Elastic Security vs Exabeam comparison

Sponsored
Microsoft Sentinel
Read 87 Microsoft Sentinel reviews
  • 29,130 Views
  • 16,202 Comparison Views
93% willing to recommend
Elastic Security
Read 60 Elastic Security reviews
  • 14,161 Views
  • 11,611 Comparison Views
85% willing to recommend
Exabeam
Read 10 Exabeam reviews
  • 4,305 Views
  • 2,051 Comparison Views
80% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Elastic Security and Exabeam based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Elastic Security vs. Exabeam Report (Updated: May 2024).
Buyer's Guide
Elastic Security vs. Exabeam
May 2024
Download the complete report
Helped 790,637 peers since 2012
 

Categories and Ranking

Microsoft Sentinel
Sponsored
Ranking in Security Information and Event Management (SIEM)
2nd
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Number of Reviews
87
Ranking in other categories
Microsoft Security Suite (5th)
Elastic Security
Ranking in Security Information and Event Management (SIEM)
5th
Ranking in Security Orchestration Automation and Response (SOAR)
6th
Average Rating
7.6
Number of Reviews
60
Ranking in other categories
Log Management (5th), Endpoint Detection and Response (EDR) (16th), Extended Detection and Response (XDR) (7th)
Exabeam
Ranking in Security Information and Event Management (SIEM)
28th
Ranking in Security Orchestration Automation and Response (SOAR)
13th
Average Rating
8.0
Number of Reviews
10
Ranking in other categories
User Entity Behavior Analytics (UEBA) (5th), Security Incident Response (7th), Threat Intelligence Platforms (21st), AI-Powered Cybersecurity Platforms (4th)
 

Mindshare comparison

As of July 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 11.8%, down from 13.6% compared to the previous year. The mindshare of Elastic Security is 7.5%, down from 9.9% compared to the previous year. The mindshare of Exabeam is 0.5%, down from 1.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
Unique Categories:
Security Orchestration Automation and Response (SOAR)
22.4%
Microsoft Security Suite
5.5%
Log Management
8.8%
Endpoint Detection and Response (EDR)
3.8%
User Entity Behavior Analytics (UEBA)
5.0%
Security Incident Response
4.5%
 

Featured Reviews

Nagendra Nekkala - PeerSpot reviewer
Nov 8, 2023
Provides a unified set of tools to detect, investigate, and respond to incidents and enables proactive threat hunting
We use the tool to help secure our cloud-native security solutions. By enabling us to secure our cloud environments, it acts as a single solution for attack detection and threat visibility for proactive hunting. The solution gives us a library of customizable content that helps us address our unique needs. It also gives regular patch updates. It helps us to be updated with the latest threats happening across the world. We use the Microsoft Sentinel Content hub. Integration with Active Directory is also helpful for us. The content hub enables us to see the latest features. We have Extended Detection and Response in SentinelOne. It provides effective protection for the platform. It provides more cybersecurity by providing more visibility and protects our enterprise. The content hub helps us centralize out-of-the-box security information and event management content. It discovers and manages the built-in content. It provides an end-to-end security for us. Microsoft Sentinel correlates signals from first and third-party sources into a single high-confidence incident. It can extract the information through the respective APIs of the third parties. It has increased our threat intelligence, monitoring, and incident analysis efficiency. We use Microsoft Sentinel's AI in automation. The generative AI features enable real-time threat hunting and detection. The solution has helped improve our visibility into user and network behavior. The generative AI provides better detection and response capabilities and faster response times with actionable intelligence. The product has saved us time. It helps us get various log files. When there’s an incident, it enables us to do investigations faster. The tool saves us three days in a week. It reduces the work involved in our event investigation by streamlining the processes and making automation effective. Event investigation is much faster. If someone is looking for a comprehensive solution, Microsoft Sentinel is a good choice. It will fulfill all our needs, including attack detection, threat visibility, and response. Overall, I rate the solution an eight out of ten.
Read full review
Matthew DeGrandis - PeerSpot reviewer
Mar 9, 2023
It's helpful for looking at multiple data sources to find find patterns or anomalies
We primarily use Elastic Security as a log aggregator, so we use it like a SIEM. It ingests all our logs and reports on them in aggregate We've used Elastic Security to solve some challenges involving various data sources. Things were being logged, but they were scattered around the organization.…
Read full review
AYOUB ECH-CHKAF - PeerSpot reviewer
Jul 10, 2023
An easy-to-use solution, but its data lake features could be simple to understand
We use the solution to investigate incidents and create rules for use cases The solution provides an easy-to-use platform to create rules for use cases. The solution's data lake features could be easier to understand for end users. They should also provide detailed information about detecting…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"While Microsoft Sentinel provides a log of security events, its true power lies in its integration with Microsoft Defender."
"The connectivity and analytics are great."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
More Microsoft Sentinel pros
"The most valuable features of Elastic Security are it is open-source and provides a high level of security."
"Elastic Security is very customizable, and the dashboards are very easy to build."
"The stability of the solution is good."
"Elastic is straightforward, easy to integrate, and highly customizable."
"It's very customizable, which is quite helpful."
"Elastic Security is very easy to adapt."
"The solution is compatible with the cloud-native environment and they can adapt to it faster."
"Elastic has a lot of beats, such as Winlogbeat and Filebeat. Beats are the agents that have to be installed on the terminals to send the data. When we install beats or Elastic agents on every terminal, they don't overload the terminals. In other SIEM solutions such as Splunk or QRadar, when beats or agents are installed on endpoints, they are very heavy for the terminals. They consume a lot of power of the terminals, whereas Elastic agents hardly consume any power and don't overload the terminals."
More Elastic Security pros
"The solution's initial setup process is easy."
"The advanced analytics has a really great overview of user behavior."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"It's a very user-friendly product and it's a very comprehensive technology."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"Timeline based analysis; good platform support"
"The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
More Exabeam pros
 

Cons

"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
More Microsoft Sentinel cons
"This type of monitoring is not very mature just yet. We need more real-time information in a way that's easier to manage."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"Their visuals and graphs need to be better."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"The price of this product could be improved, especially the additional costs. I would also like to see better-quality graphics."
"We are paying dearly for the guy who is working on the ELK Stack. That knowledge is quite rare and hard to come by. For difficulty and availability of resources, I would rate it a five out of 10."
"There isn't really a very good user experience. You need a lot of training."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
More Elastic Security cons
"They should provide detailed information about detecting phishing emails."
"I believe if it were more flexible it would be a better product."
"The organzation is rigid and not flexible in the way they operate"
"Adding to the number of certifications that they have, for example, ISO 27001, would be helpful."
"The only problem is that the UI is not very impressive."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
More Exabeam cons
 

Pricing and Cost Advice

"I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
"It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."
"We are charged based on the amount of data used, which can become expensive."
"I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
"Sentinel is costly compared to other solutions, but it's fair. SIEM solutions like CrowdStrike charge based on daily log volume. They generally process a set number of logs for free before they start charging. Microsoft's pricing is clearer. It's free under five gigabytes. Some of these logs we ingest have a cost, so they don't hide it. I believe the tenant pays the price, and Microsoft helps create awareness of the cost."
"It is consumption-based pricing. It is an affordable solution."
"I'm not happy with the pricing on the integration with Defender for Endpoint. Defender for Endpoint is log-rich. There is a lot of information coming through, and it is needed information. The price point at which you ingest those logs has made a lot of my customers make the decision to leave that within the Defender stack."
"I am not involved on the financial side, but from an enterprise-wide use perspective, I think the price is good enough."
More Microsoft Sentinel pricing and cost advice
"Its price is fine. Its licensing works on a yearly basis. We have to renew the license every year. I also have a good experience with Darktrace. When we buy Darktrace, we get training free of cost, which is not there in Elastic. We have to pay extra for training. There is certainly room for improvement."
"The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
"The product offers an amazing pricing structure. Price-wise, the product is very competitive."
"There is no charge for using the open-source version."
"We use the open-source version, so there is no charge for this solution."
"It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
"I find it better than Splunk in terms of cost-effectiveness. For cost-effectiveness, I would rate it a nine out of 10."
"Compared to other products such as Dynatrace, this is one of the cheaper options."
More Elastic Security pricing and cost advice
"There is an annual license required to use Exabeam Fusion SIEM. The price of the solution should be reduced."
"Exabeam Fusion SIEM's pricing is reasonable."
"The solution is expensive."
"They have a great model for pricing that can be based either on user count or gigabits per day."
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
790,637 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
9%
Manufacturing Company
8%
Computer Software Company
17%
Financial Services Firm
10%
Government
10%
University
6%
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
See all answers
Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several time...
See all answers
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it con...
See all answers
What is your experience regarding pricing and costs for Elastic Security?
Elastic Security is open-source. Unlike many older solutions where you must pay for data ingestion, Elastic allows yo...
See all answers
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
See all answers
What do you like most about Exabeam Fusion SIEM?
The solution's initial setup process is easy.
See all answers
What is your experience regarding pricing and costs for Exabeam Fusion SIEM?
The solution is expensive.
See all answers
 

Comparisons

AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 17% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 12% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Microsoft Defender for Cloud vs Microsoft Sentinel Logo
Microsoft Defender for Cloud vs Microsoft Sentinel
Compared 5% of the time
Cortex XSIAM vs Microsoft Sentinel Logo
Cortex XSIAM vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
Wazuh vs Elastic Security Logo
Wazuh vs Elastic Security
Compared 39% of the time
Splunk Enterprise Security vs Elastic Security Logo
Splunk Enterprise Security vs Elastic Security
Compared 8% of the time
IBM Security QRadar vs Elastic Security Logo
IBM Security QRadar vs Elastic Security
Compared 6% of the time
Microsoft Defender for Endpoint vs Elastic Security Logo
Microsoft Defender for Endpoint vs Elastic Security
Compared 5% of the time
CrowdStrike Falcon vs Elastic Security Logo
CrowdStrike Falcon vs Elastic Security
Compared 5% of the time
More Elastic Security Competitors
IBM Security QRadar vs Exabeam Logo
IBM Security QRadar vs Exabeam
Compared 9% of the time
Splunk User Behavior Analytics vs Exabeam Logo
Splunk User Behavior Analytics vs Exabeam
Compared 9% of the time
Palo Alto Networks Cortex XSOAR vs Exabeam Logo
Palo Alto Networks Cortex XSOAR vs Exabeam
Compared 9% of the time
Splunk Enterprise Security vs Exabeam Logo
Splunk Enterprise Security vs Exabeam
Compared 8% of the time
Securonix Next-Gen SIEM vs Exabeam Logo
Securonix Next-Gen SIEM vs Exabeam
Compared 3% of the time
More Exabeam Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
June 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
Elastic Security
June 2024
Elastic Security reportDownload Elastic Security product report
Buyer's Guide
Exabeam
June 2024
Exabeam reportDownload Exabeam product report
 

Also Known As

Azure Sentinel
Elastic SIEM, ELK Logstash
No data available
 

Learn More

Microsoft
Elastic
Exabeam
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from endpoint protection to cloud and network security, making it a versatile choice for organizations looking to enhance their cybersecurity posture.


Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.

Additional offerings and benefits:

  • The platform utilizes advanced analytics, machine learning algorithms, and anomaly detection to identify threats and suspicious activities.
  • It offers extensive integration options with other tools and platforms, facilitating a more cohesive and comprehensive security ecosystem.
  • With Kibana, users gain access to powerful visualization tools and dashboards that provide real-time insight into security data.

Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.

Exabeam Fusion is a cloud-delivered solution that that enables you to:

-Leverage turnkey threat detection, investigation, and response
-Collect, search and enhance data from anywhere
-Detect threats missed by other tools, using market-leading behavior analytics
-Achieve successful SecOps outcomes with prescriptive, threat-centric use case packages
-Enhance productivity and reduce response times with automation
-Meet regulatory compliance and audit requirements with ease

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Hulu, ADP, Safeway, BBCN Bank
Buyer's Guide
Elastic Security vs. Exabeam
May 2024
Free Report: Elastic Security vs. Exabeam
Find out what your peers are saying about Elastic Security vs. Exabeam and other solutions. Updated: May 2024.
DOWNLOAD NOW
790,637 professionals have used our research since 2012.
See our Elastic Security vs. Exabeam report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.