Securonix Next-Gen SIEM and Microsoft Defender for Identity compete in the security information and event management (SIEM) category. Securonix appears to have the upper hand due to its advanced analytics and flexibility, whereas Microsoft Defender for Identity excels in identity protection within the Microsoft ecosystem.
Features: Securonix Next-Gen SIEM provides behavior analytics for user monitoring, advanced threat chaining to decrease false positives, and extensive customization options for specific use cases. Its cloud integration is strong, allowing for effective monitoring of various cloud services. Microsoft Defender for Identity offers seamless integration with the Microsoft ecosystem, focusing on user identity and access management. It includes privilege escalation detection and provides thorough coverage of both cloud and on-premise environments.
Room for Improvement: Securonix could improve its user interface and simplify integration with third-party platforms like ServiceNow. Enhanced customization for reporting and visualization would also be beneficial. Deployment and onboarding could be quicker. Microsoft Defender for Identity should work on reducing false positives and improving threat intelligence depth. Enhancements in resolving issues directly from the console and managing complex scenarios are needed.
Ease of Deployment and Customer Service: Securonix provides flexibility for cloud and on-premises deployment, but the process can be complex, requiring strong support. Customer service is proactive but can vary in response times. Microsoft Defender for Identity supports cloud deployment with robust integration into Microsoft services. While technical support is responsive, consistency in customer service experience could improve. Securonix stands out for its cooperative support in complex integrations, while Microsoft capitalizes on its unified security platform approach.
Pricing and ROI: Securonix pricing is competitive based on user count, offering predictable costs and fast ROI due to operational efficiencies and reduced incident investigations. Microsoft's Defender for Identity is included in various Microsoft licensing models, appearing cost-effective within a broader Microsoft suite but potentially costly as a standalone solution. Both solutions yield positive ROI, with Securonix offering scalability and predictability, and Microsoft providing significant value to existing ecosystem users.
The solution is time-saving, particularly in the long run after it is deployed, enabling us to get value promptly.
The quality of support is very good, but troubleshooting can take time due to complex setups and the need to provide many logs.
Generally, the support is more effective than other providers like Oracle.
There is no UK-based support, which leads to delays in waiting for US support.
If I raise a ticket, it initially goes to the L1 team, but the next level of escalation is really effective.
When we reach out to someone, we often wait for the right person with the right skills to come and fix the solution, which is the major challenge.
In a Microsoft-centric organization, especially with Azure infrastructure and Office 365, Microsoft Defender for Identity is scalable.
I can rate it around eight to nine, and it is very scalable and capable of handling tasks, especially for the on-premises product.
The solution is scalable as it is cloud-based and cloud-native.
Microsoft Defender for Identity is quite robust and built on Azure hyperscale infrastructure, with a 99% availability.
Having recently started using it, reliability is affirmed, but manual investigation is often performed to verify if alerts identified by auto-remediation are accurate.
The stability of Securonix Next-Gen SIEM is based on the events we are processing.
If Microsoft could develop a feature that indicates when impossible travel is caused by VPN connections, it would prevent unnecessary password resets and session disruptions, especially for VIP users in organizations.
One improvement I would recommend is the integration of an admin application within Teams, allowing easy access to attack information on a mobile platform.
Reducing false positives is something we've been working on with Microsoft.
At the admin level, we have many challenges where log parsing is causing issues and compatibility is not present.
The passing and setup are quite complex at the beginning, making onboarding not smooth.
When dealing with a large amount of data, such as when firewall logs increase, queries sometimes crash or get stuck.
If they can reduce the costs, organizations will be happy, and it will compensate for using the Azure environment, which is more expensive on the infrastructure as a service side.
From an organization perspective, using E5 licenses is value for money, especially if Azure and Office 365 are already in use.
Ensuring a fair price according to market standards.
Licensing is based on events per second (EPS), costing between $50 to $60 per EPS.
The pricing has similar ingestion charges compared to other solutions, such as Splunk.
We receive an advance report of risky users, allowing us to take preemptive action before an attack causes damage to organization details.
I find the most valuable features in Microsoft Defender for Identity to be the conditional access and the rule-based access control to give users their actual role-based permission to work.
The most valuable feature is its hybrid artificial intelligence, which gathers forensic data to track and counteract security threats, much like the CSI series in effect.
Now, the process is automatic, reducing our workload.
The other SIEM solutions lack an option for big data analysis, whereas in the Securonix Next-Gen SIEM, we have this option.
The software includes user behavior interactions, dashboards, and training capabilities.
Microsoft Defender for Identity integrates with Microsoft tools to monitor user activity, providing advanced threat detection and analysis using AI. It enhances proactive threat response and security visibility, making it essential for securing on-premises and cloud environments like Active Directory.
Microsoft Defender for Identity offers comprehensive monitoring and AI-driven user behavior analysis. It detects threats through real-time alerts and identifies lateral movements and entity tagging, ensuring robust security management. With excellent visibility via its dashboard, it supports customized detection rules and seamlessly integrates with SIEM platforms. While SecureScore and SecureScan provide robust environment security, there is room for improvement in cloud security, on-premises application integration, and remediation capabilities. Azure integration is limited, and the administrative interface could be more user-friendly. Users experience frequent false positives, affecting threat detection efficiency.
What key features stand out in Microsoft Defender for Identity?In specific industries such as education and finance, Microsoft Defender for Identity is crucial for securing on-premises Active Directory and Azure Active Directory environments. It effectively detects suspicious activities and manages conditional access policies, offering user and entity behavior analytics, endpoint detection and response capabilities. This helps prevent unauthorized access and strengthens overall security, making it an invaluable asset for organizations aiming to safeguard their digital infrastructure.
Securonix Next-Gen SIEM is a security information and event management solution designed to provide advanced threat detection, response, and compliance capabilities. It leverages machine learning and big data analytics to offer a comprehensive security platform for modern enterprises.
Securonix Next-Gen SIEM utilizes advanced analytics and machine learning to detect complex threats that traditional SIEM solutions might miss. Its architecture is built on Hadoop, enabling scalability and the processing of large volumes of data in real-time. This allows organizations to gain deep insights into security incidents, prioritize threats, and automate response actions. The solution also includes behavior analytics to detect insider threats and unknown attacks, integrating seamlessly with existing IT infrastructure.
What are the critical features of Securonix Next-Gen SIEM?
What is the ROI expectations?
Securonix Next-Gen SIEM is implemented across various industries, including finance, healthcare, and retail. Its flexibility and advanced analytics capabilities make it suitable for environments with complex security needs. In finance, it helps detect fraud, while in healthcare, it ensures patient data security. In retail, it protects against data breaches and payment fraud.
In summary, Securonix Next-Gen SIEM offers advanced threat detection, scalability, and integration capabilities, making it a robust solution for modern enterprises.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
