Many Microsoft customers take advantage of the E5 security bundle to improve their cybersecurity posture, and for good reason. The E5 license is easy to scope and provides immediate access to a variety of security tools and capabilities for common areas of risk such as endpoint, email, cloud identities and access, Active Directory and on-premises identities. They also get access to Microsoft Defender XDR, which coordinates and centralizes detection, investigation and response across the tools.
But it’s important to note that Defender is designed for Microsoft technology, and in today’s multi-stack world, that can leave gaps in visibility and detection in your environment where you have other tools and vendors. Many organizations in this situation will go ahead and add on Microsoft Sentinel, Microsoft’s cloud-native SIEM solution, but it’s important to understand all your options for extended security — especially when it comes to balancing your desired outcomes with your budget.
The Complexities of Microsoft Sentinel
There’s no question that Microsoft Sentinel is one of the top SIEM solutions available, but organizations should know that is a complex tool that requires a lot of customization, meaning an organization should already have a high level of security maturity, expertise, and people to deploy, manage and use it. And when it comes to price, Sentinel uses a consumption-based licensing model that can sometimes be hard to predict when it comes to budgeting.
Here are some questions related to common challenges with Sentinel that organizations should consider before committing:
- Will we be able to monitor the entire environment, not just Microsoft logs?
- Will we need to filter events to reduce the volume of logs? If so, what will we potentially miss?
- Will we be able to store data long enough to address all requirements?
Open XDR for Full Visibility
A different option for gaining full visibility across your environment is a third-party open XDR platform that can integrate with the Microsoft environment. Open XDR platforms bring in telemetry from a wide variety of sources—network, cloud, endpoint and more—and integrate with third party software so you get a complete view of your environment. For example, Secureworks® Taegis™ XDR offers:
- Multi-EDR support, including Microsoft Defender for Endpoint
- The broadest integration into the Microsoft ecosystem, from independent third-party providers
- An included EDR agent to complement Defender on assets where the latter is not licensed or supported like Linux-based machines
- 12 months of data retention included at no additional cost
- Predictable endpoint-based licensing
Cost Considerations
Looking strictly at software costs without any layer of managed services added in, open XDR is a compelling option for several reasons. Secureworks Taegis XDR is licensed based on endpoints, with all integrations built in at no additional cost. There is one year of hot data storage retention included in the price, with options to extend that if needed or required. This kind of all-inclusive licensing maximizes value while also making it predictable for budgeting. Compare that to Sentinel’s consumption-based model with just 90 days of data storage included. There are also other moving parts regarding potential costs with Sentinel, including data archiving and archive retrieval, searching through archive, searching through basic logs, running automation tasks via Logic Apps.
Open XDR is the Future
We believe that open platforms offer the best outcomes and value for organizations for a number of reasons. Open platforms offer:
- Customization and flexibility
- Enhanced interoperability
- Analyst efficiency
- Rapid evolution
- Future-proofing
- Cost-effectiveness
Cybersecurity is dynamic, and open XDR offers adaptability and agility in the face of sophisticated adversaries.
Cost-Effective Full Visibility
Organizations that need full visibility across all telemetry sources to best protect against cyberattacks — and that want to maximize their current technology investments without breaking their budget — should consider open XDR before going all-in with Microsoft Sentinel. To see real-world examples of how Microsoft Sentinel stacks up against an open XDR platform in terms of cost, check out our white paper that details several scenarios and further breaks down your options for extended security with a Microsoft E5 license.