other organization out there
- The popularity is increasing but you might be ending up in vendor lock down
- We are able to securely manage 200 endpoint devices with this tools as it is part of the package that we bought, managing them is not easy to say the least as one security incident can expose the whole company
We are taking data from : Intune, Entra ID and Defender for Endpoint , those three are already lots enough resources t handle, especially when you have a small team that manages 200 endpoints.
As all data sources are within the Microsoft's suite, the out of the box settings are documented really well , for example with EntraID the Azure market place is providing it for us.
No we are not using the AI features as there are limitations in the licenses that we bought, even without it, it has been doing a wonderful job for us so far, it will be way better with the AI features, but in the end, we only have bought so much for the licenses, hence the SaaS default is our way to go on this
Fortunately, we never reached that stage for the past 2 years, our users have been quite complied with all the Do's and Don'ts that we set from very beginning and it will be a wish to never use them in the future, but looking at the documentation, it is a great process
As mentioned, the product was part of the purchase of several Microsoft Suites that we did earlier last year and with 200 licenses included, we can exclude those from the other SIEM and SOAR product, it just work well with the Microsoft's environment that we partially have
Is the tool better from the other tools ? it could be if the environment is singular
Is the tool better from the other tools ? it could be if the environment is singular
Do you think Microsoft Sentinel delivers good value for the price?
Yes
Are you happy with Microsoft Sentinel's feature set?
Yes
Did Microsoft Sentinel live up to sales and marketing promises?
Yes
Did implementation of Microsoft Sentinel go as expected?
Yes
Would you buy Microsoft Sentinel again?
Yes