Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs RSA enVision comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
90
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)
RSA enVision
Ranking in Security Information and Event Management (SIEM)
34th
Average Rating
7.2
Reviews Sentiment
6.7
Number of Reviews
6
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 7.4%, down from 9.2% compared to the previous year. The mindshare of RSA enVision is 0.3%, down from 0.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

KrishnanKartik - PeerSpot reviewer
Every rule enriched at triggering stage, easing the job of SOC analyst
It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free
reviewer1093020 - PeerSpot reviewer
Though the solution offers good technical support, it needs to be made more user-friendly
I rate the initial setup a seven and a half out of ten. So, it's closer to seven. The tool is deployed in our organization on-premises with some test servers. In only two tests in a test environment, the deployment can be carried out. The deployment time only depends on the size of your infrastructure. If I limit the company's size, it will not take too much time. So, it can be done in seven to eight hours. Regarding the deployment process, we have managed some test servers, after which we need to install some agents. If you include more servers, you need to install more agents. If you want to use agent-based, I would say that it is totally up to the stakeholder. You will get some additional benefits if you can choose the agent since you will be more assured that less positive false positive results you will get from the tool. For deployment, one test server, a few deployment servers, and some policy configurations are done by the OEM with some local support. We used some Windows servers and Linux servers, and we installed some agents in different types of operating systems. So different versions of Linux and different versions of Windows. We also integrate some network devices like firewalls to integrate firewalls and logs. So, the amount of logs and firewalls is too much. I have to engage too many employees for deployment. So there are those for Linux servers, others for Windows servers, and the rest for network devices. One for SIEM policy creation and one for SIEM management administration is also required.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The Log analytics are useful."
"The machine learning and artificial intelligence on offer are great."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"The query language of Microsoft Sentinel is easy to understand and use."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"The most valuable feature of this solution is the reporting."
"We developed around this solution and received excellent support from the company."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
 

Cons

"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"The solution could improve the playbooks."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"There is room for improvement in entity behavior and the integration site."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"The solution should allow for a streamlined CI/CD procedure."
"RSA enVision log manager is out of date and is not in use anymore."
"Licensing could be improved to be more oriented towards Managed Service Providers (MSPs)."
"In general, the solution currently isn't user-friendly."
"The integration could be easier, it should support more products."
 

Pricing and Cost Advice

"Microsoft Sentinel can be costly, particularly for data management."
"Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
"Microsoft is costlier. Some organizations may not be able to afford the cost of Sentinel orchestration and the Log Analytics workspace. The transaction hosting cost is also a little bit on the high side, compared to AWS and GCP."
"Sentinel is costly."
"Sentinel's pricing is on the higher side, but you can get a discount if you can predict your usage. You have to pay ingestion and storage fees. There are also fees for Logic Apps and particular features. It seems heavily focused on microtransactions, but they may be slightly optional. By contrast, Splunk requires no additional fee for their equivalent of Logic. You have a little more flexibility, but Sentinel's costs add up."
"From a cost perspective, there are some additional charges in addition to the licensing."
"Sentinel is expensive relative to other products of the class, so it often isn't affordable for small-scale businesses. However, considering the solution has more extensive capabilities than others, the price is not so high. Pricing is based on GBs of ingested daily data, either by a pay-as-you-go or subscription model."
"Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."
"On a scale of one to ten, where one is low, and ten is high price, I rate the pricing a six."
"We no longer pay a licensing fee because it is out of date and don't pay for support."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
845,589 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
Manufacturing Company
15%
Computer Software Company
13%
Financial Services Firm
8%
Educational Organization
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about RSA enVision?
The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten.
What needs improvement with RSA enVision?
Licensing could be improved to be more oriented towards Managed Service Providers (MSPs). Perhaps offering different types of licensing would be beneficial, as it can be expensive for industries wi...
What advice do you have for others considering RSA enVision?
Overall, I would rate it a nine out of ten. I recommend using it, but it also depends on the needs and the budget. If I still had my company, I think we would continue using RSA enVision. However, ...
 

Also Known As

Azure Sentinel
No data available
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
BPS (SUISSE), Hypovereinsbank Germany, MAX Hamburgers, Infoplex, Neotel, Telus
Find out what your peers are saying about Microsoft Sentinel vs. RSA enVision and other solutions. Updated: February 2025.
845,589 professionals have used our research since 2012.