We just raised a $30M Series A: Read our story

Compare Microsoft Sentinel vs. Oracle Security Monitoring and Analytics Cloud Service

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Splunk, IBM, Devo and others in Security Information and Event Management (SIEM). Updated: October 2021.
552,305 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events.""The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean.""Being able to build and modify dashboards on the fly with Activeboards streamlines my analyst time because my analysts aren't doing it across spreadsheets or five different tools to try to build a timeline out themselves. They can just ingest it all, build a timeline out across all the logging, and all the different information sources in one dashboard. So, it's a huge time saver. It also has the accuracy of being able to look at all those data sources in one view. The log analysis, which would take 40 hours, we can probably get through it in about five to eight hours using Devo.""The thing that Devo does better than other solutions is to give me the ability to write queries that look at multiple data sources and run fast. Most SIEMs don't do that. And I can do that by creating entity-based queries. Let's say I have a table which has Okta, a table which has G Suite, a table which has endpoint telemetry, and I have a table which has DNS telemetry. I can write a query that says, 'Join all these things together on IP, and where the IP matches in all these tables, return to me that subset of data, within these time windows.' I can break it down that way.""The real-time analytics of security-related data are super. There are a lot of data feeds going into it and it's very quick at pulling up and correlating the data and showing you what's going on in your infrastructure. It's fast. The way that their architecture and technology works, they've really focused on the speed of query results and making sure that we can do what we need to do quickly. Devo is pulling back information in a fast fashion, based on real-time events.""One of the biggest features of the UI is that you see the actual code of what you're doing in the graphical user interface, in a little window on the side. Whatever you're doing, you see the code, what's happening. And you can really quickly switch between using the GUI and using the code. That's really useful.""The most valuable feature is definitely the ability that Devo has to ingest data. From the previous SIEM that I came from and helped my company administer, it really was the type of system where data was parsed on ingest. This meant that if you didn't build the parser efficiently or correctly, sometimes that would bring the system to its knees. You'd have a backlog of processing the logs as it was ingesting them.""The user experience [is] well thought out and the workflows are logical. The dashboards are intuitive and highly customizable."

More Devo Pros »

"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents.""There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive.""In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store""The pricing of the product is excellent.""One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.""It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.""It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks.""The machine learning and artificial intelligence on offer are great."

More Microsoft Sentinel Pros »

"The security level that they are maintaining with the pre-authentication keys is very good."

More Oracle Security Monitoring and Analytics Cloud Service Pros »

Cons
"Devo has a lot of cloud connectors, but they need to do a little bit of work there. They've got good integrations with the public cloud, but there are a lot of cloud SaaS systems that they still need to work with on integrations, such as Salesforce and other SaaS providers where we need to get access logs.""Their documentation could be better. They are growing quickly and need to have someone focused on tech writing to ensure that all the different updates, how to use them, and all the new features and functionality are properly documented.""The Activeboards feature is not as mature regarding the look and feel. Its functionality is mature, but the look and feel is not there. For example, if you have some data sets and are trying to get some graphics, you cannot change anything. There's just one format for the graphics. You cannot change the size of the font, the font itself, etc.""Technical support could be better.""There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts.""I would like to have the ability to create more complex dashboards.""From our experience, the Devo agent needs some work. They built it on top of OS Query's open-source framework. It seems like it wasn't tuned properly to handle a large volume of Windows event logs. In our experience, there would definitely be some room for improvement. A lot of SIEMs on the market have their own agent infrastructure. I think Devo's working towards that, but I think that it needs some improvement as far as keeping up with high-volume environments.""Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution."

More Devo Cons »

"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more.""They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization.""If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies.""I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used.""Add more out-of-the-box connectors with other SaaS platforms/applications.""They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good.""The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.""The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."

More Microsoft Sentinel Cons »

"The solution could improve by providing better documentation for beginners to learn, such as videos or other tutorials."

More Oracle Security Monitoring and Analytics Cloud Service Cons »

Pricing and Cost Advice
"It's a per gigabyte cost for ingestion of data. For every gigabyte that you ingest, it's whatever you negotiated your price for. Compared to other contracts that we've had for cloud providers, it's significantly less.""Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products.""[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more.""Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs.""We have an OEM agreement with Devo. It is very similar to the standard licensing agreement because we are charged in the same way as any other customer, e.g., we use the backroom.""Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that.""I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money.""Our licensing fees are billed annually and per terabyte."

More Devo Pricing and Cost Advice »

"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost.""I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration.""It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else.""It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure""It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics.""Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit.""Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive.""I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."

More Microsoft Sentinel Pricing and Cost Advice »

"The solution is not expensive for the data security measure you receive, it is reasonable."

More Oracle Security Monitoring and Analytics Cloud Service Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
552,305 professionals have used our research since 2012.
Questions from the Community
Top Answer: It's very, very versatile.
Top Answer: Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
Top Answer: I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
Top Answer: Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
Top Answer: It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
Top Answer: We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
Top Answer: The security level that they are maintaining with the pre-authentication keys is very good.
Top Answer: The solution is not expensive for the data security measure you receive, it is reasonable.
Top Answer: The solution could improve by providing better documentation for beginners to learn, such as videos or other tutorials… more »
Comparisons
Also Known As
Azure Sentinel
SMA Cloud Service
Learn More
Overview

Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Oracle Security Monitoring and Analytics (SMA) Cloud Service enables rapid detection, investigation and remediation of the broadest range of security threats across on-premises and cloud IT assets. Security Monitoring and Analytics provides integrated SIEM and UEBA capabilities built on machine learning, user session awareness, and up-to-date threat intelligence context. This service is built on Oracle Management Cloud's secure, unified big data platform.
Offer
See Devo in Action

See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

Learn more about Microsoft Sentinel
Learn more about Oracle Security Monitoring and Analytics Cloud Service
Sample Customers
United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Information Not Available
Top Industries
VISITORS READING REVIEWS
Computer Software Company28%
Comms Service Provider20%
Government8%
Financial Services Firm7%
REVIEWERS
Financial Services Firm27%
Computer Software Company18%
Wholesaler/Distributor9%
Government9%
VISITORS READING REVIEWS
Computer Software Company27%
Comms Service Provider22%
Government6%
Financial Services Firm6%
VISITORS READING REVIEWS
Computer Software Company43%
Comms Service Provider16%
Government5%
Financial Services Firm4%
Company Size
REVIEWERS
Small Business17%
Midsize Enterprise17%
Large Enterprise67%
VISITORS READING REVIEWS
Small Business48%
Midsize Enterprise15%
Large Enterprise36%
REVIEWERS
Small Business33%
Midsize Enterprise22%
Large Enterprise44%
VISITORS READING REVIEWS
Small Business22%
Midsize Enterprise21%
Large Enterprise57%
No Data Available
Find out what your peers are saying about Splunk, IBM, Devo and others in Security Information and Event Management (SIEM). Updated: October 2021.
552,305 professionals have used our research since 2012.

Microsoft Sentinel is ranked 9th in Security Information and Event Management (SIEM) with 14 reviews while Oracle Security Monitoring and Analytics Cloud Service is ranked 31st in Security Information and Event Management (SIEM) with 1 review. Microsoft Sentinel is rated 8.2, while Oracle Security Monitoring and Analytics Cloud Service is rated 7.0. The top reviewer of Microsoft Sentinel writes "Easy to manage with good automation and machine learning capabilities ". On the other hand, the top reviewer of Oracle Security Monitoring and Analytics Cloud Service writes " Easy to install, highly secure standards, and reliable". Microsoft Sentinel is most compared with AWS Security Hub, Splunk, IBM QRadar and Elastic SIEM, whereas Oracle Security Monitoring and Analytics Cloud Service is most compared with LogRhythm NextGen SIEM, IBM QRadar, Fortinet FortiSIEM, Exabeam Fusion SIEM and ArcSight Enterprise Security Manager (ESM).

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.