Microsoft Sentinel vs Seceon Open Threat Management Platform comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Microsoft Sentinel and Seceon Open Threat Management Platform based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Microsoft Sentinel vs. Seceon Open Threat Management Platform Report (Updated: November 2022).
653,584 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that.""The most valuable feature is that it has native MSSP capabilities and maintains perfect data separation. It does all of that in a very easy-to-manage cloud-based solution.""The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable.""The alerting is much better than I anticipated. We don't get as many alerts as I thought we would, but that nobody's fault, it's just the way it is.""It's very, very versatile.""Devo helps us to unlock the full power of our data because they have more than 450 parsers, which means that we can ingest pretty much any type of log data.""In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time.""The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before."

More Devo Pros →

"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running.""The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources.""Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself.""We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility.""What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part.""Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually.""I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response.""We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."

More Microsoft Sentinel Pros →

"The solution is stable.""The most valuable features are behaviour analytics, threat intelligence, endpoint detection, and response features.""The main thing is the value proposition. It is one of the most sophisticated yet affordable solutions that I've come across. It is also one of the easiest-to-manage yet comprehensive solutions for a SOC analyst. Its customizations are really good, and it has a lot of integrations. It is multi-tenant and very fast to onboard. Its stability is 100%. We've never had an outage with it. It doesn't require extensive hardware resources. Its level of support is also very good. They have a very responsive technical team."

More Seceon Open Threat Management Platform Pros →

Cons
"There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts.""One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate.""The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc.""From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments.""Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution.""An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that.""Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better.""Technical support could be better."

More Devo Cons →

"The only thing is sometimes you can have a false positive.""There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it.""It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools.""I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used.""Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider.""The solution could improve the playbooks.""We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed.""Add more out-of-the-box connectors with other SaaS platforms/applications."

More Microsoft Sentinel Cons →

"The product could be improved by including sandboxing capabilities in the next release.""It is a standalone solution now. They need to make it into a cloud-based subscription model. It needs more compatibility for co-managed solutions. It can also have more threats and deeper integration with Microsoft.""It would be ideal with the processing was more manageable. Not many customers are willing to have a dedicated server with two CPUs and one TB of memory. The cost of this is huge for a smaller organization."

More Seceon Open Threat Management Platform Cons →

Pricing and Cost Advice
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • "Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
  • More Devo Pricing and Cost Advice →

  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "It has a per-asset model instead of an ingestion-based model, which gives predictable pricing. In terms of price, it is in the middle to lower range of SIEMs that it competes against. It is the most affordable solution that we have implemented so far. It was much more affordable than anything else I've implemented."
  • More Seceon Open Threat Management Platform Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    653,584 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
    Top Answer:I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:The main thing is the value proposition. It is one of the most sophisticated yet affordable solutions that I've come… more »
    Top Answer:It has a per-asset model instead of an ingestion-based model, which gives predictable pricing. In terms of price, it is… more »
    Top Answer:It is a standalone solution now. They need to make it into a cloud-based subscription model. It needs more compatibility… more »
    Comparisons
    Also Known As
    Azure Sentinel
    Seceon OTM, Seceon aiSIEM, aiSIEM, Seceon Open Threat Management
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Seceon Open Threat Management Platform enables organizations to see cyber threats quickly and clearly, and to stop them as they happen, preventing the infliction of extensive corporate damage. The platform was built to use elastic compute power to develop the industry’s first and only fully automated threat detection and remediation system. It detects all forms of threats as they happen, and automatically stops them in minutes. Anticipating attackers’ behavior choices, Seceon’s environment-agnostic solution identifies both known and unknown threats in real-time, preventing risk, damage or loss of valuable information. Seceon can save companies tens of millions spent annually addressing data loss while dramatically reducing the number of cybersecurity tools required.

    Offer
    See Devo in Action

    See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

    Learn more about Microsoft Sentinel
    Learn more about Seceon Open Threat Management Platform
    Sample Customers
    United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Caduceus, SUNY
    Top Industries
    REVIEWERS
    Computer Software Company50%
    Retailer10%
    Insurance Company10%
    Recruiting/Hr Firm10%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Comms Service Provider12%
    Financial Services Firm9%
    Government9%
    REVIEWERS
    Financial Services Firm19%
    Computer Software Company14%
    Government5%
    Outsourcing Company5%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider10%
    Government10%
    Financial Services Firm8%
    VISITORS READING REVIEWS
    Computer Software Company32%
    Comms Service Provider20%
    Construction Company8%
    Energy/Utilities Company8%
    Company Size
    REVIEWERS
    Small Business21%
    Midsize Enterprise21%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise16%
    Large Enterprise62%
    REVIEWERS
    Small Business29%
    Midsize Enterprise22%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise15%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business45%
    Midsize Enterprise13%
    Large Enterprise43%
    Buyer's Guide
    Microsoft Sentinel vs. Seceon Open Threat Management Platform
    November 2022
    Find out what your peers are saying about Microsoft Sentinel vs. Seceon Open Threat Management Platform and other solutions. Updated: November 2022.
    653,584 professionals have used our research since 2012.

    Microsoft Sentinel is ranked 3rd in Security Information and Event Management (SIEM) with 47 reviews while Seceon Open Threat Management Platform is ranked 21st in Security Information and Event Management (SIEM) with 3 reviews. Microsoft Sentinel is rated 8.2, while Seceon Open Threat Management Platform is rated 8.6. The top reviewer of Microsoft Sentinel writes "A straightforward solution that provides comprehensiveness and coverage of multiple different on-prem, and cloud solutions". On the other hand, the top reviewer of Seceon Open Threat Management Platform writes "Very fast, easy to set up, and makes rule creation simple". Microsoft Sentinel is most compared with AWS Security Hub, Splunk, IBM QRadar, Elastic Security and ManageEngine Log360, whereas Seceon Open Threat Management Platform is most compared with Splunk, LogRhythm SIEM, Fortinet FortiSIEM, Elastic Security and IBM QRadar. See our Microsoft Sentinel vs. Seceon Open Threat Management Platform report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.