Drata vs Microsoft Defender for Cloud comparison

"Drata offers APIs for every clause so that it can integrate into various platforms."

"Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it."

"The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good."

"Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company, which already has tools like Intune to enforce laptop encryption. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments."

"The product is 100 percent friendly to use."

"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually. Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket. Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade. Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."

"Threat protection is comprehensive and simple."

"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."

"The most valuable feature is the recommendations provided on how to improve security."

"Microsoft Defender for Cloud helps in improving our overall security posture. We have a nice overview of what is missing where and what can be improved."

"I've seen benefits since implementing Microsoft Defender for Cloud. It's easy to manage for our large organization as an endpoint security solution. It integrates well with Office 365 and Windows 11, which is better than before. Patching, updates, and threat protection are all handled together now. Its AI features help predict threats."

"The first valuable feature was the fact that it gave us a list of everything that users were surfing on the web. Having the list, we could make decisions about those sites."

"We saw improvement from a regulatory compliance perspective due to having a single dashboard."

"The solution's robust security posture is the most valuable feature."

"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."

"The product can improve in its API documentation area."

"The existing features of Drata are already extensive and costly to integrate."

"In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true."

"One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification."

"The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop,"

"The solution is quite costly."

"From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR."

"I've heard there might be issues with scalability for larger enterprises."

"The user interface of Microsoft Defender for Cloud, like many Microsoft portals, undergoes frequent changes and feature relocation."

"When you work with it, the only problem that we're struggling with is that we have 21 different subscriptions we're trying to apply security to. It's impossible to keep everything organized."

"My experience with Microsoft Defender for Cloud has been largely negative due to a poor user experience."

"Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters. It could be cheaper."

"I would like to see more connectors and plugins with other platforms."

"Microsoft Defender for Cloud could be improved by adding capabilities for NetApp files and more PaaS resources from other vendors, not just Microsoft."

"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."

"It's one of the more expensive options, but I think it's worth the money if you can afford it."

"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."

"Microsoft's licensing and pricing are sometimes complicated. If someone is new to Microsoft's licensing, they might have difficulty with it."

"Pricing is a consideration, but we strive to keep costs low by enabling only necessary services."

"Our clients complain about the cost of Microsoft Defender for Cloud."

"Currently, Microsoft offers only one plan at the enterprise level which is $15 per machine."

"The licensing cost per server is $15 per month."

"It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it."

"Azure Defender is definitely pricey, but their competitors cost about the same. For example, a Palo Alto solution is the same price per endpoint, but the ground strikes cost a bit more than Azure Defender. Still, it's pricey for a company like ours. Maybe well-established organizations can afford it, but it might be too costly for a startup."

"Pricing depends on your workload size, but it is very cheap. If you're talking about virtual machines, it is $5 or something for each machine, which is minimal. If you go for some agent-based solution for every virtual machine, then you need to pay the same thing or more than that. For an on-premises solution like this, we were paying around $30 to $50 based on size. With Defender, Microsoft doesn't bother about the size. You pay based on the number of machines. So, if you have 10 virtual machines, and 10 virtual machines are being monitored, you are paying based on that rather than the size of the virtual machine. Thus, you are paying for the number of units rather than paying for the size of your units."