Sentinel Other Advice
We have used a Microsoft security product in addition to Sentinel, Defender for Identity. We also get all the security scores, threats, alerts, and incidents in Defender for Endpoint. I did not have to integrate the products since my organization had already started using them before I joined. Still, it's not very difficult to integrate them into the environment with the Active Directory, with some basic technical knowledge required.
Sentinel was of some help in automating the finding of high-value alerts. I set up some alerts on my tenancy, tracking if someone was trying to log into my tenancy from anywhere outside my environment, and I was alerted as soon as they tried to log in. But since there was already automation in Azure, I did not use automation in Sentinel. Azure's automation is just like another older function we had in Defender. We could create a playbook with incident triggers. For example, I had alerts set up that if any account tries to log in more than five times, to send an email to the help desk or the IT team. Once the alerts are triggered, I could create custom actions based on them, similar to any other alerting system. However, I did not specifically use that since we already had an Azure alerting system.
Though I never explored the XDR dashboard, I connected it. Going back to log analytics and Sentinel, they both provide you with workbooks, but I'm not very happy with them. I have connected Log Analytics to the latest Power BI in my environment and run multiple queries from there. Based on that, we get everything in Power BI. We don't use the XDR dashboard for reporting because reporting in Azure or Sentinel is very basic. You can't customize much, and I don't like the uses related to workbooks.
Sentinel enabled us to ingest data from our entire ecosystem because we had connected Azure Log Analytics with Sentinel, and our Log Analytics workspace was getting data from all the servers, not only computers. But collecting data also involves a cost, where the more data you get, the more you pay. We had to maintain a balance there.
Sentinel helped us track threats, but not as an all-in-one solution. Defender is better in that regard because it can access all the environments and respond holistically from one place.
Given Sentinel's built-in SOAR, UEBA, and threat intelligence capabilities, Sentinel gives us value for money. It gives us a wide range of threat protection and connects to various data connectors as well.
Comparing Sentinel's cost and ease of use against stand-alone SIEM and SOAR solutions, Sentinel is cheaper because it's on the cloud, with data from Azure Log Analytics being the only thing we were paying for. The cloud version was cost-effective as compared to on-premise solutions.
Sentinel requires no maintenance as long as Microsoft doesn't change anything. They keep turning off legacy features, so you never know. They could send a message on Sentinel tomorrow, such as, "This feature is going to be turned off by March 2024." We had to move to something else.
Sentinel is nice to have. It's a good choice if you don't have any other solution. I recommend this solution because it alerts you to all the threats and problems in the network. It didn't save us money because enabling it is an additional cost because you're getting and storing more logs in the cloud. It's an additional feature.
I rate Sentinel a nine out of ten.
It's difficult to say whether to go for a best-of-breed or a best-of-suite strategy because everyone has a different approach. Some might want more than one vendor to make sure their environment is safe. At one point, you could go with about ten, but you don't know how many more you are going with. If I had to choose, I would stick to one.
View full review »JR
reviewer1311291
Service Provider at a comms service provider with 10,001+ employees
Overall, I would rate Sentinel as a nine out of ten.
View full review »GC
GuirinoCiliberti
Principal Solution Architect at a comms service provider with 51-200 employees
Our business needs integration. We have created some tools using Elasticsearch to improve the usability of Sentinel. The product must be modernized. Overall, I rate the tool an eight out of ten.
View full review »Buyer's Guide
Sentinel
March 2024
Learn what your peers think about Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
767,847 professionals have used our research since 2012.
MS
Mithila Somaweera
Information Technology Security Manager at futurex IT Limited
Sentinel will be much cheaper for users who have Microsoft-based products. It's very convenient to adapt Sentinel to their technologies quickly.
Overall, I rate Sentinel a seven out of ten.
DD
Dennis Dirks
Compliancy, Security & Identity consultant at TMD informatisering BV
I rate NetIQ a nine out of ten.
My advice to someone looking into implementing NetIQ is to just try it and see it for yourself. It's pretty easy to set up a test environment because of the virtual machine that you can deploy. Also, you have a six-day trial license with that, so there's absolutely no reason not to just set it up and start playing around with it and see how well it performs and what it's able to tell you about what's happening on your network.
View full review »MS
Marshalleno Skosan
Senior Specialist: Solution Architecture at a tech services company with 501-1,000 employees
I rate the solution an eight out of ten based on current deployments.
My rating will change to a nine when my company deploys its own enterprise-ready versions because they will harness the solution's full capabilities.
View full review »SK
reviewer2285439
Executive Cybersecurity at a computer software company with 11-50 employees
Overall, I rate Sentinel an eight out of ten.
View full review »MU
reviewer2263155
Lead Security Engineer at a tech services company with 201-500 employees
Sentinel is a cloud-based solution.
I would recommend users to use Sentinel. If users are paying for the service, they should make sure to use each and everything they know about it. Users should not pay for things that they are not using. Sentinel has a lot of potential that people don't know.
Overall, I rate Sentinel eight and a half out of ten.
HK
reviewer1327167
Global Cyber Security Manager at a financial services firm with 5,001-10,000 employees
Whether I would recommend this solution to anyone would depend on their environment. Maybe if they have a hybrid cloud environment then they would not have faced the challenges that we did. As it was on-premises and completely owned by us, we had a lot of trouble with managing the tool. Once it is running, it runs well, but when it comes to adding new devices to it, we always faced issues.
I would rate this solution a six out of ten.
View full review »FV
Fabio Vello
CEO at ITCORE
I would rate NetIQ a ten out of ten.
View full review »Be careful with requirements, production resources are really needed. Be clear with objectives, and test it before use. Understanding SIEM concepts is basically the goal.
View full review »
Be aware that without any technical support from NetIQ it could be very hard to administer.
View full review »
AL
Syspecid67
System specialist IDM/SIEM at SV Informatik GmbH
The amount of time spent implementing this solution, tweaking it to suit our needs, and then maintaining it, ended up being the same as building one from scratch, using something like ELK.
View full review »
Prepare a plan for short, medium and large implementation. Start with the simple, like so: FW, routers, etc., then move to more complex ones like applications in house.
View full review »
Buyer's Guide
Sentinel
March 2024
Learn what your peers think about Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
767,847 professionals have used our research since 2012.