We performed a comparison between i-SIEM and Microsoft Sentinel based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."As a result of the automation, we are able to manage SIEM with a small security team. I'm in a unique position where we have been growing the security organization quite rapidly over the last three and a half years. But, as a direct result of the empow transition and legacy collection of tools towards the empow platform, we've been able to keep that head count flat. We've been able to redirect a lot of the security team's time away from the wash, rinse, repeat activities of responding to alarms where we have a high degree of confidence that they will be false positives, adjusting the rules accordingly. This can be a bit frustrating for the analyst when they have to spend hours a day dealing with these types of probable false positives. So, it has helped not only us keep our headcount flat relative to the resources necessary to provide the assurances that our executives expect of us for monitoring, but allows our analyst team to spend the majority of their time doing what they love. They are spending their time meaningfully with a higher degree of confidence and enjoying getting into the incident response type activity."
"The connectivity and analytics are great."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The initial setup is very simple and straightforward."
"Relative to keeping up with the sheer pace of cloud-native technologies, it should provide more options for clients to deploy their technologies in unique ways. This is an area that I recommend that they maintain focus."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"I would like to be able to monitor applications outside of the Azure Cloud."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
Earn 20 points
i-SIEM is ranked 44th in Security Information and Event Management (SIEM) while Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews. i-SIEM is rated 9.0, while Microsoft Sentinel is rated 8.2. The top reviewer of i-SIEM writes "The alert fatigue and false positive rates have just plummeted, which is really exciting". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". i-SIEM is most compared with Splunk Enterprise Security, AlienVault OSSIM, IBM Watson for Cyber Security and AWS Security Hub, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Elastic Security.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
