Item: Microsoft Sentinel
Rating: 10
Author: Edward Broderick

Use Cases and Deployment Scope

So like other sims, we're collecting information about behaviors, both human and machine. And we use that information to detect anomalous activity.

Pros and Cons

It does normalize data very well and allow us to do very quick searching of it in order to do threat hunting and follow-ups on detections with investigations.

I think it could be a little easier to use for SOC employees to navigate quicker to information that's necessary in order to expedite an investigation go faster.

Return on Investment

It certainly has met our compliance needs, but it's been much more than that. It's actually achieving everything we're looking for from our security goals for logging and monitoring and investigations.

Kind of repeating what I said, tenable data, Cisco data, sneak data, data from applications we've grown ourselves, certainly all the Microsoft Defender products, defender for cloud, defender for endpoint.

We cross-compare the information with data from things like Microsoft Purview, our identity management information that comes from our E five licensing and Microsoft Identity Management goes in there as well. You name it.

AI and ML

So we're looking forward to that. I need to know more about it and I am pushing Microsoft Card to give it to us.

Alternatives Considered

I use most of the Sims that are out there, but RSAs, old Sim Log, logic, elastic, a lot of them. Sumo, we checked out Sumo too. We're a Microsoft shop and live almost entirely on top of a Microsoft ecosystem. We are considering other Microsoft security products to integrate with it. So it made a lot of sense to really drive as hard as we could Microsoft Sim at least for a few years to make sure it would fit us.

Key Insights

Do you think Microsoft Sentinel delivers good value for the price?

Yes

Are you happy with Microsoft Sentinel's feature set?

Yes

Did Microsoft Sentinel live up to sales and marketing promises?

Yes

Did implementation of Microsoft Sentinel go as expected?

Yes

Would you buy Microsoft Sentinel again?

Yes

Likelihood to Recommend

Well, it's definitely suited to log in monitor most of the normal security infrastructure and collect security telemetry. It also extends well to Microsoft's entire suite with regards to data collection for things like Office 365, Power BI, power apps, and the like. It is also pretty good at collecting information from homegrown applications, especially if you're building in Azure.

Microsoft Sentinel Review

Overall Satisfaction with Microsoft Sentinel