Elastic Security and Microsoft Sentinel are competing products in the SIEM space. Based on integration capabilities and scalability, Microsoft Sentinel seems to have the upper hand.
Features: Elastic Security handles large data volumes, has robust search capabilities, and offers customization options. Microsoft Sentinel provides seamless integration with Microsoft products, comprehensive threat detection features, and good scalability.
Room for Improvement: Elastic Security needs enhanced user training, more detailed documentation, and streamlined configurations. Microsoft Sentinel could benefit from improved alerting mechanisms, a more intuitive configuration process, and faster customer service response times.
Ease of Deployment and Customer Service: Elastic Security is noted for straightforward deployment but has complex configurations, while Microsoft Sentinel's cloud-based deployment simplifies setup but requires faster customer service response.
Pricing and ROI: Elastic Security is cost-effective upfront, especially with its open-source components. Microsoft Sentinel has a higher initial setup cost but often delivers better ROI due to comprehensive features and reduced third-party integrations.
It does not require hefty security budgets and can be deployed for enterprise security effectively.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
Microsoft Azure was not fitting for short-term cost savings but promised a better ROI over three to five years for medium to large companies.
Most of the time when my team encounters issues, they receive responses within 24 hours.
Support is prompt and helpful.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
When my team needs to escalate issues to Microsoft, especially for Microsoft Sentinel, the response is fast through their French entity.
Working with a Sentinel engineer helped us tune settings effectively.
It allows us to think about specific use cases, such as gathering malicious IPs in a single view and analyzing threats based on geolocation.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
In terms of stability, I would rate Elastic a solid eight out of ten.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
So far, we have not experienced any issues, and it has been stable from the beginning.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Elastic Security is considered cost-effective, especially at lower EPS levels.
Microsoft Sentinel offers more capabilities than Bastion, with a more intuitive experience.
Setting up the right cost model for customers is intricate, requiring careful consideration of various components and licensing tiers.
We already had the necessary licensing for Sentinel, so we didn't need to spend extra money.
The platform provides more visibility and requires less effort in monitoring.
We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data.
Elastic Security offers good insight regarding alerts, reports, and cases.
The best feature of Microsoft Sentinel is its ability to unify all dashboards or functions into one modern SecOps dashboard.
Custom workbooks are valuable. It is one of the crucial points in dealing with potential security threats in an automated way without requiring too much manpower.
The most valuable features for us include threat collection, threat detection, response, and the knowledge base for investigation.
Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.
Additional offerings and benefits:
Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
