Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025
What is a security operations center?
Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support security operations centers (SOCs)’s critical mission. This strong result underscores Microsoft’s strategic vision, innovation, robust capabilities, and growing market momentum. Our strategic investments are guided by the real-world challenges faced by SOCs and the outcomes they strive for. This recognition is strong validation for us that we’re continuing to deliver robust solutions that empower security teams to adapt quickly and operate with confidence against emerging cyberthreats.
Microsoft has garnered the highest score possible in nine criteria across the Strategy and Current Offering categories. In the Strategy category, Microsoft earned the top scores possible in the Innovation, Roadmap, and Partner Ecosystem criteria, with Forrester noting, “Its aggressive roadmap showcases its innovation, which positions it to continue dominating the market.” In the Current Offering category, Microsoft received top marks possible in the Correlation, Investigation, Detection Engineering, Data Management, Product Security, and Deployment Options criteria.
The Forrester report also noted Microsoft Sentinel’s unique distinctive investigative features, including its attack path potential feature. This affirms for us Microsoft’s dedication to delivering an AI-powered security operations solution for modern SOCs to predict and stop cyberattacks swiftly.
Building the SOC of the future with Microsoft Sentinel
SOCs today operate in incredibly demanding environments. The sheer volume and complexity of threats have surged dramatically—from AI-fueled ransomware to rising supply chain threats and insider risk. Simultaneously, security professionals face budget constraints, staffing shortages, and the imperative to achieve more with less.
Microsoft Sentinel, a proven, innovative, Security Information and Event Management (SIEM) solution, is built to meet this challenge. Our SIEM combines cloud-native scale, integrated threat intelligence, robust capabilities, a unified analyst experience, and AI-powered security to help organizations effectively detect, investigate, and respond to sophisticated cyberthreats. Microsoft Sentinel drives critical outcomes: simplifying operations, reducing costs, and accelerating detection and response across all clouds and platforms.
What is User and Entity Behavior Analytics?
A key differentiator for Microsoft Sentinel is its robust, built-in capabilities—including User and Entity Behavior Analytics (UEBA), Security Orchestration, Automation, and Response (SOAR), Threat Intelligence Platform (TIP), and AI. All of this is natively integrated within the Microsoft Defender experience, bringing together the capabilities of SIEM, extended detection and response (XDR), Exposure Management, Cloud Security, and generative AI. This integration delivers a smooth experience for analysts by consolidating alerts, correlating signals across domains, and enabling unified investigations from a single interface. By breaking down silos and streamlining workflows, Microsoft Sentinel and Microsoft Defender empower security teams to respond to complex cyberthreats with greater speed, precision, and confidence.
AI at the core of Microsoft Sentinel
Microsoft’s security strategy is centered on embedding AI-powered capabilities across the entire security operations lifecycle—integrating generative AI, automation, and threat intelligence into a unified platform. Through innovations like Microsoft Security Copilot, automated incident response, and attack disruption, Microsoft empowers security teams to operate at machine speed, reduce false positives, and proactively defend against sophisticated cyberattacks. This AI-powered approach integrates SIEM, XDR, SOAR, and threat intelligence into a unified platform, enabling faster decision-making, deeper insights, and greater operational efficiency. In fact, organizations using Security Copilot have reported a 30% reduction in mean time to respond (MTTR), thanks to AI-powered correlation and behavior-based analytics that streamline investigations and reduce false positives.¹
Microsoft Sentinel
Confidently secure your multicloud, multiplatform environment with an innovative, AI-powered security and information and event management (SIEM) solution.
Optimizing coverage and cost at scale
Too often, security teams face a tradeoff between visibility and cost. Microsoft Sentinel is dedicated to eliminating that compromise through flexible data management, built-in analytics, and out-of-the-box content that delivers value from day one. Microsoft Sentinel’s extensive more than 350 integrations allow organizations to ingest data from multiple sources, including third-party solutions, internal applications, and the broad suite of Microsoft security products. These integrations enable comprehensive threat detection, investigation, and response across the entire digital estate.
With simplified onboarding, dynamic recommendations, scalable data management, and flexible deployment options, Microsoft Sentinel improves the economics of the SOC. Whether you’re a small security team or a global enterprise, Microsoft Sentinel helps you get the coverage you need, without breaking the budget. In fact, a 2024 commissioned Forrester Consulting Total Economic Impact™ study found that Microsoft Sentinel delivered a three-year 234% return on investment (ROI).²
Continuous customer-driven innovation
Microsoft remains committed to advancing security operations, guided by customer feedback and evolving security needs. With more than 15,000 security partners globally, Microsoft’s partner ecosystem empowers customers to deploy and scale SIEM solutions with expert guidance, seamless integrations, and global reach. As Forrester noted, Microsoft Sentinel’s “community and partner ecosystem are flourishing, given its Ignite conference and private communications.”
Looking ahead, we continue investing in generative AI, autonomous agents, deeper integrations, flexible tiering, and enhanced data-driven insights to help security teams anticipate and mitigate cyberthreats before they escalate. As cyberattackers become ever more sophisticated, our goal remains steadfast: to ensure all security teams have the tools and intelligence necessary to defend their organizations effectively regardless of the threat landscape.
We’re honored by the trust that more than 25,000 customers worldwide place in Microsoft Sentinel. Your evolving challenges drive our innovation, and your success is our greatest measure of achievement. While we celebrate this recognition, our commitment remains steadfast: empowering your teams to stay secure, agile, and ahead of tomorrow’s threats.
Learn more
Read The Forrester Wave™: Security Analytics Platforms, Q2 2025 report.
Discover how Microsoft Sentinel can help transform your security operations today.
Microsoft Security is committed to empowering security operations (SecOps) teams with security tools and platforms that enable the critical protection your users rely on. To experience Microsoft Sentinel at your organization, get started with a free trial today.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
The Forrester Wave™: Security Analytics Platforms Q2 2025, Allie Mellen, Stephanie Balaouras, Katie Vincent, and Michael Belden. June 24, 2025.
Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .
¹New Technology: The Projected Total Economic Impact™ Of Microsoft Security Copilot Cost Savings And Business Benefits Enabled By Security Copilot, commissioned study conducted by Forrester Consulting, November 2024.
²The Total Economic Impact™ Of Microsoft Sentinel: Cost Savings And Business Benefits Enabled By Microsoft Sentinel, a commissioned study by Forrester Consulting, March 2024.
The post Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025 appeared first on Microsoft Security Blog.
Source: Microsoft Security