We performed a comparison between Securonix Next-Gen SIEM and Microsoft Sentinel based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Securonix Next-Gen SIEM offers multiple advanced features, such as Spotter for in-depth search and analysis and extensive customization options. Microsoft Sentinel effectively identifies threats and integrates seamlessly with other Microsoft solutions. Users say Sentinel makes it easy to find information quickly using KQL queries and praised the solution’s centralized log storage. Securonix users highlighted the need for greater flexibility in modifying reports and templates and improved analytics and visualization. Microsoft Sentinel could benefit from simplifying documentation, enhancing collaboration with security vendors, and improving data ingestion. Users also want more robust threat intelligence and UEBA features.
Service and Support: Securonix has been praised for its effective support and timely problem resolution. Some users praised Microsoft’s quick response times and expertise, while others experienced challenges and support delays.
Ease of Deployment: Some users found the Securonix Next-Gen SIEM setup to be straightforward, but others found it complex. Some users said that deploying Microsoft Sentinel is straightforward, while others consider it to be moderately complex.
Pricing: Securonix Next-Gen SIEM is competitively priced and more affordable than many SIEM solutions. Microsoft Sentinel charges customers based on data usage, and it can be expensive for users who need to ingest data from non-cloud sources.
ROI: Users say Securonix Next-Gen SIEM offers a significant return on investment by streamlining infrastructure management and enhancing overall efficiency. Some Sentinel users have seen cost savings, while others have not experienced any financial benefits.
Comparison Results: Our users prefer Securonix Next-Gen SIEM over Microsoft Sentinel. Users appreciate Securonix's smooth onboarding process, flexibility in features and patches, and ability to manage infrastructure. It stands out for its efficient threat detection, low false positive rate, and integration. Users say that Microsoft Sentinels should improve its data ingestion and simplify documentation.
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"Free ingestion for Azure logs (with E5 licence)"
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions."
"When we were looking for products for our security monitoring needs, our biggest requirement was that we wanted something based on machine-learning and analytics. If you go with rules, it can raise a lot of noise. Securonix, with its UEBA capability, had the best analytics use-cases."
"The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud."
"The most valuable feature is being able to look at users' behavioral profiles to see what they typically access. One of the key events that we monitor is people's downloading of objects... It's very easy to see people's patterns, what they typically do."
"Its console is very easy to use and configure. It is very intuitive for our use cases. App integrations are also pretty nice."
"One of the most valuable features is the integration of all types of data sources to extract relevant information regarding events. It is a good solution when it comes to the correlations that it makes within all the data handled in our company."
"The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to use, using Microsoft Excel and a couple of other methods, to bring data together."
"SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"We'd like also a better ticketing system, which is older."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The reporting could be more structured."
"The on-prem log sources still require a lot of development."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Securonix could open up information regarding the indicators of compromise or cyber-threat intelligence database that they use. The idea is that they share what threats they are detecting."
"There is room for improvement in the product's integration with ServiceNow and in the reporting features."
"One aspect that could be improved is the pricing of the product in Brazil."
"Sometimes, there is instability in the data in terms of the customization of the time. I have sometimes observed discrepancies in the data, which is something they should work on. They should bring more stability to time customization. If we are seeing a particular data, when we change the time zone, there should be the same data. There should not be any discrepancy."
"Regarding the analysis of security events on the SOC side, Securonix Next-Gen SIEM needs to improve its automation capabilities."
"When they did upgrades or applied patches, sometimes, there was downtime, which required the backfill of data. There were times when we had to reach out and get a lot of things validated."
"We have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that."
"Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source."
Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews while Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews. Microsoft Sentinel is rated 8.2, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Elastic Security, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Exabeam Fusion SIEM and USM Anywhere. See our Microsoft Sentinel vs. Securonix Next-Gen SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.