IBM Cloud Pak for Security vs Microsoft Sentinel comparison

The compared IBM and Microsoft solutions aren't in the same category. IBM is ranked #21 in CDCS , and holds a 0.1% mindshare in the category. Microsoft is ranked #3 in SIEM , with an average rating of 8.3, and holds a 7.2% mindshare. Additionally, 93% of Microsoft users are willing to recommend the solution.

IBM Cloud Pak for Security

Read 1 IBM Cloud Pak for Security review

38 Views
24 Comparison Views

0% willing to recommend

Microsoft Sentinel

Read 93 Microsoft Sentinel reviews

13,318 Views
8,289 Comparison Views

93% willing to recommend

IBM Cloud Pak for Security

Microsoft Sentinel

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between IBM Cloud Pak for Security and Microsoft Sentinel based on real PeerSpot user reviews.

Find out what your peers are saying about Akamai, Illumio, VMware and others in Cloud and Data Center Security.

To learn more, read our detailed Cloud and Data Center Security Report (Updated: April 2025).

Buyer's Guide

Cloud and Data Center Security

April 2025

Download the complete report

Helped 849,963 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

IBM Cloud Pak for Security

Average Rating

0.0

Number of Reviews

Ranking in other categories

Cloud and Data Center Security (21st)

Microsoft Sentinel

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (3rd), Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)

Mindshare comparison

IBM Cloud Pak for Security and Microsoft Sentinel aren’t in the same category and serve different purposes. IBM Cloud Pak for Security is designed for Cloud and Data Center Security and holds a mindshare of 0.1%, down 0.2% compared to last year.
Microsoft Sentinel, on the other hand, focuses on Security Information and Event Management (SIEM), holds 7.2% mindshare, down 9.0% since last year.

Cloud and Data Center Security

Security Information and Event Management (SIEM)

Featured Reviews

reviewer1907040

IBM Security Product Manager at a tech services company with 201-500 employees

Great user-friendly interface; provides many functionalities and many free applications

The interface is good and very user-friendly, it's easy for our customers to use. Cloud Pak provides a lot of functionalities and many free applications available from the online shop which can be deployed to your system. It allows for an increase in functionalities even if you've bought the smallest installation.

Read full review

KrishnanKartik

Cyber Security Consultant at Inspira Enterprise

Every rule enriched at triggering stage, easing the job of SOC analyst

It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The interface is good and very user-friendly."

"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."

"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."

"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."

"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."

"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."

"It's pretty powerful and its performance is pretty good."

"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."

"The signal correlation and dashboards features of Microsoft Sentinel are fantastic because it correlates the signal logs with other products. The customizable dashboards are also valuable."

More Microsoft Sentinel pros

Cons

"Lacks sufficient technical support."

"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."

"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."

"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."

"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."

"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."

"Microsoft Sentinel can be improved in terms of automation or connecting with security products so that it is easier to use for general IT admins."

"I would like to see more AI used in processes."

"Add more out-of-the-box connectors with other SaaS platforms/applications."

More Microsoft Sentinel cons

Pricing and Cost Advice

Information not available

"It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."

"The price is reasonable because Sentinel includes features like user behavior analytics and SOAR that are typically sold separately. Overall, a standalone on-prem solution would require some high-end servers, and there's a different cost. It is a cloud-based solution, so there are backend cloud computing costs, but they are negligible."

"Pricing for Microsoft Sentinel could always be lower, but it's workable. The ingestion costs for the data analytics is usually the highest cost, but the licensing per Microsoft Sentinel is fairly straightforward and transparent."

"We are charged based on the amount of data used, which can become expensive."

"We must have saved some money with this product. It is a cloud-native product, and the ingestion is per GB. Every GB costs a certain amount of money. That is how the license of Microsoft Sentinel works."

"Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."

"From a cost perspective, there are some additional charges in addition to the licensing."

"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

More Microsoft Sentinel pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Cloud and Data Center Security solutions are best for your needs.

See recommendations

849,963 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

No data available

Computer Software Company

16%

Financial Services Firm

11%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Ask a question

Earn 20 points

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

See all answers

Comparisons

IBM Security QRadar vs IBM Cloud Pak for Security

Compared 100% of the time

More IBM Cloud Pak for Security Competitors

AWS Security Hub vs Microsoft Sentinel

Compared 21% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 8% of the time

Cortex XSIAM vs Microsoft Sentinel

Compared 8% of the time

Wazuh vs Microsoft Sentinel

Compared 5% of the time

Google Chronicle Suite vs Microsoft Sentinel

Compared 5% of the time

More Microsoft Sentinel Competitors

Product Reports

Buyer's Guide

Cloud and Data Center Security

April 2025

Download IBM Cloud Pak for Security product report

Buyer's Guide

Microsoft Sentinel

April 2025

Download Microsoft Sentinel product report

Also Known As

No data available

Azure Sentinel

Overview

IBM Cloud Pak for Security is comprised of containerized software pre-integrated with Red Hat OpenShift. The platform connects to your existing security tools – and through the use of open standards – allows you to search for threat indicators across your hybrid, multicloud environment.

IBM

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft

Sample Customers

Information Not Available

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Buyer's Guide

Cloud and Data Center Security

April 2025

Download Free Report

Find out what your peers are saying about Akamai, Illumio, VMware and others in Cloud and Data Center Security. Updated: April 2025.

DOWNLOAD NOW

849,963 professionals have used our research since 2012.

We monitor all Cloud and Data Center Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.