The analytics rules are excellent. It's pretty easy to create them. It’s all about SQL queries that we need to deploy at the back end. The search of the logs is easy. Before, there were no archival logs. Now, in recent versions, it’s easy to bring back the logs from the archives. We can research and query the archive of logs very easily. The visibility is great. It gives good alerts. The way an analyst can go and drill down into more details is simple, The ability to threat hunt has been useful. Sentinel helps us prioritize threats across the enterprise. With it, we have a single pane for monitoring security logs. As an MSP, they just ingest all the logs into the system, and this actually leads to a hierarchy for our integrations. It’s easy to review the logs for auditing purposes. We use more than one Microsoft security product. Other team members use Intune, Microsoft CASB, and Microsoft Defender as well. It’s easy to integrate everything. You just need to enable the connector in the back end. It takes one minute. These solutions work natively together to deliver coordinated detection responses across our environment. We just integrated the Microsoft Defender logs into Sentinel. It already has the prebuilt use cases in Sentinel, including threat-hunting playbooks, and automation playbooks. It's pretty easy and ready to use out of the box. Sentinel enables us to ingest data from our entire ecosystem. That's really the high point for us. The coverage needs to be expanded. The threat landscape is getting wider and wider and so we need to monitor each and every ecosystem in our customer organization's endpoints, including the endpoints or applications for systems or on the servers or network level. It needs to be integrated on all levels, whether it’s on-premises or cloud. It is really important to have a single point of security monitoring, to have everything coordinated. Sentinel enables us to investigate threats and respond holistically from one place. For that analyst team, the Sentinel page is like a single point of investigation layer for them. Whenever an incident is created, they can just come in and get deeper into a particular investigation incident. They are able to get more information, figure out the indicators, and make recommendations to customers or internal teams to help them take action. Given its built-in UEBA and threat intelligence capabilities, the comprehensiveness of Sentinel's security protection is really nice. The UEBA can be integrated with only the AD logs. And, since they need to get integrated with the networks and the VPN layers as well, it’s useful to have comprehensive security. It can be integrated into other Microsoft security products as well. Sentinel pricing is good. The customer doesn't want to worry about the enterprise infrastructure cost in the system. They worry about the enterprise cost and the management, and operation, CAPEX, et cetera. However, in general, the customer simply needs to worry only about the usage, for example, how much data is getting sent into the system. We can still refine the data ingestion layer as well and decide what needs to be monitored and whatnot. That way, we can pay only for what we are monitoring. Our Microsoft security solution helps automate routine tasks and help automate the finding of high-value alerts. By leveraging Sentinel's automation playbook, we have automated the integrations and triage as well. This has simplified the initial investigation triage, to the point where we do not need to do any initial investigations. It will directly go on into layer two or it directly goes to the customer status. Our Microsoft security solution helped eliminate having to look at multiple dashboards and gave us one XDR dashboard. The dashboard is pretty cool. We now have a single pane of glass. A lot of customization needs to be done, however, there are predefined dashboards and a content hub. We still leverage those dashboards to get the single view into multiple days, including the log volumes or types of security monitoring or in the operation monitoring system. Sentinel saves us time. Even just the deployment, it only takes ten minutes for the could. When you have on-premises tasks that are manual, it can take hours or a day to deploy the entire setup. Integrating the log sources used also takes time. By enabling out-of-the-box tools, we can save a lot of time here and there. Also, once you leverage automation, by simply leveraging logic apps in a local kind of environment, you don’t need to know much coding. You just need knowledge of logic at the back end. The solution has saved us money. While I’m not sure of the exact commercial price, it’s likely saved about 20% to 30%. The solution decreased our time to detect and your time to respond. For time to detect, by leveraging analytic rules, we’ve been able to cut down on time. Everything is happening within minutes. We can begin remediation quickly instead of in hours.
