We use Defender for network security.
Security Analyst at a financial services firm with 10,001+ employees
It's easy to use and enables us to automate routine security tasks
Pros and Cons
- "Defender is user-friendly and provides decent visibility into threats."
- "Microsoft Defender could be more centralized. For example, I still need to go to another console to do policy management."
What is our primary use case?
How has it helped my organization?
Defender for Cloud is easy to use and enables us to automate routine security tasks. We save a few hours each week. Defender's single dashboard helps us centrally manage security operations and detect threats faster.
What is most valuable?
Defender is user-friendly and provides decent visibility into threats. We use multiple solutions in the Microsoft security suite, including Sentinel and Defender for Endpoint. They integrate smoothly to offer coordinated detection and response.
Sentinel ingests data from our entire environment, allowing us to manage everything from one place. We don't need to go to multiple places to find information. Sentinel's capabilities are quite comprehensive.
What needs improvement?
Microsoft Defender could be more centralized. For example, I still need to go to another console to do policy management.
Buyer's Guide
Microsoft Defender for Cloud
December 2024
Learn what your peers think about Microsoft Defender for Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
For how long have I used the solution?
I have used Defender for Cloud for two years.
What do I think about the stability of the solution?
I rate Microsoft Defender an eight out of ten for stability. It's highly stable.
What do I think about the scalability of the solution?
Microsoft Defender is scalable.
How are customer service and support?
I rate Microsoft support an eight out of ten. It isn't too bad.
How would you rate customer service and support?
Positive
How was the initial setup?
Setting up Microsoft Defender is straightforward. It took us around a month to get it fully deployed. Most of the implementation consisted of onboarding. It doesn't require much maintenance after deployment because it's a cloud solution.
What was our ROI?
I don't think we've saved more money than we've spent. Defender is expensive, but we might see a return in the long run.
What's my experience with pricing, setup cost, and licensing?
I rate Microsoft Defender a three out of ten for affordability. The price could be a little lower.
What other advice do I have?
I rate Microsoft Defender for Cloud an eight out of ten. Getting all your security solutions from a single vendor makes things easier to manage. However, the Microsoft security suite is quite expensive.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Managing Partner at Digitaiken
We saved money by consolidating into a single solution
Pros and Cons
- "We saw improvement from a regulatory compliance perspective due to having a single dashboard."
- "I felt that there was disconnection in terms of understanding the UI. The communication for moving from the old UI to the new UI could be improved. It was a bit awkward."
What is our primary use case?
We had multiple use cases at my previous company. I changed companies during their implementation stages of this solution. From what I saw, the solution has a good use case for SIEM.
How has it helped my organization?
It helped improve my previous organization's security posture. Their previous solution was running separately in each region. That has now been centralized by moving to the cloud. This was a huge change for their operations because they used to have multiple vendors managing their SIEM. Now, that has been consolidated under a single vendor. This consolidation has improved response times.
What is most valuable?
We saw improvement from a regulatory compliance perspective due to having a single dashboard.
What needs improvement?
I felt that there was disconnection in terms of understanding the UI. The communication for moving from the old UI to the new UI could be improved. It was a bit awkward.
For how long have I used the solution?
I have been using Azure Security Center for five to six years. I was using it as my previous organization up until six months ago.
What do I think about the stability of the solution?
The stability was good.
What do I think about the scalability of the solution?
The solution was very much scalable.
Overall, there were around 150,000 users beginning to use it at the organization.
How are customer service and technical support?
We didn't use technical support directly from Microsoft. We used the third-parties' support.
Which solution did I use previously and why did I switch?
We were previously using multiple solutions that integrated with SAP. For example, one region would be running QRadar and another region would be using Symantec. Each region of the company was just running it in silo mode off their internal Exchange. As part of centralizing a global solution, we chose to go with Azure Security Center, because our on-prem solution was not really working for us. This is why we started using Azure Security Center.
How was the initial setup?
The initial setup was easy; it was not complex.
The deployment took a month.
The transition went well. I didn't see any challenges.
What about the implementation team?
The setup was done by a third-party vendor, Fujitsu, who was very good. There was also another vendor, Microland, who had good knowledge and helped us with building it.
Not too many people were needed for the transition between solutions. I am unsure of the number of people needed because multiple activities were being run during the process, e.g., SharePoint migration.
What was our ROI?
The solution helped out management a lot. It reduced about 50% of the time needed to spend on this after implementation.
The organization saved money by consolidating into one solution instead of two or three.
What's my experience with pricing, setup cost, and licensing?
Microsoft's licensing and pricing are sometimes complicated. If someone is new to Microsoft's licensing, they might have difficulty with it.
Which other solutions did I evaluate?
We might have looked at other competitors. However, Azure Security Center was attractive because of its licensing, which was packaged with the Office 365 licensing, as well as the fact that it is a single solution.
What other advice do I have?
I liked the centralization that it offered. However, I am cautious about the licensing part because I am unsure how you would manage the solution if it wasn't bundled.
When we started, our team didn't make a clear roadmap, which slowed us down. I recommend that you clearly define your roadmap before getting started.
The solution is very good. I would rate it as eight out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Microsoft Defender for Cloud
December 2024
Learn what your peers think about Microsoft Defender for Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Manager at a tech services company with 10,001+ employees
Its incident alerts have reduced our manual work for a lot of things
Pros and Cons
- "One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things."
- "Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time."
What is our primary use case?
I work as a SOC manager. We use it for incident security, incident monitoring, threat analysis, and looking at remediation or suppression.
What is most valuable?
Most use cases that come from Microsoft are all automated. Even before any manual effort, the tool is designed in such a way that it just does the threat analysis. It gives us exactly what the incident alert is all about:
- The priority
- The threat
- The impact
- The risk
- How it can be mitigated.
Those are the key features of this particular tool.
The solution has features that have definitely helped improve our security posture.
One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things. The automation tool does the following (when human interaction is needed):
- Identifies what kind of an alert is it.
- Whether we have to dismiss it.
- When we need to take any action so the team can do it appropriately.
This is one of its key benefits.
It is easy to use based on my experience. If a newcomer comes in, it is just a matter of time to just learn it because it is not that difficult.
What needs improvement?
Most of the time, we are looking for more automation, e.g., looking to ensure that the real-time risk, threat, and impact are being identified by Microsoft. With the Signature Edition, there is an awareness of the real risks and threats. However, there are a lot of things where we need to go back to Microsoft, and say, "Are you noticing these kinds of alerts as well? Do we have any kind of solution for this?" This is where I find that Microsoft could be more proactive.
For how long have I used the solution?
I have been using it for more than nine years.
What do I think about the stability of the solution?
We have not had issues with tool usage or any hiccups.
There are certain glitches, which are areas of improvement, thus we continuously keep working with Microsoft. Microsoft does acknowledge this, because it's a learning experience for Microsoft as well. They always expect feedback and improvements on their tools, as it is a collaboration effort between Microsoft and the client.
What do I think about the scalability of the solution?
I work for an organization with more than 50,000 users. Under security alone, we have 5,000-plus users. On my team, we have around 400 people who are looking at it.
There are different roles in the company: project management, security operations (the red and blue teams), and pen testing. I lead a security operations center team, where we have L1, L2, L3, and L4 capabilities. All these come under the same umbrella of the security operations center, and they are all rolled up to the Chief Information Security Officer as part of security.
How are customer service and technical support?
An ongoing improvement for both Microsoft as well as for my organization: We need to work together. Sometimes, the solution doesn't work so we reach out to Microsoft Enterprise support for any help or assistance. If there is any feedback or improvement, then we work together, but they definitely have helped most of the time.
There are certain gray areas. We constantly work with Microsoft to notice whether there is something that only we, as a client, face. Or, if there are other clients who have the same kind of situation, issues, or scenarios where they need help.
I would rate Azure Security Center anywhere between five to six out of 10. Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time.
Which solution did I use previously and why did I switch?
We use Microsoft Defender and Splunk. We primarily went with Azure Security Center because of client requirements.
How was the initial setup?
The initial setup is pretty easy and straightforward.
To deploy just Azure Security Center, it took three to four hours. However, there are a lot of things that it depends on.
Different clients have different requirements. If the client says, "We are using Azure Security Center. We want to use Microsoft technology or products." We will go with that. There are clients who are using Cisco products as well.
What about the implementation team?
The solution architect usually designs it, taking into consideration the initial setup guide, playbook, and documentation.
We don't use consultants for the deployment.
What's my experience with pricing, setup cost, and licensing?
It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it.
What other advice do I have?
For organizations who have an on-prem environment and are planning to move to a cloud-based solution, Azure Security Center is definitely one of the best tools that they can use. Year-over-year, I can see a lot of differences and improvements that Microsoft has definitely implemented, in terms of risk analysis, threat impact, and risk impact.
Most of the time, for any action that is performed within an organization or environment, if there is a risk or threat analysis, it is the security operation center who gets to know about it. The end user doesn't get affected at any cost unless there is a ransomware or cyberattack.
I wouldn't say that this is the only tool or product that has helped us out. There are a lot of technologies that Microsoft has come up with, which all together have made a difference. From a score of one to 10 for overall security, I would rate Azure Security Center somewhere between a seven to eight. This is not the only tool that my team depends on. There are other tools, but in terms of threat analysis and threat impact, this particular tool has definitely helped us.
We use a lot of Microsoft technologies, not only Azure Security Center. Apart from Azure Security Center, we use the playbook. We are also moving forward with Azure IoT Central and Log Analytics, which is a SIEM tool. So, I have Azure Security Center, Azure Advanced Threat Protection, Windows Defender, Log Analytics, and Azure IoT Central.
Using Azure Security Center, there are a lot of things that get automated. So, I am not dependent completely on Azure Security Center. It is a collaboration of different tools and technologies to achieve the end result. That is why I am saying seven to eight out of 10, because I am not dependent on a particular tool. It is also one of the tools that is definitely helpful for checking risk analysis, but there are other tools as well.
I would rate Azure Security Center as seven to eight of 10. If you talk about Microsoft products, I would rate it anywhere between eight to nine out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Senior Architect at a tech services company with 10,001+ employees
A ready-made service that reports security threats and vulnerabilities
Pros and Cons
- "This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot."
- "One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view."
What is our primary use case?
We are working for a major client in the UK. So, we are moving all the products of clients from their on-premises environment to the cloud. One of the biggest challenges we face, “Once the infrastructure is created in the cloud, how can we make sure that the infrastructure is secure enough?” For that purpose, we are using Azure Security Center, which gives us all the security loopholes and vulnerabilities for our infrastructure. That has been helpful for us.
How has it helped my organization?
We use the Azure Security Center to scan the entire infrastructure from a security point of view. It gives us all the vulnerabilities, observations, etc. It reports most of the critical issues.
From an organization or security audit point of view, there are few tools available in the market. The output or score of Azure Security Center has really helped the organization from a business point of view by showing that we are secure enough with all our data, networks, or infrastructure in Azure. This helps the organization from a business point of view to promote the score, e.g., we are secure enough because this is our score in Azure Security Center.
We are using it from a security point of view. If there is a threat or vulnerability, the solution will immediately scan, report, or alert us to those issues.
What is most valuable?
We are using most of the good services in Azure:
- The load balancing options
- Firewall
- Application Gateway
- Azure AD.
I value Azure Security Center the most from a security point of view. Everybody is concerned about moving data or infrastructure to the cloud. This solution proves that we are secure enough for that infrastructure, which is why I really value the Azure Security Center. We are secure in our infrastructure.
This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot.
What needs improvement?
From a business point of view, the only drawback is that Azure or Microsoft need to come up with flexible pricing/licensing. Then, I would rate it 10 out of 10.
For how long have I used the solution?
We have been using it in production for the last three years. I have been part of the cloud migration team for Azure Cloud for the last two years.
What do I think about the stability of the solution?
We started using Azure Cloud from the initial version. Every week or month, there are updates in Azure. For the last three years, we have been using the latest version.
What do I think about the scalability of the solution?
Whenever we increase the number of our resources, Azure Security Center easily copes with it. Since this is a ready-made service, it will automatically scale.
We are working with around 100 to 150 major clients in the UK. Each client has 200 to 500 users.
From an overall infrastructure point of view, we have a five member team.
How are customer service and technical support?
We are getting adequate support and documentation from Microsoft. We are a Premium customer of Microsoft, so we are getting support in terms of documentation and manual support.
Which solution did I use previously and why did I switch?
We were using this service from the onset.
How was the initial setup?
This is a PaaS service. It is a ready-made service available in Azure Cloud. It is very easy to use and set up because you are using the platform. We don't want to maintain this service from our end.
There are different models when it comes to the cloud:
- Infrastructure as a service
- Platform as a service
- Software as a service.
We are using sort of a hybrid, both infrastructure as a service and platform as a service.
What about the implementation team?
We are using our own team for the deployment.
We consume or subscribe to the service. Azure takes care of the maintenance and deployment, and we don't need to worry about it.
What was our ROI?
We are securing our customers' infrastructure using Azure Security Center. That internally helps their overall organization meet their goal/score on security.
So far, the feedback from the customer and our team have been really positive. We are very happy and getting return on investment from this product.
What's my experience with pricing, setup cost, and licensing?
Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool.
One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view.
Which other solutions did I evaluate?
Other than Azure Security Center, we did not find a single tool which could analyze all our infrastructure or resources in Azure Cloud.
We were mainly looking for products or tools native to Azure. The other tools that we evaluated were not native to Azure. Azure Security Center is natively attached to Azure. Because other tools were not natively supporting Azure, then we would have to maintain and deploy them separately.
What other advice do I have?
So far, we have received very positive feedback from the team and customers. Because it is a single tool where we list all the problems or vulnerabilities, we are happy as a team. The customer is also happy.
End users are not interacting with Azure Security Center. This is a back-end service that evaluates security.
There are no other good tools in Azure, other than Azure Security Center, which will evaluate and alert you to security vulnerabilities and threats. So, if somebody is really concerned about the security of their infrastructure in Azure, I suggest you use Azure Security Center. The features that it provides from a security point of view are amazing.
I would rate the product as a seven or eight (out of 10) because it is really helping us to improve our security standards.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Product Marketing at a tech services company with 10,001+ employees
It offers a comprehensive overview across different workloads
Pros and Cons
- "The most valuable feature is the comprehensive overview across different workloads. It allows us to see protection not just across one workload, such as virtual machines, containers, infrastructure, or data, but across all our workloads. This overall visibility is really helpful."
- "I would rate Microsoft Defender for Cloud a nine out of 10."
- "The range of workloads is broad, but we'd love to add more workloads and make it a single security solution that covers all those workloads. Covering more would allow us to see and protect more workloads from a single pane of glass. Additional features should include protection for more AI workloads as it currently focuses primarily on OpenAI."
- "The range of workloads is broad, but we'd love to add more workloads and make it a single security solution that covers all those workloads."
What is our primary use case?
Our primary use case for Microsoft Defender for Cloud is mostly security posture management.
How has it helped my organization?
Defender for Cloud has improved our security posture. Defender provides us with a prioritized list of security issues to remedy, which improves our security operations because we know what to tackle first.
What is most valuable?
The most valuable feature is the comprehensive overview across different workloads. It allows us to see protection not just across one workload, such as virtual machines, containers, infrastructure, or data, but across all our workloads. This overall visibility is really helpful. The recommendations and prioritizations help us understand what to address first.
I use the free CSPM functionality. I don't always use the recommendations because I'm sometimes scared to implement those immediately.
What needs improvement?
The range of workloads is broad, but we'd love to add more workloads and make it a single security solution that covers all those workloads. Covering more would allow us to see and protect more workloads from a single pane of glass. Additional features should include protection for more AI workloads as it currently focuses primarily on OpenAI.
For how long have I used the solution?
We have been using Microsoft Defender for Cloud for two years.
What do I think about the stability of the solution?
The sustainability of Microsoft Defender for Cloud is quite stable, especially with the free tier we're using. It provides a lot of value for being free.
What do I think about the scalability of the solution?
Scalability is still to be determined. We have deployed it across several workloads, but we'll need to see how it performs as we expand to more resources and workloads.
How are customer service and support?
We haven't had to reach out to customer service or technical support yet. Therefore, I can't rate it at this moment.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I didn't use any different solutions previously. We opted for Microsoft Defender for Cloud due to easy integration with our other Microsoft products.
How was the initial setup?
It was easy to set up as we enabled it across our workloads in Azure.
What about the implementation team?
We handled the deployment ourselves without any integrator, reseller, or consultant.
What was our ROI?
Being a free tool, it provides visibility and insights into workloads that we wouldn't have had otherwise. This is definitely a good return on investment.
What's my experience with pricing, setup cost, and licensing?
We only use the free tier, so we haven't faced any pricing, setup costs, or licensing challenges.
Which other solutions did I evaluate?
We didn't evaluate any other solutions as Microsoft Defender for Cloud integrated easily with our existing Microsoft products.
What other advice do I have?
I would rate Microsoft Defender for Cloud a nine out of 10. It offers free insights and extensive visibility into workloads for a free product, which is great for us.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Interact
Last updated: Dec 16, 2024
Flag as inappropriateIT Administrator at a university with 10,001+ employees
Lists the criticality that is the most insecure for our environment
Pros and Cons
- "The most valuable features are the security recommendations provided by Defender for Cloud."
- "Defender for Cloud has improved our security posture."
- "If they had an easier way to display all the vulnerabilities of the machines affected and remediation steps on one screen rather than having to dive deep into each of them, that would be a lot easier."
What is our primary use case?
We are using Defender for Cloud to check in on security and vulnerability management.
How has it helped my organization?
When we were switching from on-prem to the cloud, we did not have the vulnerability management tool to give us alerts on that. We were using Tenable Security Center on-prem. When we moved to the cloud, we needed a solution and chose Defender for Cloud. Now, when we do our vulnerability management meetings, we refer to Defender for Cloud recommendations. We can assign them to technicians or security personnel in case we need to change policies or make exceptions. It is set up to ensure only security personnel can dismiss a recommendation.
It lists the criticality that is the most insecure for our environment and the criticality score for it. This is helpful for us to know what we need to deal with first.
Defender for Cloud has improved our security posture.
What is most valuable?
The most valuable features are the security recommendations provided by Defender for Cloud.
What needs improvement?
Tenable Security Center has a list of all of our vulnerabilities. I can sort it by vulnerability or by machine. Defender for Cloud does do that, but it is just not as clean and easy to get to. It sometimes gets too deep in the weeds, and I do not know how I got to that point. If they had an easier way to display all the vulnerabilities of the machines affected and remediation steps on one screen rather than having to dive deep into each of them, that would be a lot easier.
There can be an easier-to-read dashboard. It would be nice to be able to see the top ten vulnerabilities that we have specific to a system on the dashboard. We can view the security score currently, but a cleaner and simpler display would be good.
For how long have I used the solution?
I have been using Defender for Cloud for three years.
What do I think about the stability of the solution?
It is pretty stable and feels solid.
How are customer service and support?
We have struggled with Microsoft customer service quite a bit. While experts are a ten, the overall experience is not always positive and we have had to make a complaint. When we are able to get to a call with their experts, it is great, but it can take time to get to that level. We have had to raise a ticket for the same thing about three times.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using Tenable Security Center on-prem. We switched because we were moving to a Microsoft-centric cloud solution.
How was the initial setup?
It was easy. The setup was handled by a technician who did not report any significant issues.
What about the implementation team?
We did not use any third party for deployment.
What was our ROI?
We have seen a return on investment, but I cannot quantify it.
Which other solutions did I evaluate?
We did not evaluate other solutions because we were only looking for a Microsoft-centric solution.
What other advice do I have?
I would rate Defender for Cloud an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Nov 30, 2024
Flag as inappropriateIT Manager at Discover Dollar Technologies Pvt Ltd.
Enhanced security with exceptional threat detection and adaptable AI
Pros and Cons
- "The most valuable features are the monitoring of users, endpoint detection and response, and the adaptability of the AI threat intelligence engine, which quickly adapts to customizations."
- "The pricing could be better."
What is our primary use case?
We use Microsoft Defender for Cloud security, including endpoint detection and response, and user monitoring. We utilize every feature and functionality that Defender provides.
How has it helped my organization?
The threat detection capabilities of Microsoft Defender for Cloud have positively impacted our overall security posture. We can sleep soundly at night knowing that it is causing the system.
What is most valuable?
The most valuable features are the monitoring of users, endpoint detection and response, and the adaptability of the AI threat intelligence engine, which quickly adapts to customizations.
What needs improvement?
The pricing could be better. Additionally, while Microsoft Defender for Cloud adapts well to customizations, it does generate a lot of false positives if the agent is not running. We would also appreciate portion management specifically for Microsoft 365.
For how long have I used the solution?
We have been working with Microsoft Defender for Cloud for three years.
What do I think about the stability of the solution?
Most of the features are in preview, which sometimes causes issues, but overall, it works well.
What do I think about the scalability of the solution?
Microsoft Defender for Cloud is highly scalable. We have not faced any challenges with scalability.
How are customer service and support?
Microsoft's documentation is very comprehensive, resolving 95% of issues. Thus, we haven't had much need to engage their support team. The documentation is sufficient for resolving most issues.
How would you rate customer service and support?
Positive
What about the implementation team?
We handled the installation in-house with a team of two engineers.
What's my experience with pricing, setup cost, and licensing?
The solution is subscription-based, and while it is generally affordable, there are often hidden costs. The overall pricing could be more competitive.
What other advice do I have?
I highly recommend the product due to its comprehensive features and easy management, especially if your stack is on Microsoft. I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Sep 16, 2024
Flag as inappropriateInformation Security Specialist-Associate Consultant at a tech services company with 5,001-10,000 employees
Scans for vulnerabilities in a cloud environment, gives recommendations according to the framework, and improves our Secure Score
Pros and Cons
- "The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark."
- "After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated."
What is our primary use case?
We use Microsoft Defender to scan for vulnerabilities related to any container or server in the cloud environment in Azure. Microsoft Defender suggests recommendations and security alerts according to the default framework. We can also use other frameworks like ISO benchmarks to assess our infrastructure and get recommendations on what can be fixed.
The solution is deployed on a public cloud, and Azure is the cloud provider.
We use Microsoft Defender for Cloud to natively support Azure.
We are resellers. We customize the solution and sell it to clients.
How has it helped my organization?
The solution has improved our organization in terms of benchmarking. Our Secure Score has improved a lot, and we're compliant with particular benchmarks.
The single-pane-of-glass view gives us the Secure Score in a single dashboard. It shows us all of the collective resources we have, including what is on-premises and on the cloud. It's a single graphical representation and a unified view that we can customize according to the client. We can adjust the Secure Score dashboard to show whatever the client wants to see. It can show the Secure Score, security alerts, and compliance score. The compliance score shows how compliant the environment is.
Our current security posture is a combination of the benchmark plus Zero Trust. We have a set of policies in Zero Trust that covers all six layers of the cloud, like the identity network, infrastructure, applications, endpoint, and end data. It's structured to cover every aspect of the cloud using the customized policy in Microsoft Defender.
The solution has improved our Microsoft Security Score a lot.
Microsoft Defender is set to scan the virtual machines, SQL databases, and private endpoints every 30 minutes. For some of them, we just clicked "quick fix" and it created a private endpoint instantly and showed that it was rectified. Those quick fixes were instantaneous.
For our response time, critical findings take approximately two days while medium findings take three to seven days.
The solution has increased our efficiency.
What is most valuable?
The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark. We can also use our customized benchmark, like Zero Trust, if we want to implement it.
We can deploy different net agents on the on-premises assets, and Defender will scan those on-premises resources and give us recommendations to fix them.
The solution gives us recommendations to enable a DDoS protection plan on our virtual network. Right now, the DDoS, enforcing MFA, and conditional access policies make our organization more secure.
It's a good tool for keeping multi-cloud infrastructure and cloud resources secure. It's a market leader right now.
What needs improvement?
Right now, the solution covers a limited set of resources. If taken into scope, it will improve more.
After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated.
Sometimes we'll receive a recommendation, but the problem still won't be fixed. This could be due to end-of-life machines. If the solution isn't properly refreshed, we need to wait for two or three days to remove those recommendations. Sometimes we have to reach out to Microsoft to check why the problem hasn't been fixed after following the recommendations.
For example, after a recommendation about AML files, it didn't show that the fix had been applied even though it was. It took more than four days to show that the fix had been applied.
There are some policies that we're not able to use due to some business justifications. For instance, the storage account should be private, but it's public because a third party is interacting with that storage account and we can't limit the public access because there is no whitelisting available in terms of IPs.
For how long have I used the solution?
I have used this solution for three years.
What do I think about the scalability of the solution?
It's scalable, but it's an additional cost to increase the scalability.
How are customer service and support?
I would rate the technical support a seven out of ten. They respond quickly and give us detailed information.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We have also used CSPMs and other tools, but there were some limitations there. Defender gives us more customization in terms of frameworks, which is why we chose it.
How was the initial setup?
The initial setup was straightforward. It took one day. We used two full-time team members for deployment.
What about the implementation team?
We deployed the solution in-house and designed the architecture.
What was our ROI?
This solution saved us money.
What's my experience with pricing, setup cost, and licensing?
There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan. It provides threat detection and integration capabilities. We have not enabled that due to the cost, but it's a possibility.
What other advice do I have?
I would rate this solution an eight out of ten. Using this solution gave us confidence.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Microsoft Defender for Cloud Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Cloud Workload Protection Platforms (CWPP) Vulnerability Management Container Management Container Security Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Data Security Posture Management (DSPM) Microsoft Security Suite Compliance ManagementPopular Comparisons
Prisma Cloud by Palo Alto Networks
SentinelOne Singularity Cloud Security
AWS GuardDuty
Orca Security
Akamai Guardicore Segmentation
CrowdStrike Falcon Cloud Security
Aqua Cloud Security Platform
Check Point Harmony Email & Collaboration
Lacework FortiCNAPP
Cisco Secure Workload
Check Point CloudGuard CNAPP
Trend Vision One - Cloud Security
SUSE NeuVector
Buyer's Guide
Download our free Microsoft Defender for Cloud Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How is Prisma Cloud vs Azure Security Center for security?
- What tools provide the best container environment security?
- When evaluating Cloud Workload Security, what aspect do you think is the most important to look for?
- Can we customize the dashboard in Threat Stack Cloud Security Platform? Any recommendations for an alternative solution supporting dashboards?
- What are the best cloud workload security software solutions?
- Why use cloud workload security software?
- Why are Cloud Workload Protection Platforms (CWPP) important for companies?
- Why is CWPP (Cloud Workload Protection Platforms) important for companies?