We performed a comparison between Microsoft Defender for Identity and Securonix Next-Gen SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Microsoft Defender for Identity integrates with other Defender components, Mircosoft security solutions, and Microsoft 365 while providing monitoring of identity security. It has customizable detection rules. Securonix Next-Gen SIEM offers diverse features, including a robust incident search and analysis tool (Spotter), analytics-driven threat detection, a user-friendly interface, and exceptional customer service. There are areas of improvement for both solutions. For example, Microsoft Defender for Identity could enhance remediation capabilities, the user interface, and threat intelligence. Securonix Next-Gen SIEM would benefit from improvements in graphical reporting, analytics automation, threat hunting, and visualization of log sources.
Service and Support: Support for Microsoft is mixed, with some noting Microsoft's responsive and helpful technical support, while others found it to be lacking in technical ability. Securonix Next-Gen SIEM has been praised for its support effectiveness and promptness, with occasional slower response times.
Ease of Deployment: The setup of Microsoft Defender for Identity is simple and low-maintenance. Reviewers had mixed opinions about the Securonix setup, with some finding it easy and others noting some complexity. Securonix offers flexibility in terms of features and updates, while Microsoft handles maintenance of the backend infrastructure.
Pricing: Microsoft Defender for Identity is part of the Enterprise Mobility and Security Suite; there are no extra costs for setup beyond the standard licensing fee. Securonix Next-Gen SIEM has competitive pricing and has standard licensing fees alongside an initial installation service charge.
ROI: Microsoft and Securonix both deliver ROI. Microsoft Defender for Identity prevents incidents, saves management time, and offers cost-effective subscription options. Securonix Next-Gen SIEM reduces infrastructure management, optimizes resource utilization, and provides time-saving contextual information.
Comparison Results: Microsoft is favored when compared to Securonix. It provides thorough protection for identities, seamless integration with other Microsoft security solutions, customizable rules, and user-friendly dashboards. Users value its ability to detect and analyze advanced attacks based on user behavior. It's also seen as a cost-effective option compared to other SIEM solutions.
"It automates routine testing and helps automate the finding of high-value alerts."
"It is easy to set up. Based on the number of devices you would like to set up, you can use scripts, Group Policy, etc. It takes five minutes to set up."
"The solution offers excellent visibility into threats."
"The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."
"Microsoft Defender for Identity provides excellent visibility into threats by leveraging real-time analytics and data intelligence."
"The basic security monitoring at its core feature is the most valuable aspect. But also the investigative parts, the historical logging of events over the network are extremely interesting because it gives an in-depth insight into the history of account activity that is really easy to read, easy to follow, and easy to export."
"One of our users had the same password for every personal and company account. That was a problem because she started receiving phishing emails that could compromise all of her accounts. Defender told us that the user was not changing their password."
"The most valuable aspect is its connection to Microsoft Sentinel and Defender for Endpoint, and giving exact timelines for incidents and when certain events occured during an incident."
"The scalability is one of the remarkable qualities of this product, which makes it very effective, especially when we are dealing with substantial data volumes in the cloud."
"The machine-learning algorithms are the most valuable feature because they're able to identify the 'needle in the haystack.'"
"I rate the technical support a nine out of ten. They're friendly. Whenever we have a P1 issue, we write an email and our issue is resolved in one or two hours."
"The customizability of the tool is valuable. We are able to customize the use cases and create them easily without a large amount of Securonix assistance. It's very flexible. We do not have to rely on Professional Services to modify or create a new use case."
"There aren't any positive aspects of the solution. It was a complete failure. There are no redeeming features."
"SNYPR has a bundle of features. It has the UEBA feature that tells you about the behavior of a person or entity. In the tool itself, there is an incident management feature, which is definitely valuable."
"The big data security analytics platform, structured and unstructured data analytics, and user and entity behavior analytics provided by the product are probably the best in the industry."
"[The solution has] incident-management or case-management functionality. If someone were to download a high number and we decided we needed to investigate it, I could open a case right in the tool. It would be able to directly reference the data that they downloaded and we could open and shut the case directly in the tool, as well as report from it."
"One potential area for improvement could be exploring flexibility in the installation of Microsoft Defender for Identity agents."
"I would like to be able to do remediation from the platform because it is just a scanner right now. If you onboard a device, it shows you what is happening, but you can't use it to fix things. You need to go into the system to fix it instead."
"And when you are working in a priority IP address, Identity is not able to know that those IPs are from the company. It sees that the IPs are from Taiwan or from Hong Kong or from India, even though they are internal IPs, resulting in a lot of false positives."
"There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."
"Defender for Identity gives us visibility, but we often get false positives from Azure that take us down the garden path. We go through 30 incidents each day and most of those are false positives or benign positive alerts. Occasionally, we get true positive alerts."
"The impact of the sensors on the domain controllers can be quite high depending on your loads. I don't know if there's any room for improvement there, but that's one of the things that might be improved."
"The solution could be better at using group-managed access and they could replace it with broad-based access controls."
"The technical support needs significant improvement. Documentation for more minor issues in the form of guides or walkthroughs could help to resolve this issue. The number of tickets raised would decrease, removing some pressure from the support team and making it easier to clear the remaining tickets."
"We have compliance needs. We have investigation needs. And we have situations where an analyst needs to look at threats. These three things require a different view of how they look at the threats. What would be good is to have Securonix create three different views of their Security Command Center so that, depending on the persona of the person logging in, they'd get the relevant data they need and not see everything."
"Securonix implements risk scores based on different policies that are triggered. We've seen some challenges with the risk scores and how they trigger. These are things that Securonix has recognized and they've been working with us to help improve things."
"The technical support of the solution is an area with shortcomings and needs improvement."
"Parsing needs to be improved. Every time we integrate a new, specific data source, we face a lot of problems in parsing, even for the old data source."
"One aspect that could be improved is the pricing of the product in Brazil."
"It takes too long to generate Spotter reports. For example, a 90-day report is around 100 megabytes. That takes a while, but a one-day report can be generated in a few seconds. We would be happy if they sped up the process."
"We would like to see better integration with other products."
"The incident response area should be improved."
More Microsoft Defender for Identity Pricing and Cost Advice →
Microsoft Defender for Identity is ranked 1st in Identity Threat Detection and Response (ITDR) with 13 reviews while Securonix Next-Gen SIEM is ranked 4th in Identity Threat Detection and Response (ITDR) with 27 reviews. Microsoft Defender for Identity is rated 9.0, while Securonix Next-Gen SIEM is rated 8.6. The top reviewer of Microsoft Defender for Identity writes "Offers robust protection from insider threats, but the customer support is poor". On the other hand, the top reviewer of Securonix Next-Gen SIEM writes "Spotter tool has helped us eliminate many hours required to manually create link analysis diagrams". Microsoft Defender for Identity is most compared with Microsoft Entra ID Protection, Microsoft Defender for Office 365, Microsoft Entra Verified ID, Splunk User Behavior Analytics and Microsoft Sentinel, whereas Securonix Next-Gen SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Microsoft Sentinel, LogRhythm SIEM and Exabeam Fusion SIEM. See our Microsoft Defender for Identity vs. Securonix Next-Gen SIEM report.
See our list of best Identity Threat Detection and Response (ITDR) vendors.
We monitor all Identity Threat Detection and Response (ITDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.