Use Microsoft Sentinel to improve your organizations overall security
August 07, 2024
Use Microsoft Sentinel to improve your organizations overall security
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Sentinel
In our organisation, we are using Microsoft Sentinel for threat detection and collecting analytics. We have integrated SentinelOne which is used for real time threat detection with Microsoft Sentinel. So we use it as a Data Connector and protect all the machines of our employees. This helps in overall security of their systems and gather the required metrics in case of any threats to their system and provide real time insights to us.
Pros
- It is a good tool for threat detection and analysis of the threats. We are using this tool for real time threat detection on our employee machines as well as some servers.
- It provides various options for collecting data sources by leveraging multiple sources using data connectors. This helps us in gathering data from multiple sources such as our servers as well as our employee machines.
- One good thing about this tool is automated incident response thereby increasing the security of servers.
Cons
- I think it should include more third party integration with non microsoft products as well as with other cloud providers. These integrations should be native.
- It should improve ML and AI capabilities.
- I find its documentation a little bit difficult to understand at the start. So the words should be simple.
- It has provided us with an assurance about threat detection in all our servers. We are yet to see any ROI as we have not yet faced any security issues or wait, if we have not faced any security issues, this can be considered as an ROI.
- It has enhanced log and analytics collection at a single centralised location which helps us to monitor only a single place.
- Previously we used a lot of threat detection services and they did not suited all our requirements but Microsoft Sentinel turns out to be a good option.
Mostly we are using a combination of multiple Sources such as using SentinelOne for collecting real time analytics from user devices. Then we are also using custom resource such as REST API for collecting data from certain servers. we are planning to integrate firewall as a source to pull data to Microsoft Sentinel
The process of setting up these connectors was quite simple but we had to get a deep knowledge about the offerings first and what to use as a data source or connectors. After reading a lot of documentation and collecting feedback from various stakeholders, we were able to use the easiest way possible.
We are leveraging the anomaly detection and threat intelligence features using Microsoft Sentinels AI.
By using this we are trying to observe unusual patterns in the security data and to detect specific threats or behaviors. Using the machine learning, we are trying to constantly improve these unusual pattern and threat detection in our algorithm.
The investigation tools actually helps us to visualise the incidents by using the interactive graphs and timelines to understand the scope and also the impact of the issue. This helps us to create a relationship between the user, devices and other services. We also leverage the playbooks that helps us in fixing some custom threats.
Based on the overall infrastructure configuration that we have and also after analysing various solutions provided by Microsoft Sentinel, we came to a conclusion that the Microsoft Sentinel is the best option for us to help us in overall threat detection on our custom servers, user devices etc. and can help us in collecting logs at a centralised location.
Do you think Microsoft Sentinel delivers good value for the price?
Yes
Are you happy with Microsoft Sentinel's feature set?
Yes
Did Microsoft Sentinel live up to sales and marketing promises?
Yes
Did implementation of Microsoft Sentinel go as expected?
Yes
Would you buy Microsoft Sentinel again?
Yes
Comments
Please log in to join the conversation