Elastic Security and Microsoft Sentinel are competing products in the SIEM space. Based on integration capabilities and scalability, Microsoft Sentinel seems to have the upper hand.
Features: Elastic Security handles large data volumes, has robust search capabilities, and offers customization options. Microsoft Sentinel provides seamless integration with Microsoft products, comprehensive threat detection features, and good scalability.
Room for Improvement: Elastic Security needs enhanced user training, more detailed documentation, and streamlined configurations. Microsoft Sentinel could benefit from improved alerting mechanisms, a more intuitive configuration process, and faster customer service response times.
Ease of Deployment and Customer Service: Elastic Security is noted for straightforward deployment but has complex configurations, while Microsoft Sentinel's cloud-based deployment simplifies setup but requires faster customer service response.
Pricing and ROI: Elastic Security is cost-effective upfront, especially with its open-source components. Microsoft Sentinel has a higher initial setup cost but often delivers better ROI due to comprehensive features and reduced third-party integrations.
Support is prompt and helpful.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Working with a Sentinel engineer helped us tune settings effectively.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
In terms of stability, I would rate Elastic a solid eight out of ten.
So far, we have not experienced any issues, and it has been stable from the beginning.
Sentinel's stability is great.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
We lack integration for Syslogs into Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
Elastic Security is considered cost-effective, especially at lower EPS levels.
We already had the necessary licensing for Sentinel, so we didn't need to spend extra money.
Elastic Security offers advanced features such as machine learning and integration with ChatGPT.
Elastic Security is as flexible and configurable as Microsoft Sentinel.
Custom workbooks are valuable. It is one of the crucial points in dealing with potential security threats in an automated way without requiring too much manpower.
Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.
Additional offerings and benefits:
Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
