We performed a comparison between Microsoft Defender for Identity and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Microsoft Defender for Identity integrates with other Defender components, Mircosoft security solutions, and Microsoft 365 while providing monitoring of identity security. It has customizable detection rules. Securonix Next-Gen SIEM offers diverse features, including a robust incident search and analysis tool (Spotter), analytics-driven threat detection, a user-friendly interface, and exceptional customer service. There are areas of improvement for both solutions. For example, Microsoft Defender for Identity could enhance remediation capabilities, the user interface, and threat intelligence. Securonix Next-Gen SIEM would benefit from improvements in graphical reporting, analytics automation, threat hunting, and visualization of log sources.
Service and Support: Support for Microsoft is mixed, with some noting Microsoft's responsive and helpful technical support, while others found it to be lacking in technical ability. Securonix Next-Gen SIEM has been praised for its support effectiveness and promptness, with occasional slower response times.
Ease of Deployment: The setup of Microsoft Defender for Identity is simple and low-maintenance. Reviewers had mixed opinions about the Securonix setup, with some finding it easy and others noting some complexity. Securonix offers flexibility in terms of features and updates, while Microsoft handles maintenance of the backend infrastructure.
Pricing: Microsoft Defender for Identity is part of the Enterprise Mobility and Security Suite; there are no extra costs for setup beyond the standard licensing fee. Securonix Next-Gen SIEM has competitive pricing and has standard licensing fees alongside an initial installation service charge.
ROI: Microsoft and Securonix both deliver ROI. Microsoft Defender for Identity prevents incidents, saves management time, and offers cost-effective subscription options. Securonix Next-Gen SIEM reduces infrastructure management, optimizes resource utilization, and provides time-saving contextual information.
Comparison Results: Microsoft is favored when compared to Securonix. It provides thorough protection for identities, seamless integration with other Microsoft security solutions, customizable rules, and user-friendly dashboards. Users value its ability to detect and analyze advanced attacks based on user behavior. It's also seen as a cost-effective option compared to other SIEM solutions.
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."
"Defender for Identity has not affected the end-user experience."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."
"The most valuable feature is what Securonix calls enrichment. Securonix is very powerful because of all the data it can process and automatically enrich. The actionable intelligence it provides is one of its benefits, due to the processing capacity it has."
"[The solution has] incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it."
"We can customize our use cases with the tools provided by Securonix. It is an excellent tool that can ingest data in different ways and is very flexible."
"The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
"SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable."
"The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it."
"The customizability of the tool is valuable. We are able to customize the use cases and create them easily without a large amount of Securonix assistance. It's very flexible. We do not have to rely on Professional Services to modify or create a new use case."
"Risk scoring was nice. We could exactly see which user had the highest risk score, and then we could pick it up and work on it."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"When the data leaves the cloud, there are security issues."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"The tracking instance needs to be configured appropriately."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform."
"The technical support of the solution is an area with shortcomings and needs improvement."
"It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process."
"The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static."
"The incident response area should be improved."
"Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence database that they use. The idea is that they share what threats they are detecting."
"It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud."
"Sometimes, there is instability in the data in terms of the customization of the time. I have sometimes observed discrepancies in the data, which is something they should work on. They should bring more stability to time customization. If we are seeing a particular data, when we change the time zone, there should be the same data. There should not be any discrepancy."
More Microsoft Defender for Identity Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 1st in Identity Threat Detection and Response (ITDR) with 13 reviews while Securonix Next-Gen SIEM is ranked 4th in Identity Threat Detection and Response (ITDR) with 27 reviews. Microsoft Defender for Identity is rated 9.0, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Defender for Endpoint, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Microsoft Sentinel, Splunk Enterprise Security, LogRhythm SIEM and Exabeam Fusion SIEM. See our Microsoft Defender for Identity vs. Securonix Next-Gen SIEM report.
See our list of best Identity Threat Detection and Response (ITDR) vendors.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.