Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs Securonix Next-Gen SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.2
Microsoft Sentinel ROI is mixed; challenges exist, but benefits include automation savings, enhanced security, and reduced staffing needs.
Sentiment score
5.2
Users saw enhanced security and efficiency with Securonix Next-Gen SIEM, experiencing quick implementation and notable returns on investment.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
Microsoft Azure was not fitting for short-term cost savings but promised a better ROI over three to five years for medium to large companies.
The solution is time-saving, particularly in the long run after it is deployed, enabling us to get value promptly.
 

Customer Service

Sentiment score
6.7
Microsoft Sentinel's support is praised for quick response, with premium tiers offering expert help and strong community resources.
Sentiment score
7.3
Securonix Next-Gen SIEM offers responsive, knowledgeable support, though occasional delays and escalations may occur in urgent situations.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
When my team needs to escalate issues to Microsoft, especially for Microsoft Sentinel, the response is fast through their French entity.
Working with a Sentinel engineer helped us tune settings effectively.
There is no UK-based support, which leads to delays in waiting for US support.
If I raise a ticket, it initially goes to the L1 team, but the next level of escalation is really effective.
 

Scalability Issues

Sentiment score
8.0
Microsoft Sentinel's cloud scalability enables effortless resource management and meets large-scale needs, making it ideal for extensive monitoring.
Sentiment score
7.9
Securonix Next-Gen SIEM offers scalable cloud-based architecture, seamless data integration, and efficient management for large organizations with multiple log sources.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
The solution is scalable as it is cloud-based and cloud-native.
 

Stability Issues

Sentiment score
7.8
Microsoft Sentinel is stable and reliable with 99.9%+ uptime; issues typically arise from external factors or misconfigurations.
Sentiment score
8.0
Securonix Next-Gen SIEM is stable and reliable, with high ratings despite minor integration issues and occasional slowness.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
So far, we have not experienced any issues, and it has been stable from the beginning.
 

Room For Improvement

Users recommend improvements to multi-tenancy, log ingestion, interface intuitiveness, and integration, with concerns over pricing and AI enhancement.
Securonix Next-Gen SIEM struggles with complexity, limited customization, and integration issues, impacting usability and customer satisfaction.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
The passing and setup are quite complex at the beginning, making onboarding not smooth.
SIEM could have better integration with other technologies.
When dealing with a large amount of data, such as when firewall logs increase, queries sometimes crash or get stuck.
 

Setup Cost

Microsoft Sentinel offers scalable, cost-effective pricing with discounts, especially beneficial for E5 users and high-volume data ingestion.
Securonix Next-Gen SIEM offers competitive and predictable pricing based on user numbers, ideal for large enterprises.
Microsoft Sentinel offers more capabilities than Bastion, with a more intuitive experience.
Setting up the right cost model for customers is intricate, requiring careful consideration of various components and licensing tiers.
We already had the necessary licensing for Sentinel, so we didn't need to spend extra money.
Licensing is based on events per second (EPS), costing between $50 to $60 per EPS.
The pricing has similar ingestion charges compared to other solutions, such as Splunk.
 

Valuable Features

Microsoft Sentinel offers seamless integration, AI-driven threat detection, automated responses, and scalability for efficient, comprehensive security management.
Securonix Next-Gen SIEM provides advanced threat detection and management with machine learning, automation, and user behavior analytics.
The ability of Microsoft Sentinel to correlate data from multiple sources enhances threat detection capabilities.
Custom workbooks are valuable. It is one of the crucial points in dealing with potential security threats in an automated way without requiring too much manpower.
The most valuable features for us include threat collection, threat detection, response, and the knowledge base for investigation.
The software includes user behavior interactions, dashboards, and training capabilities.
Now, the process is automatic, reducing our workload.
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
91
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)
Securonix Next-Gen SIEM
Ranking in Security Information and Event Management (SIEM)
14th
Average Rating
8.6
Reviews Sentiment
6.9
Number of Reviews
33
Ranking in other categories
Identity Threat Detection and Response (ITDR) (8th)
 

Mindshare comparison

As of April 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 7.4%, down from 9.2% compared to the previous year. The mindshare of Securonix Next-Gen SIEM is 1.0%, down from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

KrishnanKartik - PeerSpot reviewer
Every rule enriched at triggering stage, easing the job of SOC analyst
It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free
Ibrahim Albalawi - PeerSpot reviewer
Less false positives, good detection and integration capabilities, and good pricing
The incident response area should be improved. It is more difficult than other products, but overall, it is good. The platform has a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult. When you have been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a delay of 10 to 15 seconds in opening tabs or dashboards. I don't know why this happens, but for me, it is not a big issue. I just wait, and that's all.
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
848,270 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
11%
Manufacturing Company
8%
Government
8%
Computer Software Company
20%
Financial Services Firm
12%
Government
7%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
What is your primary use case for Securonix Security Analytics?
I use this solution for security monitoring and user behavior analytics. Banks, governments, and the oil and gas sector utilize it.
What do you like most about Securonix Next-Gen SIEM?
The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features.
 

Also Known As

Azure Sentinel
Securonix Security Analytics
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Dtex Systems, Pfizer, Western Union, Harris, ITG
Find out what your peers are saying about Microsoft Sentinel vs. Securonix Next-Gen SIEM and other solutions. Updated: April 2025.
848,270 professionals have used our research since 2012.