Try our new research platform with insights from 80,000+ expert users

Microsoft Defender Vulnerability Management vs Microsoft Defender for Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
27th
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
2
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (6th)
Microsoft Defender for Cloud
Ranking in Vulnerability Management
7th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
75
Ranking in other categories
Container Management (9th), Container Security (4th), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (3rd), Microsoft Security Suite (4th), Compliance Management (3rd)
Microsoft Defender Vulnerab...
Ranking in Vulnerability Management
14th
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
12
Ranking in other categories
Advanced Threat Protection (ATP) (17th), Microsoft Security Suite (22nd), Risk-Based Vulnerability Management (5th)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Vibhor Goel - PeerSpot reviewer
A single tool for complete visibility and addressing security gaps
Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.
TakayukiUmehara - PeerSpot reviewer
Ease of management and integration supports operations, but has high resource consumption
A valuable feature is the ease of management and integration with Microsoft products. I appreciate that I can click on a server in the Defender Console, notice a risk, and retrieve all necessary information. Speed is a key feature as it is very quick to administer and allows for manual configuration from the portal.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Zafran is an excellent tool."
"Defender for Cloud has improved our security posture."
"The scalability of Microsoft Defender for Cloud is very good."
"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."
"The most valuable feature is the regulatory compliance aspect, where we utilize predefined initiatives like NIST."
"With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates."
"It has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem."
"The most valuable feature is the hunting feature, which integrates well into the entire Microsoft ecosystem."
"The solution is up-to-date with the latest updates and identified threats."
"A valuable feature is the ease of management and integration with Microsoft products."
"The solution is highly scalable."
"The integration with Sentinel has been one of the most valuable features for my organization."
"A valuable feature is the ease of management and integration with Microsoft products."
"The most valuable aspect is the kind of assessment results I get, and the recommendations provided in Microsoft products really help in taking care of the resources."
"Microsoft Defender Vulnerability Management is versatile and assesses vulnerabilities, providing detailed information on CVEs, their categories, and exploit statuses."
"The integration with Sentinel has been one of the most valuable features for my organization."
"The solution helps identify threats and vulnerabilities."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"They could always work to make the pricing a bit lower."
"The range of workloads is broad, but we'd love to add more workloads and make it a single security solution that covers all those workloads. Covering more would allow us to see and protect more workloads from a single pane of glass. Additional features should include protection for more AI workloads as it currently focuses primarily on OpenAI."
"The documentation and implementation guides could be improved."
"We would like to have better transparency as to how the security score is calculated because as it is now, it is difficult to understand."
"Although Microsoft Defender for Cloud is based on security, I wish it went beyond providing assessments, reports, and generic steps. More detailed procedures would be helpful, especially for lower-level support staff."
"The pricing could be improved, as it is somewhat high for smaller companies."
"The documentation could be much clearer."
"The solution is quite complex. A lot of the different policies that actually get applied don't pertain to every client. If you need to have something open for a client application to work, then you get dinged for having a port open or having an older version of TLS available."
"The automated remediations can be more specific."
"The constant changes in the product configuration or the console setup can sometimes be challenging."
"Probably my only criticism would be the cost. It is expensive."
"The product is not stable; it is very resource-intensive, consuming a lot of memory and CPU, which makes it slow."
"The setup phase of the product is not that easy and needs a person to have a certain level of expertise."
"The worst aspect is the refresh rate of the dashboard."
"The technical support takes too much time to resolve tickets."
"It is expensive."
 

Pricing and Cost Advice

Information not available
"We only use the free tier, so we haven't faced any pricing, setup costs, or licensing challenges."
"Defender's basic version is free, which is good. Many of our teams are evaluating the paid version against third-party products."
"The cost is fair. There aren't any costs in addition to the standard licensing fee."
"Understanding the costs of cloud services can be complicated at first. As with a lot of things in the cloud, it can be quite hard to understand the end cost, but it becomes clearer over time. Early on, the lack of transparency is a challenge. Microsoft does not tell you the cost when they launch something. It is clever marketing, and there is room for improvement there. There should be clarity from the start."
"I am not involved much with the pricing but the bundle offering is good."
"The price of the solution is good for the features we receive and there is an additional cost for Microsoft premier support. However, some of my potential customers have found it to be expensive and have gone on to choose another solution."
"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."
"Pricing is difficult because each license has its own metrics and cost."
"The licensing model follows a per-user per-month structure."
"I rate the product's price a three on a scale of one to ten, where one is a low price, and ten is a high price."
"The licensing costs are reasonable."
"The product’s pricing is medium."
"The tool is a bit costly."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
844,944 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
11%
University
6%
Retailer
6%
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
9%
Government
7%
Financial Services Firm
13%
Computer Software Company
13%
Government
10%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
Pricing for Zafran Security is not expensive. We have a contract for five years, and the cost is lower than other too...
What needs improvement with Zafran Security?
I would like to see an integration with Check Point firewalls. It's essential for us and they are currently working o...
What is your primary use case for Zafran Security?
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched o...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
What is your experience regarding pricing and costs for Microsoft Defender for Cloud?
Initially, the cost was reasonable, but additional services from Microsoft sometimes incur extra expenses that seem h...
What is your experience regarding pricing and costs for Microsoft Defender Vulnerability Management?
I would rate the price as a three for us due to the partnership discounts. For non-partners, however, the cost could ...
What needs improvement with Microsoft Defender Vulnerability Management?
For our current usage, we do not have any complaints, but a potential improvement could be the introduction of a more...
 

Also Known As

No data available
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
No data available
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Information Not Available
Find out what your peers are saying about Microsoft Defender Vulnerability Management vs. Microsoft Defender for Cloud and other solutions. Updated: February 2025.
844,944 professionals have used our research since 2012.