We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will always have the performance capability you need. If you have Microsoft 365, it is very easy to plug the endpoints into Azure Sentinel. With this solution, you can go on the offensive and stay proactive, continually hunting for threats. Azure Sentinel is purely cloud-based and a leading next-generation SIEM.
We have experienced a few false positives with Azure Sentinel. There is a certain level of expertise that you need to possess to appropriately utilize all of Azure Sentinel's offerings - it can be a somewhat steep learning curve to get things running at capacity. It would be an improvement if Azure Sentinel integrated better with other SaaS providers and offered more out-of-the-box connectors.
You get a huge range of powerful security tools with AWS Security Hub, including compliance scanners, vulnerability endpoint protection, and firewalls. AWS Security Hub
has very good detection and offers helpful real-time alerts. AWS Security Hub aggregates, organizes, and prioritizes security alerts or findings from other AWS services, all in one single pane.
AWS Security Hub lacks a certain level of self-sufficiency, though. We would like to see AWS Security Hub become a multi-cloud solution. AWS Security Hub has some regional restrictions that have proved problematic for us; we need visibility for all instances we have on our account. We found that AWS Security Hub is not a good global product.
We felt AWS was lacking in some basic features we consider essential, like multi-region coverage. We also wanted a solution that was more intuitive.
We found Azure Sentinel to be a better fit for our team and our clients. We have a global reach and need a product that could satisfy cross-region coverage efficiently. We also feel that Azure Sentinel offers better proactive threat awareness.
Hi @Netanya Carmi ,
Had prepared some comparison factors between AWS and Azure for one of my presales discussions, hope this will hold some insights .So depending on the requirements from the client appropriate solutions can be proposed. Widely Azure Sentinel is what has be going of matching the customer requriements.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
When would you suggest using an internal SOC and when SOC-as-a-Service? What are the pros and cons of each?