SIEM: Microsoft shakes up the ranking of the Magic Quadrant

Ranked in 2021 in the square of visionaries, Microsoft entered this year in the square of leaders of the Magic Quadrant on the management of information and security events (SIEM). Its progress is all the more notable as Gartner positions it very high and in first place on the axis of execution capacity. A great performance for its Microsoft Sentinel solution launched only in 2019.

“We believe Microsoft’s placement in the Leaders quadrant validates our commitment to giving our customers a cloud-native SIEM powered by AI and automation.”responded Microsoft in a statement.

For Gartner, the strength of Microsoft’s offer is primarily due to the richness of its highly integrated ecosystem, both in terms of security (CASB Defender for Clouds Apps, identity solutions, endpoints, network, OT, etc.) , only on the infrastructure and application part. Analysts also praise the speed of development of its roadmap. Finally, they highlight the ability to configure, manage and monitor multiple Sentinel instances (with Azure Lighthouse), which is an advantage for both customers with complex environments and for managed service providers.

But because of this strong integration, Gartner calls for vigilance on the pricing model, which can be difficult to understand when Sentinel is combined with other licenses. He also points to the risk of being locked in due to the difficulty of comparing Microsoft’s native features and prices with third-party integrations. Finally, he laments the lack of out-of-the-box features and content, including compliance reports. While customers can create their own analytical content, which is rare, the expertise required may incur additional professional services costs to consider when choosing the solution.

Despite everything, Microsoft Sentinel targets a large and diversified clientele, large and small customers. Licensing is based on data volume, choosing a predefined volume or pay-as-you-go. Some Microsoft 365 licenses also include credits for using Sentinel. Finally, improved storage capacities and other optional features are offered, such as Defender for Endpoint and Defender for IoT.

Among the 5 leaders of 2022, IBM occupies second place like last year with its QRadar solution, once again acclaimed for its analytical capabilities, the expertise and global presence of its teams, and the depth of its product offering. security.

Exabeam, which was first with its Fusion Siem solution, on the other hand, has dropped to fifth place, in particular due to a scope that is now less extensive than that of its competitors, a reputedly complex configuration and an unclear positioning of its SIEM offers. and XDR.

Securonix fell one place and gave up third place to Splunk and its Enterprise Security solution (Splunk ES). The offer is an add-on to the Splunk Enterprise security solution, whose scope is more extensive than SIEM, but which gives full satisfaction with this feature. However, it is sold mainly in North America.

Leave a Comment