We performed a comparison between Microsoft Defender for Identity and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Microsoft Defender for Identity integrates with other Defender components, Mircosoft security solutions, and Microsoft 365 while providing monitoring of identity security. It has customizable detection rules. Securonix Next-Gen SIEM offers diverse features, including a robust incident search and analysis tool (Spotter), analytics-driven threat detection, a user-friendly interface, and exceptional customer service. There are areas of improvement for both solutions. For example, Microsoft Defender for Identity could enhance remediation capabilities, the user interface, and threat intelligence. Securonix Next-Gen SIEM would benefit from improvements in graphical reporting, analytics automation, threat hunting, and visualization of log sources.
Service and Support: Support for Microsoft is mixed, with some noting Microsoft's responsive and helpful technical support, while others found it to be lacking in technical ability. Securonix Next-Gen SIEM has been praised for its support effectiveness and promptness, with occasional slower response times.
Ease of Deployment: The setup of Microsoft Defender for Identity is simple and low-maintenance. Reviewers had mixed opinions about the Securonix setup, with some finding it easy and others noting some complexity. Securonix offers flexibility in terms of features and updates, while Microsoft handles maintenance of the backend infrastructure.
Pricing: Microsoft Defender for Identity is part of the Enterprise Mobility and Security Suite; there are no extra costs for setup beyond the standard licensing fee. Securonix Next-Gen SIEM has competitive pricing and has standard licensing fees alongside an initial installation service charge.
ROI: Microsoft and Securonix both deliver ROI. Microsoft Defender for Identity prevents incidents, saves management time, and offers cost-effective subscription options. Securonix Next-Gen SIEM reduces infrastructure management, optimizes resource utilization, and provides time-saving contextual information.
Comparison Results: Microsoft is favored when compared to Securonix. It provides thorough protection for identities, seamless integration with other Microsoft security solutions, customizable rules, and user-friendly dashboards. Users value its ability to detect and analyze advanced attacks based on user behavior. It's also seen as a cost-effective option compared to other SIEM solutions.
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"Defender for Identity has not affected the end-user experience."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"This solution has advanced a lot over the last few years."
"The feature I like the most about Defender for Identity is the entity tags. They give you the ability to identify sensitive accounts, devices, and groups. You also have honeytoken entities, which are devices that are identified as "bait" for fraudulent actors."
"The UEBA functionality indicates a lot about behaviors that are not found through a traditional SIEM. We have exploited that more than anything since we started using it."
"The feature that is most valuable is the fact that it's an open platform, so it allows us to modify policies and tune policies as needed. There's also a feature called Data Insights which allows us to create different dashboards on specific things of interest for us."
"The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud."
"The solution is stable and scalable."
"I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours."
"The user interface is easy to learn and navigate."
"The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
"What I like most is that the threat models and risk scoring are very accurate and very helpful to the analysts on my team. They help highlight the most important things for them to look at."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"We observe a lot of false positives. Sometimes, when we go for a coffee break, we lock our screens. Locking the screen has a separate Windows event ID and sometimes I see it is detected as a failed login."
"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"An area for improvement is the administrative interface. It's basic compared to other administrative centers. They could make it more user-friendly and easier to navigate."
"When the data leaves the cloud, there are security issues."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
"The analytics-driven approach for finding sophisticated threats and reducing false positives is positive and good, but the platform requires a more dynamic concept. Everything is a bit static."
"Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence database that they use. The idea is that they share what threats they are detecting."
"Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source."
"Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities."
"We have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that."
"It could be improved a little bit more for admin users. There should be more administrative options related to security for admin users. For example, for forensic purposes, the admin should be able to stop a specific user from erasing some information. I would be helpful in certain situations, such as during an internal fraud."
"It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail."
"The incident response area should be improved."
More Microsoft Defender for Identity Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 1st in Identity Threat Detection and Response (ITDR) with 13 reviews while Securonix Next-Gen SIEM is ranked 4th in Identity Threat Detection and Response (ITDR) with 27 reviews. Microsoft Defender for Identity is rated 9.0, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Sentinel, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, LogRhythm SIEM and Exabeam Fusion SIEM. See our Microsoft Defender for Identity vs. Securonix Next-Gen SIEM report.
See our list of best Identity Threat Detection and Response (ITDR) vendors.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
