Try our new research platform with insights from 80,000+ expert users

Microsoft Defender for Cloud Apps vs Threat Stack Cloud Security Platform [EOL] comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

iboss
Sponsored
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
15
Ranking in other categories
Secure Web Gateways (SWG) (10th), Internet Security (4th), Web Content Filtering (3rd), Cloud Access Security Brokers (CASB) (8th), ZTNA as a Service (11th), Secure Access Service Edge (SASE) (10th)
Microsoft Defender for Clou...
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
37
Ranking in other categories
Cloud Access Security Brokers (CASB) (5th), Advanced Threat Protection (ATP) (12th), Microsoft Security Suite (13th)
Threat Stack Cloud Security...
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
8
Ranking in other categories
No ranking in other categories
 

Featured Reviews

Matt Crockford - PeerSpot reviewer
It's easy to roll out, and their understanding of our business made it seamless
One aspect we value about iboss is its simplicity. Their customer service is brilliant, and they are super responsive and knowledgeable. It's easy to roll out, and their understanding of our business made it seamless. We were impressed by the solution's mental health function, which can detect if someone needs help. It scans what users are browsing and flags warning signs so we can check to see if they are okay. We've had to use it a couple of times. The user interface is highly intuitive. Our IT team picked it up with minimal training. It's arranged so that it's easy to find where things are. Another advantage is the single pane of glass console, which gives you visibility into what's happening. We're not fully there yet because we haven't implemented zero trust, but we're excited about the possibilities from the demos we've seen. We launched a POC of iboss' ChatGPT Risk Protection feature two weeks ago. AI is a great tool, but you need to be careful what you put into it. My biggest fear is employees inputting sensitive corporate information or customer PII data into one of these chatbots. I was impressed by our trial of the feature. It's exactly what we wanted. Now, when a user goes to ChatGPT, there's a banner warning them not to share information, and we can block conversations containing customer data like bank details and email addresses. I don't want to stop people from using it, but we need visibility. We've only tried it on a test group of 15 people. You can configure it to look for specific keywords or integrate it with your DLP policy if you have that configured
Jagadeesh Gunasekaran - PeerSpot reviewer
Saves us time, has good visibility, and a single dashboard
The solution is user-friendly and provides great visibility into threats. There are easy options available for specific workflow inspections. We can also get support by going through the Microsoft documentation, which is straightforward. Microsoft Defender for Cloud Apps helps us prioritize threats across our enterprise. It covers us from a compliance perspective and protects our organization's data. Data protection is a very important aspect of any new organization, as we need to protect our data from both external attacks and insider threats. Microsoft Defender for Cloud Apps helps us monitor for abnormal activity by insiders, which is one of the most important access points for attackers today. Additionally, the different cloud apps that Defender for Cloud Apps supports provide us with much more visibility into potential threats and activities on the internet. We have integrated Microsoft Defender for Cloud Apps alerts with Sentinel. The integration is straightforward. We can find the configuration details on Microsoft's official documentation website. If we are familiar with how Microsoft products work, we will be able to follow the instructions clearly. Microsoft Defender for Cloud Apps and Sentinel work natively together to deliver coordinated detection and response across our environment. Our integrated Microsoft solutions provide comprehensive threat protection, covering most of the tactics and techniques relevant to the MITRE ATT&CK framework. Sentinel allows us to ingest data from our entire ecosystem. When implementing an SIEM solution, there are always prerequisites such as Active Directory logs, security logs, firewall logs, and DNS logs. These are important logs that need to be ingested into the environment. Sentinel has many third-party connectors available that make integrations straightforward. Microsoft provides the configuration details in the Sentinel platform. It is important to integrate all relevant log sources into the SIEM solution so that we can detect and be alerted to any type of threat factor, whether it is from an internal or external source. Integrating third-party solutions into the platform requires a separate configuration, but Microsoft provides the necessary information. However, we need to have the appropriate permissions to execute these setups. Sentinel provides a centralized dashboard that covers threat management and configuration. It gives us complete insight into what entities are accessing, as well as full details for investigation. We can see how the alerts and threats are relevant to suspicious activities, whether they are related to malicious IP addresses, suspicious ASHAs, or any other indicators of compromise. All of this relevant data can be seen in a single pane. Recently, Microsoft introduced a new investigation experience in a single pane. This means that we can now get a lot of details in a single pane, without having to go there and execute a query. There are a lot of new insights being developed in the Sentinel platform these days. It has software intelligence. They recently introduced Microsoft Defender Threat Intelligence, which covers almost all IOCs. This protects organizational assets from threats and suspicious traffic associated with IOCs. If a match is found, alerts are generated. This is a very interesting feature. Another great feature is automation and logic apps. We can create a number of operations, such as posting in a team's channel if a severe incident occurs or sending an email notification. There are many operations available, so we can automate a lot of tasks. Microsoft Defender for Cloud Apps helps us stay compliant. It has predefined mechanisms in place to prevent attacks. For example, if an external user tries to access our SharePoint folders or files, an attack will be blocked. This is why it is important to give appropriate access to guest users. Microsoft Defender for Cloud Apps has many features and benefits. It provides a number of policies that can be configured to meet the specific needs of our security team. These policies can be used to customize cloud applications so that only authorized users can access them and perform operations that benefit the organization. In terms of safety and security, Microsoft Defender for Cloud Apps is top-notch. Using the solution's automation features, we can suppress false positive alerts. We can also close alerts, lower their severity from "high" to "low" or "informational," or close them immediately with the appropriate commands. This will depend on the configuration automation rule and the perspective from which we are testing. Microsoft Defender for Cloud Apps provides a single console. We are also provided with Microsoft templates to enable workbooks instantly. Alternatively, we can build our own customized workbooks to provide better insights and improve our SOC efficiency and overall performance. Consolidating all of our security data into one dashboard has saved our security operations team a significant amount of time. From an analyst's perspective, it is now much easier to correlate events, investigate alerts, and visualize specific entities. For example, an analyst can quickly see all of the alerts associated with a particular IP address, or they can view all of the activity for a specific entity over the past 24 hours or 7 days. This level of detail and insight would not be possible if our data were siloed in multiple dashboards. The single dashboard saves our operations approximately 20 hours per week by eliminating the need to access multiple consoles and tabs. Microsoft Defender for Cloud Apps threat intelligence can help us prepare for potential threats before they happen. However, it depends on how we develop the policies for the database to block or ignore things in our environment.
SC
SecOps program for us, as a smaller company, is amazing; they know what to look for
They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter. Even as part of the SecOps Program, that could be helpful; a quick analysis. They're analyzing our whole infrastructure and saying, "You have one VPC and that doesn't make a lot of sense, that should be multiple VPCs and here's why." The architecture of the servers in whatever cloud-hosting provider you're on could be helpful. Other than that, they should continue to expand on their notifications and on what's a vulnerability. They do a great job of that and we want them to continue to do that. It would be cool, since the agent is already deployed and they know about the server, they know the IP address, and they know what vulnerability is there, for them to test the vulnerability and see if they can actually exploit it. Or, once we patch it, they could double-check that it can't be. I don't know how hard that would be to build. Thinking on it off the top off my head, it could be a little challenging but it could also be highly interesting. It would also be great if we could test a couple of other features like hammering a server with 100 login attempts and see what happens. Real test scenarios could be really helpful. That is probably more something close to what they do with the SOC 2 audit or the report. But more visualization of that, being able to test things out on our infrastructure to make sure we can or can't hit this box could be interesting.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"iboss is among the few products providing inline filtering where no application is needed on the device."
"The security aspect of the solution, particularly the malware behind it, is excellent. That's something that really helped us out. It's not just a simple proxy that just blocks the insights of potential threats that come on behind it. They do malware detection and that helps us a lot."
"iboss is easy to use despite its complexity. Multiple engineers manage it, but it's significantly more straightforward to administer than traditional VPNs and web proxies."
"iboss is among the few products providing inline filtering where no application is needed on the device. It operates on the network side and is not device-based. This feature was one of the main reasons why we stayed with them for so long."
"Because of iboss, I did not have to assign web filtering tasks to my techs on a daily basis."
"Content filtering is the most useful feature of iboss."
"Valuable features: Within the filter: Controls (Web categories, applications, and Allow/Block list) and Network (local Subnets). Within the reporter: Logs (Event Log) and Reports."
"We were impressed by the solution's mental health function, which can detect if someone needs help. It scans what users are browsing and flags warning signs so we can check to see if they are okay. We've had to use it a couple of times."
"In Microsoft Defender for Cloud Apps, there is an option to enable files. Once you enable that, it will give you all the files in your organization and where they are located in the cloud... That feature is very useful for investigation purposes."
"One of the most valuable features is auditing. Some of the other protection services have issues with auditing. Microsoft Defender for Cloud has an excellent auditing technique that helps us avoid the risk of filtering or information loss. You can use different tools to guarantee these things. It allows you to conduct an in-depth exploration of applications, users, and files that are harmful or suspicious. You can also enhance your security setup by creating personalized rules or policies that help you better control traffic in the cloud."
"I like the web GUI/the management interface. I also like the security of Microsoft. As compared to other manufacturers, it's less complex and easy to understand and work with."
"Shadow IT discovery is the feature I like the most."
"If your business requirements are relatively simple, it can get the job done."
"The most valuable feature is the ease of management. It's important."
"The feature that helps us in detecting the sensitive information being shared has been very useful. In addition, the feature that allows MCAS to apply policies with SharePoint, Teams, and OneDrive is being used predominantly."
"The most valuable feature of this solution is its monitoring."
"The number-one feature is the monitoring of interactive sessions on our Linux machines. We run an immutable environment, so that nothing is allowed to be changed in production... We're constantly monitoring to make sure that no one is violating that. Threat Stack is what allows us to do that."
"We like the ability of the host security module to monitor the processes running on our servers to help us monitor activity."
"With Threat Stack, we quickly identified some AWS accounts which had services that would potentially be exposed and were able to remediate them prior to release of products."
"The most valuable feature is the SecOps because they have our back and they help us with the reports... It's like having an extension of your team. And then, it grows with you."
"Threat Stack has connectivity."
"It is scalable. It deploys easily with curl and yum."
"Technical support is very helpful."
"An important feature of this solution is monitoring. Specifically, container monitoring."
 

Cons

"Fold that in with the risk intelligence they're getting from all of the different subscriptions they are a part of. Now, these security companies subscribe to things like emerging threats, databases, etc. You can fold all this intelligence to decide what's happening on an endpoint. I would love to see them start moving into that space. That would compete directly with Microsoft. Maybe that's why they haven't. Having that ability native within the solution would be great. The other area in which I would love to see improvement is more detailed descriptions of why they block websites."
"File integrity monitoring would be very advantageous as an additional feature."
"The reporting feature needs improvement. It doesn't give you the expected results. It is quite difficult to get the specific reports needed, and it is not as intuitive as the rest of the platform."
"Iboss is growing so fast that it is often hard for them to keep up with the challenges."
"Sometimes the agent stops working in iboss, and we have to reinstall the agent."
"Our biggest problem with their service was it did not recognize the device and filtering did not always work correctly."
"SSL decryption: We had issues with learners using apps instead of using web browsers. This type of encryption is tough for any appliance in a BYOD environment."
"Our biggest problem with their service was it did not recognize the device and filtering did not always work correctly."
"The product is very good so far, however, it would be better if it could include more up-to-date threat protection."
"I would prefer to have filtering options incorporated within the policies, enabling the solution to perform tasks beyond mere blocking or allowing."
"The insights could be improved, especially in reporting. While it is possible for me to see the usage from different cloud apps, determining if critical data has been uploaded or if it is just normal transport data is difficult."
"We are having trouble with our continuous reporting configuration and struggling with configuring the collector properly with our log parsing. We've also faced difficulties getting support for this issue. It's taken us months to figure this out after going through a couple of different support channels."
"It doesn't actually decrease the time to respond. This has been an issue with Microsoft recently. Sometimes, there is a delay when it comes to getting an alert policy email... Sometimes it takes two or three hours for that email to be sent."
"I believe it's only set to be integrated with Microsoft Defender for identity and identity protection. I would like to see it available for use with something like Office 365 Defender. I don't think it's integrated with that yet."
"Sometimes the support is actually lacking."
"They need to improve the attack surface reduction (ASR) rules. In the latest version, you can implement ASR rules, which are quite useful, but you have to enable those because if they're not enabled, they flag false positives. In the Defender portal, it logs a block for WMI processes and PowerShell. Apparently, it's because ASR rules are not configured. So, you generally have to enable them to exclude, for example, WMI queries or PowerShell because they have a habit of blocking your security scanners. It's a bit weird that they have to be enabled to be configured, and it's not the other way around."
"The solution’s ability to consume alerts and data in third-party tools (via APIs and export into S3 buckets) is moderate. They have some work to do in that area... The API does not mimic the features of the UI as far as reporting and pulling data out go. There's a big discrepancy there."
"It shoots back a lot of alerts."
"The reports aren't very good. We've automated the report generation via the API and replaced almost all the reports that they generate for us using API calls instead."
"The compliance and governance need improvement."
"The API - which has grown quite a bit, so we're still learning it and I can't say whether it still needs improvement - was an area that had been needing it."
"Some features do not work as expected."
"I would like further support of Windows endpoint agents or the introduction of support for Windows endpoint agents."
"They could give a few more insights into security groups and recommendations on how to be more effective. That's getting more into the AWS environment, specifically. I'm not sure if that's Threat Stack's plan or not, but I would like them to help us be efficient about how we're setting up security groups. They could recommend separation of VPCs and the like - really dig into our architecture. I haven't seen a whole lot of that and I think that's something that, right off the bat, could have made us smarter."
 

Pricing and Cost Advice

"We have not priced the solution recently, but they were competitive with other vendors in the past."
"It is not expensive, and it is also not cheap. iboss is priced right in the sweet spot for the number of features it offers."
"The overall pricing for iboss is very competitive and transparent."
"We had the cost of purchasing a new appliance along with the implementation and licensing costs. However, the following year, the cost of just licensing was similar to what was paid the previous year for a new appliance along with the implementation and licensing costs."
"It is expensive compared to one of its competitors."
"It is probably in line with other solutions, but I do not deal with the financial side."
"It has pretty good pricing."
"Its pricing is on the higher side. Its price is definitely very high for a small-scale company. As an enterprise client, we do get benefits from Microsoft. We get a discounted price because of the number of users we have in our company. We have a premier package, and with that, we do get a lot of discounts. There are no additional costs. It only comes in the top-tier packages. Generally, the top-tier license is the best license that you can get for your organization. If you want, you can buy it separately, but that's not a good idea."
"It is a little bit expensive. When you want to have the complete package with Office 365, Defender, and everything else, it is expensive."
"We have an educational licensing agreement. It's a customer agreement for multiple years."
"Our clients normally use the Microsoft E1 licensing, which is renewed yearly."
"I'm not totally involved in the pricing part, but I think its pricing is quite aggressive, and its price is quite similar to Netskope. Netskope has separate licensing fees or additional charges if you want to monitor certain SaaS services, whereas, with MCAS, you get 5,000 applications with their Office 365. It is all bundled, and there's no cost for using that. You only have the operational costs. In the country I am in, it is a bit difficult to get people with the required skill sets."
"The pricing is a little bit high but right now, we are okay with it because of the compatibility with Office 365, Teams, and Azure AD."
"We are an MST and we do not pay for the solution. However, the price of the solution could be better."
"What we're paying now is somewhere around $15 to $20 per agent per month, if I recall correctly. The other cost we have is SecOps."
"It came in cheaper than Trend Micro when we purchased it a few years ago."
"Pricing seems to be in line with the market structure. It's fine."
"We find the licensing and pricing very easy to understand and a good value for the services provided."
"It is very expensive compared to some other products. The pricing is definitely high."
"It is a cost-effective choice versus other solutions on the market."
"I'm happy with the amount that we spend for the product that we get and the overall service that we get. It's not cheap, but I'm still happy with the spend."
report
Use our free recommendation engine to learn which Cloud Access Security Brokers (CASB) solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Financial Services Firm
12%
Manufacturing Company
9%
Government
6%
Computer Software Company
16%
Financial Services Firm
12%
Manufacturing Company
9%
Government
7%
Computer Software Company
20%
Real Estate/Law Firm
11%
Manufacturing Company
10%
Financial Services Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about iboss?
Content filtering is the most useful feature of iboss.
What needs improvement with iboss?
I have the same complaint about them that I have about other software companies. Sometimes when you call in support, ...
What is your primary use case for iboss?
We are a PreK-12 public school district, and we use iboss to filter internet content for our students at home and sta...
Which is the better security solution - Cisco Umbrella or Microsoft Cloud App Security?
Cisco Umbrella is an integral component of the Cisco SASE architecture. It integrates security in a single, cloud-nat...
What do you like most about Microsoft Cloud App Security?
It does a great job of monitoring and maintaining a security baseline. For us, that is a key element. The notificatio...
What is your experience regarding pricing and costs for Microsoft Cloud App Security?
The pricing for Microsoft Defender for Cloud Apps is acceptable. If a product is of high quality, it justifies the ex...
Ask a question
Earn 20 points
 

Also Known As

iBoss Cloud Platform
MS Cloud App Security, Microsoft Cloud App Security
Threat Stack, CSP,
 

Overview

 

Sample Customers

More than 4,000 global enterprises trust the iboss Cloud Platform to support their modern workforces, including a large number of Fortune 50 companies.
Customers for Microsoft Defender for Cloud Apps include Accenture, St. Luke’s University Health Network, Ansell, and Nakilat.
StatusPage.io, Walkbase, Spanning, DNAnexus, Jobcase, Nextcapital, Smartling, Veracode, 6sense
Find out what your peers are saying about Palo Alto Networks, Cisco, Zscaler and others in Cloud Access Security Brokers (CASB). Updated: March 2025.
845,040 professionals have used our research since 2012.