We performed a comparison between Elastic Security and Microsoft Sentinel based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions are extremely reliable. Elastic Security is very flexible and very customizable. Microsoft Sentinel is a more comprehensive solution, provides more user options, and is very easy to use. Additionally, Microsoft Sentinel is the best option for organizations that are heavily vested in a Microsoft ecosystem.
"The most valuable feature is the machine learning capability."
"The visualization is very good."
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"Just the ability to do a lot more than just up-down is nice, which a lot of people take for granted."
"It's a good platform and the very best in the current market. We looked at the Forester report from December 2022 where it was said to be a leader."
"The most valuable features of the solution are the prevention methods and the incident alerts."
"It's open-source and free to use."
"It is scalable."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"We have no complaints about the features or functionality."
"This solution cannot do predictive maintenance, so we have to build our own modules for doing it."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"Anything that supports high availability or ease of deployment in a highly available environment would help to improve this solution."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"We're using the open-source edition, for now, I think maybe they can allow their OLED plugin to be open source, as at the moment it is commercialised."
"Technical support could respond faster."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"The product can be improved by reducing the cost to use AI machine learning."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"There is room for improvement in entity behavior and the integration site."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews while Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews. Elastic Security is rated 7.6, while Microsoft Sentinel is rated 8.2. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Wazuh. See our Elastic Security vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.