We performed a comparison between Microsoft Defender for Identity and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Microsoft Defender for Identity integrates with other Defender components, Mircosoft security solutions, and Microsoft 365 while providing monitoring of identity security. It has customizable detection rules. Securonix Next-Gen SIEM offers diverse features, including a robust incident search and analysis tool (Spotter), analytics-driven threat detection, a user-friendly interface, and exceptional customer service. There are areas of improvement for both solutions. For example, Microsoft Defender for Identity could enhance remediation capabilities, the user interface, and threat intelligence. Securonix Next-Gen SIEM would benefit from improvements in graphical reporting, analytics automation, threat hunting, and visualization of log sources.
Service and Support: Support for Microsoft is mixed, with some noting Microsoft's responsive and helpful technical support, while others found it to be lacking in technical ability. Securonix Next-Gen SIEM has been praised for its support effectiveness and promptness, with occasional slower response times.
Ease of Deployment: The setup of Microsoft Defender for Identity is simple and low-maintenance. Reviewers had mixed opinions about the Securonix setup, with some finding it easy and others noting some complexity. Securonix offers flexibility in terms of features and updates, while Microsoft handles maintenance of the backend infrastructure.
Pricing: Microsoft Defender for Identity is part of the Enterprise Mobility and Security Suite; there are no extra costs for setup beyond the standard licensing fee. Securonix Next-Gen SIEM has competitive pricing and has standard licensing fees alongside an initial installation service charge.
ROI: Microsoft and Securonix both deliver ROI. Microsoft Defender for Identity prevents incidents, saves management time, and offers cost-effective subscription options. Securonix Next-Gen SIEM reduces infrastructure management, optimizes resource utilization, and provides time-saving contextual information.
Comparison Results: Microsoft is favored when compared to Securonix. It provides thorough protection for identities, seamless integration with other Microsoft security solutions, customizable rules, and user-friendly dashboards. Users value its ability to detect and analyze advanced attacks based on user behavior. It's also seen as a cost-effective option compared to other SIEM solutions.
"This solution has advanced a lot over the last few years."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"All the integration it has with different Microsoft packages, like Teams and Office, is good."
"The feature I like most is that you can create your own customized detection rules. It has a lot of default alerts and rules, but you can customize them according to your business needs."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"Defender for Identity has not affected the end-user experience."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"The solution has proven to be stable so far...The solution is easy to scale up."
"SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable."
"I was looking for software as a service rather than having issues with managing hardware, upgrades, updates. I was trying to step away from that. Those were the key factors when looking at Securonix as a full-feature SIEM with next-generation capabilities available."
"Its console is very easy to use and configure. It is very intuitive for our use cases. App integrations are also pretty nice."
"The two major features of this product we extensively use are the UEBA capability and the multi-tenant approach with the centralized data logs system. Customers are very happy with these features."
"The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions."
"What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at."
"The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects... It's very easy to see people's patterns, what they typically do."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
"Microsoft should look at what competing vendors like CrowdStrike and Broadcom are doing and incorporate those features into Sentinel and Defender. At the same time, I think the intelligence inside the product is improving fast. They should incorporate more zero-trust and hybrid trust approaches. They need to build up threat intelligence based on threats and methods used in attacks on other companies."
"The tracking instance needs to be configured appropriately."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"When the data leaves the cloud, there are security issues."
"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."
"We would like a little more face-to-face training. Securonix has several tutorials on its website, but we want there to be a person in Colombia who does training or workshops to give us a better understanding of the platform."
"We have compliance needs. We have investigation needs. And we have situations where an analyst needs to look at threats. These three things require a different view of how they look at the threats. What would be good is to have Securonix create three different views of their Security Command Center so that, depending on the persona of the person logging in, they'd get the relevant data they need and not see everything."
"A helpful feature would be an event export. A way to create more substantial summary reports would be nice."
"We thought they were going to be a great product, however, they're actually not great at all as an MSP."
"The technical support of the solution is an area with shortcomings and needs improvement."
"The pricing. I'm not sure how they are proceeding with the identity based pricing compared with DB pricing which most of the vendors are using today."
"Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence database that they use. The idea is that they share what threats they are detecting."
"We have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that."
More Microsoft Defender for Identity Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 1st in Identity Threat Detection and Response (ITDR) with 13 reviews while Securonix Next-Gen SIEM is ranked 4th in Identity Threat Detection and Response (ITDR) with 27 reviews. Microsoft Defender for Identity is rated 9.0, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Defender for Endpoint, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, LogRhythm SIEM and Exabeam Fusion SIEM. See our Microsoft Defender for Identity vs. Securonix Next-Gen SIEM report.
See our list of best Identity Threat Detection and Response (ITDR) vendors.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.