We performed a comparison between Securonix Next-Gen SIEM and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The features that stand out are the detection engine and its integration with multiple data sources."
"When we were looking for products for our security monitoring needs, our biggest requirement was that we wanted something based on machine-learning and analytics. If you go with rules, it can raise a lot of noise. Securonix, with its UEBA capability, had the best analytics use-cases."
"The big data security analytics platform, structured and unstructured data analytics, and user and entity behavior analytics provided by the product are probably the best in the industry."
"I was looking for software as a service rather than having issues with managing hardware, upgrades, updates. I was trying to step away from that. Those were the key factors when looking at Securonix as a full-feature SIEM with next-generation capabilities available."
"The second feature is that within the SNYPR product there is a functionality called Spotter. We use that for link analysis diagrams and to run the stats command. That's extremely useful because it replaces a tedious, manual process we used to use, using Microsoft Excel and a couple of other methods, to bring data together."
"The feature that I have found most valuable is their analytics platform where they have the open security data-link, which they introduced. This is typically different from the other vendors."
"The detection of threats and reduction of false positive alarms as compared to other solutions are valuable features. It has improved threat detection response and reduced a lot of noise from false positives as compared to our previous SIEM solutions."
"SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable."
"The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"It makes everything easier by automating some tasks and growing with our needs."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The tool is simple to use."
"The most valuable feature of Sentinel is the dashboard."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"We would like to see better integration with other products."
"There is room for improvement in the product's integration with ServiceNow and in the reporting features."
"We have compliance needs. We have investigation needs. And we have situations where an analyst needs to look at threats. These three things require a different view of how they look at the threats. What would be good is to have Securonix create three different views of their Security Command Center so that, depending on the persona of the person logging in, they'd get the relevant data they need and not see everything."
"We have a lot of users who, because they're engineers and they're bringing down product data - where, at times, a top-level product could be 10,000 or 15,000 objects - it's difficult for us to determine what should be a concern and what shouldn't be a concern. We work with the Securonix folks to try to come up with better ways to identify that."
"Other than issues with the training, there have been issues with the encryption. There have also been issues with some of the reporting, minor glitches that they have fixed as they've gone along."
"The pricing. I'm not sure how they are proceeding with the identity based pricing compared with DB pricing which most of the vendors are using today."
"There is slight room for improvement in terms of the initial deployment. What I see is that Securonix is more focused on their product. They are expanding, in a big way, the number of customers. So there has to be a number of dedicated teams to jump on and speed up the deployment process."
"It seems to me that within Securonix there is no option for completely visualizing the types of sources or if there is any loss of logs. I've heard that they have an additional module to validate those types of cases, but in terms of the platform itself only, I can only see how often it sends data but not any specific detail."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"It is an ancient product."
"Log source integration with Sentinel needs to be improved."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"I rate Sentinel a six out of ten for scalability."
"There is no integration in the web-side of the tool."
"The solution does not allow outsourced authorizations."
Securonix Next-Gen SIEM is ranked 7th in Security Information and Event Management (SIEM) with 27 reviews while Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews. Securonix Next-Gen SIEM is rated 8.6, while Sentinel is rated 7.6. The top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Exabeam Fusion SIEM and USM Anywhere, whereas Sentinel is most compared with Splunk Enterprise Security, IBM Security QRadar, Google Chronicle Suite, Wazuh and LogRhythm SIEM. See our Securonix Next-Gen SIEM vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.