Try our new research platform with insights from 80,000+ expert users

Elastic Security vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
5.9
Elastic Security provides positive ROI in 18-24 months, affordable for SMEs, though premium support may be lacking.
Sentiment score
7.3
Microsoft Sentinel enhances ROI with improved security, cost savings, automation, and faster threat detection, benefiting organizations efficiently.
It does not require hefty security budgets and can be deployed for enterprise security effectively.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
We attribute our growth to Sentinel.
From a risk perspective, it's about mitigating risk, and as mentioned earlier, we haven't missed many things since we've had the offering in market—only a couple of minor incidents.
 

Customer Service

Sentiment score
6.4
Elastic Security support varies; open-source praised for community help, commercial support seen as responsive but with some improvement needed.
Sentiment score
6.7
Microsoft Sentinel support is responsive and helpful, though basic support can be slow, with some preferring community resources.
Support is prompt and helpful.
Most of the time when my team encounters issues, they receive responses within 24 hours.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Working with a Sentinel engineer helped us tune settings effectively.
When my team needs to escalate issues to Microsoft, especially for Microsoft Sentinel, the response is fast through their French entity.
 

Scalability Issues

Sentiment score
7.3
Elastic Security is praised for scalability, easily supporting small to large businesses and adaptable through configuration adjustments.
Sentiment score
8.0
Microsoft Sentinel offers scalable, adaptable security solutions using Azure, ideal for various organizations with its flexible and updated features.
It allows us to think about specific use cases, such as gathering malicious IPs in a single view and analyzing threats based on geolocation.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
 

Stability Issues

Sentiment score
7.7
Elastic Security is stable and reliable, but requires proper setup and resource management; frequent updates can disrupt some users.
Sentiment score
7.8
Microsoft Sentinel is highly reliable, with 99.9%+ availability and occasional minor issues, maintaining stability across diverse environments.
In terms of stability, I would rate Elastic a solid eight out of ten.
So far, we have not experienced any issues, and it has been stable from the beginning.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
 

Room For Improvement

Elastic Security faces challenges in usability, integration, scalability, and awareness, requiring enhancements in features and user support.
Microsoft Sentinel users seek better integration, user-friendliness, documentation, AI capabilities, and customizable features with improved performance and pricing.
CrowdStrike and Defender have more established threat intelligence integration due to having a larger client base.
My security testing team continuously reports vulnerabilities, and we have to fix and update the versions frequently.
Elastic Security consumes a lot of resources, requiring a substantial deployment setup.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
 

Setup Cost

Elastic Security is cost-effective for SMEs but advanced features and lack of included support can increase costs.
Microsoft Sentinel's usage-based pricing offers strong value with extensive integration, but cost unpredictability concerns some users.
The pricing is reasonable, especially for Small Medium Enterprises (SMEs), making it a viable option for businesses building their security infrastructure.
This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Elastic Security is considered cost-effective, especially at lower EPS levels.
Microsoft Sentinel offers more capabilities than Bastion, with a more intuitive experience.
Setting up the right cost model for customers is intricate, requiring careful consideration of various components and licensing tiers.
The ingestion costs for the data analytics is usually the highest cost.
 

Valuable Features

Elastic Security offers rapid search, scalability, and affordability with strong machine learning and customizable dashboards for efficient threat detection.
Microsoft Sentinel provides AI-driven automation, robust threat detection, scalability, and seamless integration for comprehensive security operations within the Microsoft ecosystem.
Elastic Security offers good insight regarding alerts, reports, and cases.
Elastic Security offers advanced features such as machine learning and integration with ChatGPT.
We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data.
Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.
Microsoft Sentinel has improved cost efficiency, which is one of the key areas we're able to win business against the ability to have threat intelligence.
Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see.
 

Categories and Ranking

Elastic Security
Ranking in Security Information and Event Management (SIEM)
5th
Ranking in Security Orchestration Automation and Response (SOAR)
7th
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
64
Ranking in other categories
Log Management (10th), Endpoint Detection and Response (EDR) (16th), Extended Detection and Response (XDR) (9th)
Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
3rd
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
97
Ranking in other categories
Microsoft Security Suite (4th), AI-Powered Cybersecurity Platforms (5th)
 

Mindshare comparison

As of June 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Elastic Security is 5.9%, down from 9.1% compared to the previous year. The mindshare of Microsoft Sentinel is 7.1%, down from 8.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

SyedAli17 - PeerSpot reviewer
Centralized monitoring improves security posture through rapid data processing
The processing part of Elastic Security ( /products/elastic-security-reviews ) is very interesting for us since we handle almost 7,000 to 8,000 alerts per minute. We require rapid processing speed for alerts and event data, and Elastic Security is very efficient at handling this level of data. Additionally, Elastic Security helps improve the security posture of Pakistan through centralized visibility and real-time processing.
Ivan Angelov - PeerSpot reviewer
Threat detection and response capabilities enhance investigation processes
My security team has been using Microsoft Sentinel for around two years. We also have Bastion and SolarWinds as part of our monitoring tools. We use a three-way tool, alongside Microsoft Sentinel, in our environment The most valuable features for us include threat collection, threat detection,…
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
856,873 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Government
10%
Financial Services Firm
9%
Comms Service Provider
7%
Computer Software Company
16%
Financial Services Firm
11%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good c...
What do you like most about Elastic Security?
Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because ...
What is your experience regarding pricing and costs for Elastic Security?
Since Elastic Security is community-based, it does not require significant costs. This is beneficial for SMEs as they do not need extensive budgets for security solutions.
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

Elastic SIEM, ELK Logstash
Azure Sentinel
 

Overview

 

Sample Customers

Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about Elastic Security vs. Microsoft Sentinel and other solutions. Updated: May 2025.
856,873 professionals have used our research since 2012.