We performed a comparison between Microsoft Defender for Identity and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Microsoft Defender for Identity integrates with other Defender components, Mircosoft security solutions, and Microsoft 365 while providing monitoring of identity security. It has customizable detection rules. Securonix Next-Gen SIEM offers diverse features, including a robust incident search and analysis tool (Spotter), analytics-driven threat detection, a user-friendly interface, and exceptional customer service. There are areas of improvement for both solutions. For example, Microsoft Defender for Identity could enhance remediation capabilities, the user interface, and threat intelligence. Securonix Next-Gen SIEM would benefit from improvements in graphical reporting, analytics automation, threat hunting, and visualization of log sources.
Service and Support: Support for Microsoft is mixed, with some noting Microsoft's responsive and helpful technical support, while others found it to be lacking in technical ability. Securonix Next-Gen SIEM has been praised for its support effectiveness and promptness, with occasional slower response times.
Ease of Deployment: The setup of Microsoft Defender for Identity is simple and low-maintenance. Reviewers had mixed opinions about the Securonix setup, with some finding it easy and others noting some complexity. Securonix offers flexibility in terms of features and updates, while Microsoft handles maintenance of the backend infrastructure.
Pricing: Microsoft Defender for Identity is part of the Enterprise Mobility and Security Suite; there are no extra costs for setup beyond the standard licensing fee. Securonix Next-Gen SIEM has competitive pricing and has standard licensing fees alongside an initial installation service charge.
ROI: Microsoft and Securonix both deliver ROI. Microsoft Defender for Identity prevents incidents, saves management time, and offers cost-effective subscription options. Securonix Next-Gen SIEM reduces infrastructure management, optimizes resource utilization, and provides time-saving contextual information.
Comparison Results: Microsoft is favored when compared to Securonix. It provides thorough protection for identities, seamless integration with other Microsoft security solutions, customizable rules, and user-friendly dashboards. Users value its ability to detect and analyze advanced attacks based on user behavior. It's also seen as a cost-effective option compared to other SIEM solutions.
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"This solution has advanced a lot over the last few years."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."
"Defender for Identity has not affected the end-user experience."
"The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."
"The solution offers excellent visibility into threats."
"The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
"We can customize our use cases with the tools provided by Securonix. It is an excellent tool that can ingest data in different ways and is very flexible."
"Risk scoring was nice. We could exactly see which user had the highest risk score, and then we could pick it up and work on it."
"SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable."
"[The solution has] incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it."
"The most valuable feature is what Securonix calls enrichment. Securonix is very powerful because of all the data it can process and automatically enrich. The actionable intelligence it provides is one of its benefits, due to the processing capacity it has."
"The user interface is easy to learn and navigate."
"The solution has proven to be stable so far...The solution is easy to scale up."
"When the data leaves the cloud, there are security issues."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"The tracking instance needs to be configured appropriately."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"There is slight room for improvement in terms of the initial deployment. What I see is that Securonix is more focused on their product. They are expanding, in a big way, the number of customers. So there has to be a number of dedicated teams to jump on and speed up the deployment process."
"It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process."
"We have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that."
"Sometimes, there is instability in the data in terms of the customization of the time. I have sometimes observed discrepancies in the data, which is something they should work on. They should bring more stability to time customization. If we are seeing a particular data, when we change the time zone, there should be the same data. There should not be any discrepancy."
"A helpful feature would be an event export. A way to create more substantial summary reports would be nice."
"Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along."
"The pricing. I'm not sure how they are proceeding with the identity based pricing compared with DB pricing which most of the vendors are using today."
"We have compliance needs. We have investigation needs. And we have situations where an analyst needs to look at threats. These three things require a different view of how they look at the threats. What would be good is to have Securonix create three different views of their Security Command Center so that, depending on the persona of the person logging in, they'd get the relevant data they need and not see everything."
More Microsoft Defender for Identity Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 1st in Identity Threat Detection and Response (ITDR) with 13 reviews while Securonix Next-Gen SIEM is ranked 4th in Identity Threat Detection and Response (ITDR) with 27 reviews. Microsoft Defender for Identity is rated 9.0, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Defender for Endpoint, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Microsoft Sentinel, Splunk Enterprise Security, LogRhythm SIEM and Exabeam Fusion SIEM. See our Microsoft Defender for Identity vs. Securonix Next-Gen SIEM report.
See our list of best Identity Threat Detection and Response (ITDR) vendors.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.