Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs Securonix Next-Gen SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
89
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th), AI-Powered Cybersecurity Platforms (6th)
Securonix Next-Gen SIEM
Ranking in Security Information and Event Management (SIEM)
13th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
32
Ranking in other categories
Identity Threat Detection and Response (ITDR) (9th)
 

Mindshare comparison

As of January 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 8.6%, down from 10.2% compared to the previous year. The mindshare of Securonix Next-Gen SIEM is 1.3%, down from 1.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

KrishnanKartik - PeerSpot reviewer
Every rule enriched at triggering stage, easing the job of SOC analyst
It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free
Ibrahim Albalawi - PeerSpot reviewer
Less false positives, good detection and integration capabilities, and good pricing
The incident response area should be improved. It is more difficult than other products, but overall, it is good. The platform has a lot of options and functionality. So, you need to check almost everything. For new engineers or people who don’t have much experience with this kind of platform, it is a bit difficult, but for experienced engineers, it is not that difficult. When you have been doing a lot of work for about one or two hours, and you have a lot of tabs open, it slows down or gets stuck. There is a delay of 10 to 15 seconds in opening tabs or dashboards. I don't know why this happens, but for me, it is not a big issue. I just wait, and that's all.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The UI-based analytics are excellent."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Microsoft Sentinel has helped by streamlining our security. We have a nine-member network team, with three members managing security for the city, and Sentinel allows us to operate an unofficial SOC."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Risk scoring was nice. We could exactly see which user had the highest risk score, and then we could pick it up and work on it."
"The big data security analytics platform, structured and unstructured data analytics, and user and entity behavior analytics provided by the product are probably the best in the industry."
"I was looking for software as a service rather than having issues with managing hardware, upgrades, updates. I was trying to step away from that. Those were the key factors when looking at Securonix as a full-feature SIEM with next-generation capabilities available."
"The most valuable feature is that it works on user behavior and event rarities."
"The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it."
"The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us."
"When we were looking for products for our security monitoring needs, our biggest requirement was that we wanted something based on machine-learning and analytics. If you go with rules, it can raise a lot of noise. Securonix, with its UEBA capability, had the best analytics use-cases."
"The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud."
 

Cons

"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"There is room for improvement in entity behavior and the integration site."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"We are invoiced according to the amount of data generated within each log."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The troubleshooting has room for improvement."
"In terms of improvements, SIEM could have better integration with other technologies. Additionally, it might benefit from integration with other sources, such as firewalls."
"The pricing. I'm not sure how they are proceeding with the identity based pricing compared with DB pricing which most of the vendors are using today."
"SIEM could have better integration with other technologies."
"There is room for improvement in the product's integration with ServiceNow and in the reporting features."
"The incident response area should be improved."
"One aspect that could be improved is the pricing of the product in Brazil."
"It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process."
"The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static."
 

Pricing and Cost Advice

"The combination of the ease of accessibility and the free cost of the service is great. But we buy storage based on our events per second and on how many sources are integrated into the solution."
"Sentinel is a pay-as-you-go solution. To use it, you need a Log Analytics workspace. This is where the logs are stored and the cost of Log Analytics is based on gigabytes... On top of that, there is the cost of Sentinel, which is about €2 per gigabyte. If a customer has an M365 E5 license, the logs that come from Microsoft Defender are free."
"In comparison to other security solutions, Microsoft Sentinel offers a reasonable price for the features included."
"Microsoft Sentinel is pretty expensive, and they recently announced that they will increase the price of all Microsoft services running in Azure by 11 percent. Luckily, I'm not responsible for the financial side. For one of my clients, the estimated cost is 880,000 euros for one year. There are additional costs for the service agreement."
"Sentinel's price is comparable to pretty much everything out there. None of it is cheap, but we didn't think we could save money by going a different route. Sentinel was part of our Azure expenditures, so it was easier to add the expense instead of having a completely separate vendor."
"I don't know yet because they gave us a 30-day test window for free."
"The are two native advantages for customers that use M365 Security and Sentinel. The first advantage is that the log or security-event ingestion into Sentinel is free. Cost-wise, they're saving a lot and that is a major advantage."
"It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
"The pricing is fine compared to the market but I think that at some point the competitors will catch up on price."
"The pricing is good, but by adding more things, the licensing becomes more complex because an EPS license fluctuates a lot. This licensing concept is going to be problematic in the long run."
"We have an annual license. We pay $200,000 for the base licensing and we pay another $50,000 for the software as a service."
"I rate the pricing an eight on a scale of one to ten, where one is cheap, and ten is very expensive. It is a pretty expensive tool."
"Licensing is based on events per second (EPS), costing between $50 to $60 per EPS."
"Compared to other brands it seems more affordable to us."
"Its pricing is quite similar to others and is very competitive. The other solutions have different types of licensing, but when you do the math, it is competitive."
"We have a license from our 5.0, so that license just continued. We paid them the extra cloud-hosting costs for a year which were about $300,000."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
831,791 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
11%
Manufacturing Company
8%
Government
8%
Computer Software Company
21%
Financial Services Firm
11%
Manufacturing Company
7%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was pretty good. Now a lot of them are looking for a more effective solution due to ...
What is your primary use case for Securonix Security Analytics?
We use Securonix Next-Gen SIEM as a SIEM, security incident and event management solution in our organization.
What do you like most about Securonix Next-Gen SIEM?
The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features.
 

Also Known As

Azure Sentinel
Securonix Security Analytics
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Dtex Systems, Pfizer, Western Union, Harris, ITG
Find out what your peers are saying about Microsoft Sentinel vs. Securonix Next-Gen SIEM and other solutions. Updated: December 2024.
831,791 professionals have used our research since 2012.