OpenText Enterprise Security Manager and Microsoft Sentinel are competing products in the enterprise security management category. Microsoft Sentinel seems to have an upper hand due to its focus on automation, user-friendliness, and lower resource requirements.
Features: OpenText Enterprise Security Manager offers powerful correlation, event management, and third-party tool integration. It allows for high customization and multi-tenancy. Microsoft Sentinel emphasizes automation and AI for streamlined operations, native integration with Microsoft services, and comprehensive analytics, making it easier for existing Microsoft environments.
Room for Improvement: OpenText Enterprise Security Manager needs enhancements in documentation, user interface, and tech support. Its reliance on Oracle DB affects performance. Microsoft Sentinel could improve its multi-tenancy support and SOAR capabilities, requiring more intuitive playbooks and better support for non-Microsoft environments.
Ease of Deployment and Customer Service: OpenText Enterprise Security Manager is generally on-premises with a complex deployment process and limited support, requiring significant resources. Microsoft Sentinel, a public cloud solution, offers simpler deployment through Azure integration but has room for improvement in documentation and support responsiveness.
Pricing and ROI: OpenText Enterprise Security Manager is seen as costly with high operational expenses, making ROI challenging. Microsoft Sentinel’s pay-as-you-go model aligns costs with usage, proving competitive for those integrated with Microsoft services, though it can be expensive with extensive data ingestions. Users generally find Sentinel's ROI satisfactory due to its capabilities.
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
We attribute our growth to Sentinel.
From a risk perspective, it's about mitigating risk, and as mentioned earlier, we haven't missed many things since we've had the offering in market—only a couple of minor incidents.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Working with a Sentinel engineer helped us tune settings effectively.
When my team needs to escalate issues to Microsoft, especially for Microsoft Sentinel, the response is fast through their French entity.
If I raise a P1 or P0 ticket, the response time is often delayed by four to eight hours.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
It lacks some capabilities compared to other tools available in the market.
So far, we have not experienced any issues, and it has been stable from the beginning.
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
The stability of ArcSight Enterprise Security Manager (ESM) is not very robust.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
The integration aspect of ArcSight Enterprise Security Manager (ESM) needs improvement.
Microsoft Sentinel offers more capabilities than Bastion, with a more intuitive experience.
Setting up the right cost model for customers is intricate, requiring careful consideration of various components and licensing tiers.
The ingestion costs for the data analytics is usually the highest cost.
ArcSight Enterprise Security Manager (ESM) is very cheap compared to other tools.
Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.
Microsoft Sentinel has improved cost efficiency, which is one of the key areas we're able to win business against the ability to have threat intelligence.
Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see.
The ability to interpret data is highly valued.
| Product | Market Share (%) |
|---|---|
| Microsoft Sentinel | 6.2% |
| OpenText Enterprise Security Manager | 1.6% |
| Other | 92.2% |
| Company Size | Count |
|---|---|
| Small Business | 37 |
| Midsize Enterprise | 20 |
| Large Enterprise | 41 |
| Company Size | Count |
|---|---|
| Small Business | 37 |
| Midsize Enterprise | 14 |
| Large Enterprise | 57 |
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
OpenText Enterprise Security Manager enables real-time threat detection through scalable and adaptable solutions, integrating seamlessly with multiple platforms for complex security scenarios across different environments.
OpenText Enterprise Security Manager offers extensive security monitoring capabilities, combining log analysis and incident management to enhance cybersecurity and compliance. Its powerful event correlation engine provides real-time alerts for rapid incident response. Users benefit from customizable dashboards and comprehensive log collection, making it a significant tool in the SIEM market. Flexible deployment options cater to both on-premises and cloud environments, supporting enterprises in managing IT infrastructure and threat detection efficiently.
What are the key features of OpenText Enterprise Security Manager?In industries such as finance, healthcare, and energy, OpenText Enterprise Security Manager is implemented for monitoring critical systems and ensuring compliance with regulatory needs. Enterprises leverage its capabilities for forensic investigations and active threat management, serving as a central hub for cybersecurity operations across diverse IT infrastructures.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
