Azure Sentinel Review

UI-based analytics are excellent; great tools for cleaning data

What is our primary use case?

We use this solution for analyzing Microsoft cloud-based log services and for security data. The services include Microsoft 365, Azure Security Center logs and Microsoft cache logs. We are gold security partners with Azure. 

What is most valuable?

The UI-based analytics are excellent, it's something I haven't seen with any other SIEM products. Microsoft has excellent tools for cleaning data, sorting out irrelevant log data and even fixing log data.

What needs improvement?

There's not much that needs improvement but the on-prem log sources still require a lot of development. It's clear that there are limitations there. I also think that the implementation and on-prem data sources could be done in a better way. We've used some functions with Python and whole scripting on FortiSIEM, which is something that Microsoft could easily provide, but so far hasn't.

What do I think about the stability of the solution?

The product has been very reliable. I don't know that there have been any service outbreaks. We haven't had any problems. 

What do I think about the scalability of the solution?

We have 700 users and from our perspective, it has unlimited processing power, but this is quite common for cloud services. I think the scalability has to be some kind of ABM and feeding all of the log stats, which could possibly have limits, but Azure has huge computing power behind it.

How are customer service and technical support?

The support is good, the only issue is getting past the level one people who ask if you've tried rebooting. If you have Microsoft's Unified Support, the most expensive support, then you'll be very happy. It's not the best support in the industry, but it's pretty good and they also support Sentinel. 

How was the initial setup?

The initial setup was extremely straightforward. It was the easiest I have seen because it's an SaaS service. I think anybody can do it by just clicking and clicking and saying yes. Straight out of the box and that's the strength of the SaaS service because there's no installation, you just use it. 

Which other solutions did I evaluate?

We compared Azure to Splunk and to our current mainstream implementation, FortiSIEM. If you have a lot of security data, then you feel that Azure is quite expensive but it's nowhere near as costly as Splunk which is four or five times more expensive. FortiSIEM wasn't good enough and Splunk was way to expensive. 

What other advice do I have?

I would definitely recommend this solution. If you have cloud-based workloads and different cloud or cloud lookalike services that require security data, or if you are looking for SOAR functionalities, then it's a no brainer. It's the best in that market. On the other hand, if you are mainly working and operating with on-prem stuff then there's no advantage over FortiSIEM or other solutions. 

I rate this solution a nine out of 10. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
More Azure Sentinel reviews from users
...who compared it with Splunk
Learn what your peers think about Azure Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
536,114 professionals have used our research since 2012.
Add a Comment
ITCS user