Ranked in 2021 in the place of visionaries, this year Microsoft entered the place of leaders of the Magic Quadrant on the management of information and security events (SIEM). Its progress is all the more remarkable as Gartner ranks it very high and first on the axis of execution capability. A great performance for its Microsoft Sentinel solution that was first launched in 2019.
“We believe Microsoft’s placement in the Leaders quadrant confirms our commitment to providing our customers with a cloud-native SIEM powered by artificial intelligence and automation.”Microsoft responded in a statement.
For Gartner, the strength of Microsoft’s offering is primarily due to the richness of its highly integrated ecosystem, both in terms of security (CASB Defender for Clouds Apps, identity solutions, endpoints, networks, OT, etc.), only on the infrastructure and application part. Analysts also praise the speed of development of its roadmap. Finally, they highlight the ability to configure, manage, and monitor multiple Sentinel instances (with Azure Lighthouse), which benefits both customers with complex environments and managed service providers.
However, because of this strong integration, Gartner urges vigilance on the pricing model, which can be difficult to understand when Sentinel is combined with other licenses. He also points to the risk of being locked in due to the difficulty of comparing Microsoft’s built-in features and pricing with third-party integrations. Finally, he laments the lack of finished features and content, including compliance reports. While customers can create their own analytical content, which is rare, the expertise required can incur additional professional services costs that must be considered when choosing the solution.
Despite everything, Microsoft Sentinel caters to a large and diversified customer base, customers large and small. Licensing is based on data volume, choosing a predefined amount or pay-as-you-go. Some Microsoft 365 licenses also include credits for using Sentinel. Finally, enhanced storage capabilities and other optional features are offered, such as Defender for Endpoint and Defender for IoT.
Among the 5 leaders in 2022, IBM takes second place, just like last year, with its QRadar solution, once again praised for its analytical capabilities, the expertise and global presence of its teams and the depth of its product offering.
Exabeam, which was first with its Fusion Siem solution, on the other hand, has dropped to fifth place, mainly due to a scope that is now less extensive than that of its competitors, a reportedly complex configuration and an unclear positioning of its SIEM offering . and XDR.
Securonix dropped one spot, giving up third place to Splunk and its Enterprise Security solution (Splunk ES). The offer is an addition to the Splunk Enterprise security solution, the scope of which is more comprehensive than SIEM, but which gives full satisfaction with this feature. However, it is mainly sold in North America.