Microsoft Sentinel vs ServiceNow Security Operations comparison

Microsoft Sentinel

Read 86 Microsoft Sentinel reviews

17,297 Views
9,628 Comparison Views

92% willing to recommend

ServiceNow Security Operations

Read 16 ServiceNow Security Operations reviews

3,287 Views
1,703 Comparison Views

93% willing to recommend

Microsoft Sentinel

ServiceNow Security Operations

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Microsoft Sentinel and ServiceNow Security Operations based on real PeerSpot user reviews.

Find out in this report how the two Security Orchestration Automation and Response (SOAR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed Microsoft Sentinel vs. ServiceNow Security Operations Report (Updated: May 2024).

Buyer's Guide

Microsoft Sentinel vs. ServiceNow Security Operations

May 2024

Download the complete report

Helped 787,779 peers since 2012

Categories and Ranking

Microsoft Sentinel

Ranking in Security Orchestration Automation and Response (SOAR)

1st

Average Rating

8.2

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (2nd), Microsoft Security Suite (5th)

ServiceNow Security Operations

Ranking in Security Orchestration Automation and Response (SOAR)

7th

Average Rating

7.8

Number of Reviews

Ranking in other categories

Security Incident Response (2nd), Risk-Based Vulnerability Management (6th)

Mindshare comparison

As of June 2024, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Microsoft Sentinel is 20.2%, up from 17.6% compared to the previous year. The mindshare of ServiceNow Security Operations is 5.2%, down from 5.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR)

Unique Categories:

Security Information and Event Management (SIEM)

13.7%

Microsoft Security Suite

5.3%

Security Incident Response

25.0%

Risk-Based Vulnerability Management

1.7%

Featured Reviews

reviewer2277912

Integrator, Microsoft Security Advisor at Hitachi Data Systems

Sep 15, 2023

Easy to integrate, offers good documentation, and the setup is simple

All of the features are great. In fact, when they add new features they are always valuable and interesting. There are so many features on offer. I really appreciate that it is very well documented. I also use Defender 365, including Defender for Endpoint. It's easy to integrate with Sentinel. In two clicks we can integrate them together. I have experience with Defender for Cloud. I'm actually getting into the Center for Cloud right now, so I'm just Learning about it. Sentinel enables us to ingest data from our entire ecosystem. It's important to have data visibility for our security operations. Sentinel enables us to investigate the threats and respond from one place. That is very important for operations. We need to be able to easily look and have visibility over what's happening. Sentinel enabled us to automate routine tasks. It helps us automate the handling of trivial tasks related to alerts. With the solution, we no longer have to look at multiple dashboards. I wouldn't say it has completely eliminated looking at different dashboards. As it stands right now, there are two dashboards that we will have to look at. One is Sentinel, and the other one is a ticketing system. Compared to what's being used, it's saved us some time overall. The ease of use and the clear documentation are helpful in that regard. Someone who doesn't know how to use it can easily go in and find out.

Read full review

reviewer1013835

Director Delivery and ServiceNow Practice Lead at a computer software company with 51-200 employees

Jun 1, 2022

Streamlines processes, collects data, and allows you to manage the solution through dashboards

I would rate setup 4 out of 5. It could be simpler. Our implementation plan just depends. We use an agile process and we do iterative development and let people try and see how it works in the organization and then tweak it. That was the approach, on a spectrum of incremental improvement or continuous improvement. The amount of staff needed for deployment and maintenance depends on the scale of what you're rolling out. You could implement it with three people, or you could implement it with a team of five or six. It depends on how you want to support it.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."

"The connectivity and analytics are great."

"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."

"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."

"It has basic out-of-the-box integrations with multiple log sources."

"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."

"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"

"Log aggregation and data connectors are the most valuable features."

More Microsoft Sentinel pros

"The solution is stable."

"It's stable."

"The solution is available over the cloud and is easy to manage."

"Reduces time to closure and closure metrics for vulnerabilities."

"The product has a very simple UI."

"What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution. ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes."

"My favorite feature is the application vulnerability scanner."

"It has helped optimize security costs by consolidating multiple tools into one platform."

More ServiceNow Security Operations pros

Cons

"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."

"I would like Microsoft Sentinel to enhance its SOAR capabilities."

"The playbook is a bit difficult and could be improved."

"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."

"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."

"The product can be improved by reducing the cost to use AI machine learning."

"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."

"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."

More Microsoft Sentinel cons

"There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."

"They should stick to the roadmap and continue to build plugins and integrations with other third parties, enhance the UI, and enhance the reporting. It's all good. They should just continue enhancing the releases."

"The product is called SecOps, but it is not security operations in terms of SIEM solutions."

"The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better."

"Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved."

"The initial setup is difficult."

"It is challenging for the customers to understand the processes for SecOps. It needs to be simplified."

"It's very slow. When you click a button or update a field, it takes forever to actually react."

More ServiceNow Security Operations cons

Pricing and Cost Advice

"It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."

"It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."

"Microsoft is costlier. Some organizations may not be able to afford the cost of Sentinel orchestration and the Log Analytics workspace. The transaction hosting cost is also a little bit on the high side, compared to AWS and GCP."

"The pricing is fair... With a traditional SIEM, you pay a lump sum for licenses. But with Sentinel, it's pay-as-you-go according to the amount of data you inject."

"Sentinel's price is comparable to pretty much everything out there. None of it is cheap, but we didn't think we could save money by going a different route. Sentinel was part of our Azure expenditures, so it was easier to add the expense instead of having a completely separate vendor."

"I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."

"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."

"For us, it is not expensive at this time, but if we start to collect all logs from our on-premise SIEM solutions, it will cost more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than what we paid for QRadar."

More Microsoft Sentinel pricing and cost advice

"Compared to competitor tools, ServiceNow Security Operations is more affordable"

"If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."

"It is an expensive product."

"The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."

"This product is a good value for the money."

See which vendors are best for you

Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.

See recommendations

787,779 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

10%

Government

Manufacturing Company

Financial Services Firm

20%

Computer Software Company

12%

Government

10%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

See all answers

What do you like most about ServiceNow Security Operations?

The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product.

See all answers

What is your experience regarding pricing and costs for ServiceNow Security Operations?

I'm not aware of the pricing. I don't handle licensing.

See all answers

What needs improvement with ServiceNow Security Operations?

There is room for improvement in terms of developer support and documentation. While they offer some assistance, a more detailed and accurate set of guidelines would be beneficial for implementing ...

See all answers

Comparisons

AWS Security Hub vs Microsoft Sentinel

Compared 17% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 12% of the time

Wazuh vs Microsoft Sentinel

Compared 6% of the time

Splunk Enterprise Security vs Microsoft Sentinel

Compared 5% of the time

More Microsoft Sentinel Competitors

Palo Alto Networks Cortex XSOAR vs ServiceNow Security Operations

Compared 25% of the time

Splunk SOAR vs ServiceNow Security Operations

Compared 21% of the time

IBM Resilient vs ServiceNow Security Operations

Compared 7% of the time

Swimlane vs ServiceNow Security Operations

Compared 6% of the time

Fortinet FortiSOAR vs ServiceNow Security Operations

Compared 5% of the time

More ServiceNow Security Operations Competitors

Product Reports

Buyer's Guide

Microsoft Sentinel

June 2024

Download Microsoft Sentinel product report

Buyer's Guide

ServiceNow Security Operations

May 2024

Download ServiceNow Security Operations product report

Also Known As

Azure Sentinel

No data available

Learn More

Microsoft

Video not available

ServiceNow

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

ServiceNow Security Operations is a cutting-edge security solution designed to elevate organizations' security incident response (SIR) processes through automation and orchestration. Going beyond traditional SOAR, this comprehensive Security Operations Suite integrates seamlessly with other ServiceNow products and offers a wide array of features. Its components include Security Incident Response (SIR), which automates incident workflows and offers pre-built playbooks; Security Configuration Compliance (SCC), continuously scanning and automating compliance tasks; Vulnerability Response (VR), prioritizing and remediating vulnerabilities; Threat Intelligence (TI), aggregating threat data for proactive threat hunting; and additional features like IT Service Management integration, Machine Learning and AI, reporting, and a mobile app. The benefits span improved incident response speed, reduced mean time to resolution, increased security posture, enhanced compliance, collaborative synergy between security and IT teams, and operational cost reductions.

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services

Buyer's Guide

Microsoft Sentinel vs. ServiceNow Security Operations

May 2024

Free Report: Microsoft Sentinel vs. ServiceNow Security Operations

Find out what your peers are saying about Microsoft Sentinel vs. ServiceNow Security Operations and other solutions. Updated: May 2024.

DOWNLOAD NOW

787,779 professionals have used our research since 2012.

See our Microsoft Sentinel vs. ServiceNow Security Operations report.

See our list of best Security Orchestration Automation and Response (SOAR) vendors.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.