Try our new research platform with insights from 80,000+ expert users

Check Point CloudGuard CNAPP vs Microsoft Defender for Cloud Apps comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Vulnerability Management (27th), Continuous Threat Exposure Management (CTEM) (6th)
Check Point CloudGuard CNAPP
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
71
Ranking in other categories
Vulnerability Management (9th), Cloud and Data Center Security (9th), Container Security (7th), Cloud Workload Protection Platforms (CWPP) (6th), Cloud Security Posture Management (CSPM) (5th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (4th), Compliance Management (6th)
Microsoft Defender for Clou...
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
37
Ranking in other categories
Cloud Access Security Brokers (CASB) (5th), Advanced Threat Protection (ATP) (12th), Microsoft Security Suite (13th)
 

Mindshare comparison

Vulnerability Management
Cloud Access Security Brokers (CASB)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Bart Coddens - PeerSpot reviewer
Evolved cloud security with active monitoring but needs interface consistency
The user interface needs work. Sometimes, it is a transition from the old tool to the new CNAPP Two that I currently have, and remnants of the old environment can still be detected. I require consistency in the user interface to ensure everything is streamlined into the same look and feel. More work is needed in fine-tuning the threat data towards your CSPM and activity logs, aligning them with business intelligence, which requires a cohesive console interface. My assessment of CloudGuard CDRs in intrusion detection and threat hunting capabilities is that it still needs some work. All the threat data that comes in, you need to fine tune it a bit.
Jagadeesh Gunasekaran - PeerSpot reviewer
Saves us time, has good visibility, and a single dashboard
The solution is user-friendly and provides great visibility into threats. There are easy options available for specific workflow inspections. We can also get support by going through the Microsoft documentation, which is straightforward. Microsoft Defender for Cloud Apps helps us prioritize threats across our enterprise. It covers us from a compliance perspective and protects our organization's data. Data protection is a very important aspect of any new organization, as we need to protect our data from both external attacks and insider threats. Microsoft Defender for Cloud Apps helps us monitor for abnormal activity by insiders, which is one of the most important access points for attackers today. Additionally, the different cloud apps that Defender for Cloud Apps supports provide us with much more visibility into potential threats and activities on the internet. We have integrated Microsoft Defender for Cloud Apps alerts with Sentinel. The integration is straightforward. We can find the configuration details on Microsoft's official documentation website. If we are familiar with how Microsoft products work, we will be able to follow the instructions clearly. Microsoft Defender for Cloud Apps and Sentinel work natively together to deliver coordinated detection and response across our environment. Our integrated Microsoft solutions provide comprehensive threat protection, covering most of the tactics and techniques relevant to the MITRE ATT&CK framework. Sentinel allows us to ingest data from our entire ecosystem. When implementing an SIEM solution, there are always prerequisites such as Active Directory logs, security logs, firewall logs, and DNS logs. These are important logs that need to be ingested into the environment. Sentinel has many third-party connectors available that make integrations straightforward. Microsoft provides the configuration details in the Sentinel platform. It is important to integrate all relevant log sources into the SIEM solution so that we can detect and be alerted to any type of threat factor, whether it is from an internal or external source. Integrating third-party solutions into the platform requires a separate configuration, but Microsoft provides the necessary information. However, we need to have the appropriate permissions to execute these setups. Sentinel provides a centralized dashboard that covers threat management and configuration. It gives us complete insight into what entities are accessing, as well as full details for investigation. We can see how the alerts and threats are relevant to suspicious activities, whether they are related to malicious IP addresses, suspicious ASHAs, or any other indicators of compromise. All of this relevant data can be seen in a single pane. Recently, Microsoft introduced a new investigation experience in a single pane. This means that we can now get a lot of details in a single pane, without having to go there and execute a query. There are a lot of new insights being developed in the Sentinel platform these days. It has software intelligence. They recently introduced Microsoft Defender Threat Intelligence, which covers almost all IOCs. This protects organizational assets from threats and suspicious traffic associated with IOCs. If a match is found, alerts are generated. This is a very interesting feature. Another great feature is automation and logic apps. We can create a number of operations, such as posting in a team's channel if a severe incident occurs or sending an email notification. There are many operations available, so we can automate a lot of tasks. Microsoft Defender for Cloud Apps helps us stay compliant. It has predefined mechanisms in place to prevent attacks. For example, if an external user tries to access our SharePoint folders or files, an attack will be blocked. This is why it is important to give appropriate access to guest users. Microsoft Defender for Cloud Apps has many features and benefits. It provides a number of policies that can be configured to meet the specific needs of our security team. These policies can be used to customize cloud applications so that only authorized users can access them and perform operations that benefit the organization. In terms of safety and security, Microsoft Defender for Cloud Apps is top-notch. Using the solution's automation features, we can suppress false positive alerts. We can also close alerts, lower their severity from "high" to "low" or "informational," or close them immediately with the appropriate commands. This will depend on the configuration automation rule and the perspective from which we are testing. Microsoft Defender for Cloud Apps provides a single console. We are also provided with Microsoft templates to enable workbooks instantly. Alternatively, we can build our own customized workbooks to provide better insights and improve our SOC efficiency and overall performance. Consolidating all of our security data into one dashboard has saved our security operations team a significant amount of time. From an analyst's perspective, it is now much easier to correlate events, investigate alerts, and visualize specific entities. For example, an analyst can quickly see all of the alerts associated with a particular IP address, or they can view all of the activity for a specific entity over the past 24 hours or 7 days. This level of detail and insight would not be possible if our data were siloed in multiple dashboards. The single dashboard saves our operations approximately 20 hours per week by eliminating the need to access multiple consoles and tabs. Microsoft Defender for Cloud Apps threat intelligence can help us prepare for potential threats before they happen. However, it depends on how we develop the policies for the database to block or ignore things in our environment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We really liked its ease of implementation against our Microsoft Azure environment."
"Overall, it provides good security."
"It has great scalability."
"The user interface is responsive and quite intuitive; when selecting an object it automatically shows the relevant actions."
"People implementing this solution are concerned with addressing a significant risk, and within the AWS realm, this tool does de-risk substantially."
"Alerts of cloud activity happening across all accounts is helpful."
"It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment."
"The most valuable features of CloudGuard CNAPP are its reporting capabilities for aggregating vulnerability information and scoring."
"The integration within the entire Defender suite is highly valuable because it allows for communication between different components and offers pretty decent correlations."
"The feature that helps us in detecting the sensitive information being shared has been very useful. In addition, the feature that allows MCAS to apply policies with SharePoint, Teams, and OneDrive is being used predominantly."
"I like the web GUI/the management interface. I also like the security of Microsoft. As compared to other manufacturers, it's less complex and easy to understand and work with."
"I would rate it a ten because I have not experienced any stability issues so far with Defender for Cloud Apps."
"The most valuable feature is its policy implementation."
"The ability to sanction unsanctioned apps using Secure Score benchmarking, included in Cloud, is also beneficial."
"It does a great job of monitoring and maintaining a security baseline. For us, that is a key element. The notifications are pretty good."
"It's very easy to install and it includes the Intune portal from Microsoft where I can control all the devices from one place."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"When rules change, it messes up the remediation. They haven't found a fix for that yet. The remediation rule goes into limbo. It's an architectural design flaw within their end compliance engine—a serious bug."
"For businesses with varied IT ecosystems, increasing the integration capabilities with additional third-party products and services would increase flexibility and user-friendliness."
"It should have some options to activate API calls to the platform in the cloud, another improvement would be that when the rules are colonized and they want to be published."
"I would like CloudGuard's pricing to be cheaper, but I think that's impossible. The pricing is the only thing I think they can improve."
"The technical support could be better, but I do not know of any other needed improvements."
"Currently, this solution is somewhat expensive."
"The entire system is complicated, and the setup process may not cater to the company's demands."
"The tool should incorporate more use cases like improving security scores. It should also improve documentation."
"This service would be better if it had a separate license, only for this service, that could be used to track usage."
"Defender for Cloud apps is primarily useful for Azure apps. It has limited capabilities for applications based on other cloud platforms."
"The product is very good so far, however, it would be better if it could include more up-to-date threat protection."
"The technical support team has room for improvement."
"We would like to get more information from the endpoint. I don't get enough detailed information right now on why something failed. There is not enough visibility."
"Sometimes, we'll get false positive alarms. For example, when a SharePoint path has no file sharing, but there is an external user, it will trigger an alarm that the file has been shared with an external user... the alerting mechanism should be more precise when giving you an alert about what activity has been done with the file..."
"We are having trouble with our continuous reporting configuration and struggling with configuring the collector properly with our log parsing. We've also faced difficulties getting support for this issue. It's taken us months to figure this out after going through a couple of different support channels."
"Defender could integrate better with multi-cloud and hybrid environments. It requires some additional configuration to ingest data from non-Azure environments and integrate it with Sentinel."
 

Pricing and Cost Advice

Information not available
"The price is on the higher end."
"It is difficult to contextualize the pricing because we are used to Indian pricing and licensing."
"The solution’s pricing is a little bit high."
"Right now, we have licenses on 500 machines, and they are not cheap."
"From a pricing perspective, they are pretty expensive."
"The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider."
"The license fee is high."
"​They support either annual licensing or hourly. At the time of our last negotiation, it was either one or the other, you could not mix or match. I would have liked to mix/match. ​"
"We are an MST and we do not pay for the solution. However, the price of the solution could be better."
"The pricing is in the middle. It isn't too cheap or expensive compared to other antivirus or security products. It is priced according to industry standards."
"We have an educational licensing agreement. It's a customer agreement for multiple years."
"It has fair pricing. You pay for what you get. As far as I know, there are no costs in addition to the standard licensing fee."
"The E5 license offers everything bundled. People are moving to Microsoft because you buy one license and it gives you everything."
"It has pretty good pricing."
"Our clients normally use the Microsoft E1 licensing, which is renewed yearly."
"I'm not totally involved in the pricing part, but I think its pricing is quite aggressive, and its price is quite similar to Netskope. Netskope has separate licensing fees or additional charges if you want to monitor certain SaaS services, whereas, with MCAS, you get 5,000 applications with their Office 365. It is all bundled, and there's no cost for using that. You only have the operational costs. In the country I am in, it is a bit difficult to get people with the required skill sets."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Manufacturing Company
6%
Retailer
6%
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
9%
University
6%
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
Which is the better security solution - Cisco Umbrella or Microsoft Cloud App Security?
Cisco Umbrella is an integral component of the Cisco SASE architecture. It integrates security in a single, cloud-nat...
What do you like most about Microsoft Cloud App Security?
It does a great job of monitoring and maintaining a security baseline. For us, that is a key element. The notificatio...
What is your experience regarding pricing and costs for Microsoft Cloud App Security?
The pricing for Microsoft Defender for Cloud Apps is acceptable. If a product is of high quality, it justifies the ex...
 

Also Known As

No data available
Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence
MS Cloud App Security, Microsoft Cloud App Security
 

Overview

 

Sample Customers

Information Not Available
Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners
Customers for Microsoft Defender for Cloud Apps include Accenture, St. Luke’s University Health Network, Ansell, and Nakilat.
Find out what your peers are saying about Wiz, Qualys, Tenable and others in Vulnerability Management. Updated: March 2025.
845,040 professionals have used our research since 2012.