Forum Discussion
Azure Security Center vs Azure Sentinel
I am looking for a clear comparison between Azure Security Center (i.e. Microsoft Defender for Cloud ?) and Azure Sentinel. What do they overlap, what does Sentinel bring that ASC does not provide. How do they compare in logging and response. And how do license levels
Does anybody know good documentation that provides insights to this comparison?
Many thanks in advance.
- Defender for Cloud is focused on evaluating system configuration and providing recommendations to harden those systems - its goal is make it harder for attackers so that there are not any security incidents shown in Sentinel.
Sentinel is focused on helping security teams investigate incidents - it won't provide any
recommendations to close a port, it will just let you know that the attackers are using a port to steal data 🙂- Thanks for your response.
But is seems that both services also provide overlapping capabilities.- The only real overlap is with alerts, but you need to realize that those in MDC are only a subset of those in Sentinel which has many more data connectors. Incident investigation is much better in Sentinel than MDC.
Sentinel does not provide any recommendations to improve security posture
Word and Excel have overlapping capabilities with their abilities to create tables, but using Excel as word processor is a poor substitute for MS Word, we need both. It is similar with MDC and Sentinel, they complement each other with a few overlaps. To be effective, we need both
- Thanks. That seems a very goods starting point.
