Try our new research platform with insights from 80,000+ expert users

AWS GuardDuty vs Microsoft Defender for Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Cloud Workload Protection Platforms (CWPP)
4th
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
112
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Container Security (3rd), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
AWS GuardDuty
Ranking in Cloud Workload Protection Platforms (CWPP)
3rd
Average Rating
8.2
Reviews Sentiment
7.9
Number of Reviews
22
Ranking in other categories
No ranking in other categories
Microsoft Defender for Cloud
Ranking in Cloud Workload Protection Platforms (CWPP)
2nd
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
76
Ranking in other categories
Vulnerability Management (7th), Container Management (9th), Container Security (4th), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (3rd), Microsoft Security Suite (4th), Compliance Management (3rd)
 

Mindshare comparison

As of April 2025, in the Cloud Workload Protection Platforms (CWPP) category, the mindshare of SentinelOne Singularity Cloud Security is 2.5%, up from 0.9% compared to the previous year. The mindshare of AWS GuardDuty is 11.9%, down from 13.4% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 13.9%, down from 17.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Workload Protection Platforms (CWPP)
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Terence Dube - PeerSpot reviewer
Comprehensive threat detection simplifies security management
GuardDuty is limited to AWS environments. While incorporating Amazon Detective for detailed investigation can be useful, including more granular details in findings, such as specific user actions or historical comparisons, would be beneficial. Furthermore, managing global AWS environments requires setting up additional tools for viewing GuardDuty findings across multiple regions. A unified dashboard that aggregates findings across all regions without requiring manual aggregation could enhance convenience for users.
Vibhor Goel - PeerSpot reviewer
A single tool for complete visibility and addressing security gaps
Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Singularity Cloud's ability to create custom correlation searches and reduce noise is highly valuable."
"Singularity Cloud Security's most valuable features are its ease of scalability and comprehensive security measures."
"I would definitely recommend SentinelOne Singularity Cloud Security for infrastructure security."
"Overall, I would rate it a ten on ten for cloud security."
"The mean time to detect has been reduced."
"Overall, I would rate SentinelOne Singularity Cloud Security a ten out of ten."
"Our previous product took a lot of man hours to manage. Once we got Singularity Cloud Workload Security, it freed up our time to work on other tasks."
"The user-friendliness is the most valuable feature."
"What we found most valuable in Amazon GuardDuty is its threat detection feature, especially because we were monitoring a huge number of AWS accounts, so we needed a solution that would monitor for any kind of malicious activity. The monitoring aspect of the solution was great because it gave us timely notifications if and when anything happened, and Amazon GuardDuty helped keep us on our toes to make sure we took action right away."
"One of the advantages of cloud services is the ability to use them on demand. There's minimal installation involved; you can check the latest offerings and make new deployments while dismantling the previous ones. This approach keeps you ahead of potential services, showcasing the agility of AWS."
"What I like most about Amazon GuardDuty is that you can monitor your AWS accounts across, but you don't have to pay the additional cost. You can get all your CloudTrail VPC flow logs and DNS logs all in one, and then you get the monitoring with that. A lot of times, if you had a separate tool on-premise, you would have to set up your DNS logs, so usually, Amazon GuardDuty helps with all your additional networking requirements, so I utilize it for continuous monitoring because you can't detect anything if you're not monitoring, and the solution fills that gap. If you don't do anything else first, you can deploy your firewall, and then you've got your Route 53 DNS and DNSSEC, but then Amazon GuardDuty fills that, and then you have audit requirements in AU that says, "Hey, what are your additional logs?", so you can just say, "Hey, we utilize Amazon GuardDuty." You're getting your CloudTrail, your VPC flow logs, and all your DNS logs, and those are your additional logs right there, so the solution meets a lot of requirements. Now, everything comes with a cost, but I also like that the solution also provides threat response and remediation. It's a pretty good product. I've just used it more for log analysis and that's where the value is at, the niche value. Once you do threat detection, it goes into a lot of other integrations you need to implement, so threat detection is only good as the integration, as the user that knows the tools itself, and the architecture and how it's all set up and the rules that you set within that."
"With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavior or traffic patterns right away, which is great for staying on top of potential security risks."
"Overall, GuardDuty is a very easy-to-use tool, and I would recommend it even to those who are not tech-savvy."
"AWS GuardDuty helps by providing continuous threat detection and signaling potential threats. Its most valuable feature is continuous monitoring. The tool's integration with other AWS services has improved security. It provides continuous monitoring and intelligent threat detection, quickly signaling any issues. I would rate this improvement a seven out of ten."
"GuardDuty is extensive in terms of configuration and security compliance."
"The solution will detect abnormalities in the AWS workload and alert us so that we can monitor and take action."
"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."
"When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties."
"The solution is used for risks, vulnerabilities, and compliance."
"I've seen benefits since implementing Microsoft Defender for Cloud. It's easy to manage for our large organization as an endpoint security solution. It integrates well with Office 365 and Windows 11, which is better than before. Patching, updates, and threat protection are all handled together now. Its AI features help predict threats."
"Using Security Center, you have a full view, at any given time, of what's deployed, and that is something that is very useful."
"Microsoft Defender for Cloud has improved our security poster by at least 100 percent."
"It's got a lot of great features."
"I would rate Microsoft Defender for Cloud a ten."
 

Cons

"Bugs need to be disclosed quickly."
"I would prefer to see SentinelOne Singularity Cloud Security develop into a single pane of glass for ASPM and CSPM."
"While it is good, I think the solution's console could be improved."
"Sometimes the Storyline ID is a bit wacky."
"Whenever I view the processes and the process aspect, it takes a long time to load."
"After closing an alert in Cloud Native Security, it still shows as unresolved."
"The SentinelOne customer support needs improvement, as they are sometimes late in responding, which is critical in a production issue."
"A few YouTube videos could be helpful. There isn't a lot of information out there to look at."
"The solution's user interface could be improved because it will help users to understand multiple options."
"It is evolving, and at the moment, I will just need it on a larger scale. Then, it will satisfy my demand, initially."
"GuardDuty is limited to AWS environments."
"For me, I would say just the presentation of findings, like the dashboards and other stuff, could be improved a bit."
"I work in a bank, and it would be good if AWS GuardDuty could be integrated with other monitoring and detection tools we use."
"Amazon GuardDuty could be better enriched in threat intelligence data."
"AWS GuardDuty needs to be more customer-oriented."
"The product needs to improve its cost-efficiency since it is expensive."
"Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations."
"As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains."
"One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view."
"The product's advanced analytics and reporting features could be improved."
"Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters. It could be cheaper."
"The pricing could be better."
"Most customer teams need more training on this type of product."
"The vulnerabilities are duplicated many times."
 

Pricing and Cost Advice

"PingSafe falls somewhere in the middle price range, neither particularly cheap nor expensive."
"PingSafe is fairly priced."
"SentinelOne offers excellent pricing and licensing options."
"I wasn't sure what to expect from the pricing, but I was pleasantly surprised to find that it was a little less than I thought."
"It is cost-effective compared to other solutions in the market."
"It was reasonable pricing for me."
"I am personally not taking care of the pricing part, but when we moved from CrowdStrike to PingSafe, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of PingSafe was low. PingSafe is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning."
"We found it to be fine for us. Its price was competitive. It was something we were happy with. We are not a Fortune 500 company, so I do not know how pricing scales at the top end, but for our cloud environment, it works very well."
"On a scale of one to ten, where one is a high price, and ten is a low price, I rate the pricing a four or five, which is somewhere in the middle."
"I have heard that the solution's price is quite high."
"The price of the solution is exactly right."
"It can get very expensive. If you turn on every feature, it can turn into hundreds of thousands of dollars."
"GuardDuty only enables accounts in regions where you have an active workload. If there are places where you don't have an active workload, you wouldn't even enable them. That's one area where they could allow you to cut down your cost."
"In terms of the costs associated with Amazon GuardDuty, it was $1 per GB from what I recall. Pricing was based on per gigabyte. For example, for the first five hundred gigabytes per month, it'll be $1 per GB, so it'll be $500. If your usage was greater, there's another bracket, for example, the next two thousand GB, then there's an add-on cost of 50 cents per GB. That's how Amazon GuardDuty pricing slowly goes up. I can't remember if there was any kind of additional cost apart from standard licensing for the solution. Nothing else that at least comes to mind. What the service was charging was worth it. That was one good thing when using Amazon GuardDuty because my company could be in a certain tier for a certain period. My company wasn't under a licensing model where it could overestimate its usage and under-utilize its usage and pay much more. This was what made the pricing model for Amazon GuardDuty better."
"80 percent of the customers are using AWS GuardDuty, and we recommend it due to its low cost, especially for small customers, ranging from five to ten dollars a month. In our policies, we enforce the usage of this service, making it a recommended practice for security."
"The pricing model is pay as you go and is based on the number of events per month."
"This is a worldwide service and depending on the country, there will be different prices."
"Defender for Cloud is pretty costly for a single line. It's incredibly high to pay monthly for security per server. The cost is considerable for an enterprise with 500-plus virtual machines, and the monthly bill can spike."
"I rate Microsoft Defender a three out of ten for affordability. The price could be a little lower."
"The licensing is straightforward but can become expensive if you cover everything. You must balance the cost against the importance of what needs covering."
"It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it."
"The tool is pretty expensive."
"The licensing cost per server is $15 per month."
"Azure Defender is a bit pricey. The price could be lower."
report
Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.
849,686 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
15%
Manufacturing Company
9%
Government
5%
Financial Services Firm
16%
Computer Software Company
15%
Manufacturing Company
8%
Government
6%
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
SentinelOne Singularity Cloud Security is an excellent CSPM tool, but its CWPP features need improvement, and there i...
What do you like most about Amazon GuardDuty?
With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavi...
What is your experience regarding pricing and costs for Amazon GuardDuty?
GuardDuty is very cheap and operates on a pay-as-you-go basis. It's priced around a dollar per million requests, maki...
What needs improvement with Amazon GuardDuty?
GuardDuty is limited to AWS environments. While incorporating Amazon Detective for detailed investigation can be usef...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
What is your experience regarding pricing and costs for Microsoft Defender for Cloud?
The cost is generally reasonable. Microsoft Defender for Cloud Plan 2 costs $15 per server, per month. For a normal c...
 

Also Known As

PingSafe
No data available
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
autodesk, mapbox, fico, webroot
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about AWS GuardDuty vs. Microsoft Defender for Cloud and other solutions. Updated: April 2025.
849,686 professionals have used our research since 2012.