Try our new research platform with insights from 80,000+ expert users

JFrog Xray vs Microsoft Defender for Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Vulnerability Management
6th
Ranking in Container Security
3rd
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
107
Ranking in other categories
Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
JFrog Xray
Ranking in Vulnerability Management
25th
Ranking in Container Security
22nd
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
8
Ranking in other categories
Software Composition Analysis (SCA) (6th), Software Supply Chain Security (1st)
Microsoft Defender for Cloud
Ranking in Vulnerability Management
7th
Ranking in Container Security
4th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
75
Ranking in other categories
Container Management (9th), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (3rd), Microsoft Security Suite (4th), Compliance Management (3rd)
 

Mindshare comparison

As of April 2025, in the Vulnerability Management category, the mindshare of SentinelOne Singularity Cloud Security is 1.7%, up from 0.5% compared to the previous year. The mindshare of JFrog Xray is 1.5%, up from 0.4% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 5.6%, up from 4.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Mokshi Pandita - PeerSpot reviewer
An intelligent solution that prioritizes which vulnerability to target first in your project
We could create any number of repositories, but we can create only thirty projects with JFrog Xray. If I want things to work, it has to be one project and multiple repositories that belong to different real projects. So I have a limitation of thirty projects, despite being a premium customer. JFrog Xray does not have a dashboard. Although I am able to generate reports, there is no proper dashboard where I can see the total number of vulnerabilities, the total number of license issues, and how many vulnerabilities are fixed. Second, I found the shift left approach missing with JFrog Xray. JFrog Xray has integration with IDEs, but it does not tell you about the vulnerabilities until the artifact is created. However, Snyk could directly integrate with your repository and would not allow you to build unless you fix the problem.
Vibhor Goel - PeerSpot reviewer
A single tool for complete visibility and addressing security gaps
Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"SentinelOne is far superior to our previous solution, Accops, due to its seamless updates, effortless maintenance, and user-friendly interface and dashboard."
"SentinelOne stands out with its responsiveness to feature requests for Singularity Cloud Security."
"SentinelOne's behaviour analytics are valuable because they detect anomalies and malicious behaviour that signature-based solutions might miss."
"There's real-time threat detection. It can show threats and find issues based on their severity and helps us with real-time monitoring."
"Support has been very helpful and provides regular feedback and help whenever needed. They've been very useful."
"Atlas security graph is pretty cool. It maps out relationships between components on AWS, like load balancers and servers. This helps visualize potential attack paths and even suggests attack paths a malicious actor might take."
"It is very straightforward. It is not complicated. For the information that it provides, it does a pretty good job."
"Cloud Native Security offers a valuable tool called an offensive search engine."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"Good reporting functionalities."
"The solution is stable and reliable."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"The most valuable features of JFrog Xray are its curation capabilities, its native integration with Artifactory, scanning for vulnerabilities, and license compliance features."
"Defender for Cloud has improved our security posture."
"The most valuable feature is the regulatory compliance aspect, where we utilize predefined initiatives like NIST."
"The most valuable features of this solution are the remote workforce capabilities and the general experience of the remote workforce."
"The scalability of Microsoft Defender for Cloud is very good."
"Microsoft Defender for Cloud is a valuable tool that integrates seamlessly with Azure Policy and our Security SIEM, simplifying implementation and enhancing security posture."
"Microsoft Defender for Cloud is stable and reliable as advertised."
"Provides a very good view of the entire security setup of your organization."
"The solution's robust security posture is the most valuable feature."
 

Cons

"The documentation that I use for the initial setup can be more detailed or written in a more user-friendly language to avoid troubles."
"It took us a while to configure the software to work well in this type of environment, as the support documents were not always clear."
"A two-month grace period for extended searches would be a valuable improvement."
"The could improve their mean time to detect."
"There can be a specific type of alert showing that a new type of risk has been identified."
"In terms of ease of use, initially, it is a bit confusing to navigate around, but once you get used to it, it becomes easier."
"A beneficial improvement for PingSafe would be integration with Jira, allowing for a more streamlined ticketing system."
"Bugs need to be disclosed quickly."
"JFrog Xray does not have a dashboard."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray's documentation and error logging could be improved."
"The out-of-the-box PostgreSQL provided is not stable, which is why we are considering enterprise support."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Lacks deeper reporting, the ability to compare things."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"My experience with Microsoft Defender for Cloud has been largely negative due to a poor user experience."
"Support needs to be highly responsive, especially in large enterprise environments."
"It needs to be simplified and made more user-friendly for a non-technical person."
"Another thing that could be improved was that they could recommend processes on how to react to alerts, or recommend best practices based on how other organizations do things if they receive an alert about XYZ."
"Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time."
"I felt that there was disconnection in terms of understanding the UI. The communication for moving from the old UI to the new UI could be improved. It was a bit awkward."
"Defender is occasionally unreliable. It isn't 100% efficient in terms of antivirus detection, but it isn't an issue most of the time. It's also somewhat difficult to train new security analysts to use Defender."
"Most customer teams need more training on this type of product."
 

Pricing and Cost Advice

"It is not that expensive. There are some tools that are double the cost of PingSafe. It is good on the pricing side."
"It is cost-effective compared to other solutions in the market."
"As a partner, we receive a discount on the licenses."
"Its pricing is okay. It is in line with what other providers were providing. It is not cheap. It is not expensive."
"I am personally not taking care of the pricing part, but when we moved from CrowdStrike to PingSafe, there were some savings. The price of CrowdStrike was quite high. Compared to that, the price of PingSafe was low. PingSafe is charging based on the subscription model. If I want to add an AWS subscription, I need to pay more. It should not be based on subscription. It should be based on the number of servers that I am scanning."
"Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable."
"It was reasonable pricing for me."
"Singularity Cloud Workload Security's licensing and price were cheaper than the other solutions we looked at."
Information not available
"The pricing model for most plans is generally good, but the cost of the new Defender for Storage plan is high and should be revisited, as it could lead to disabling desirable security features due to cost."
"The pricing and licensing of Microsoft Defender for Cloud have been good for us. We appreciate the licensing approach based on employee count rather than a big enterprise license."
"The product's pricing policy is generally favorable."
"Pricing is a consideration, but we strive to keep costs low by enabling only necessary services."
"Our clients complain about the cost of Microsoft Defender for Cloud."
"We are using the free version of the Azure Security Center."
"Currently, Microsoft offers only one plan at the enterprise level which is $15 per machine."
"Pricing is difficult because each license has its own metrics and cost."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Financial Services Firm
26%
Manufacturing Company
13%
Computer Software Company
12%
Government
5%
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of criti...
What do you like most about JFrog Xray?
JFrog Xray shows us a list of vulnerabilities that can impact our code.
What needs improvement with JFrog Xray?
X-ray needs improvement in supporting more than one database, as it currently only supports PostgreSQL. More support ...
What is your primary use case for JFrog Xray?
Our primary use case for X-ray includes multiple activities such as security and vulnerability scanning. We already u...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
What is your experience regarding pricing and costs for Microsoft Defender for Cloud?
Initially, the cost was reasonable, but additional services from Microsoft sometimes incur extra expenses that seem h...
 

Also Known As

PingSafe
JFrog Security Essentials
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
google, amazon, cisco, netflix, oracle, vmware, facebook
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about JFrog Xray vs. Microsoft Defender for Cloud and other solutions. Updated: February 2025.
845,040 professionals have used our research since 2012.