What advice do you have for others considering Microsoft Defender for Cloud?

I give the solution a seven out of ten. Compared to Microsoft Defender, Microsoft Sentinel is a more mature solution. We can connect to Active Directory from Sentinel to identify risky users which is information that we can't get from Defender. If we could establish the connections to Azure Active Directory and Azure Active Threat Production plan, we could define our flow, which would be connected with the workspace. Microsoft Sentinel is more flexible and is ideal for more complex security scenarios. The solution is applied for resources in the subscription. It does not differentiate the environment. If we select the app services, it will secure all the app services in all the environments. If it's not segregated as per the environment, it can create security issues. We have three different environments: production, QA, and dev and we can only deploy the resources in two regions, which are supported by the geo in India. We have virtual machines that need to be patched. But the patching analysis isn't done by Defender. Our solutions provide patching recommendations that have to be completed manually.

It's very expensive in terms of the need to maintain it actively. You need a group of people in the organization to do the job because if the tool is sending information, a bunch of alerts on policies that we created, and nobody is reviewing it, it is doing nothing. Once you create policies, you have to have a very established group that, based on the design of all of the policies, will follow a process to take action on each of them. Some of them were very complex and some of them were very simple. Some of them were automated and others were escalated, depending on the danger. So it can be very complex, depending on how you implement it in your organization. The tool doesn't solve the problem, it just gives you the information so that you can solve the problem. Solving the problem takes a lot of resources, a lot of time and, it turns out, money. So it's expensive. I don't think it saves time because it discovers things that would never have been discovered in any other way.

I would definitely recommend Microsoft Defender for Cloud, provided they make some improvements in the MDVM part. I'd rate the solution eight out of ten.

I highly recommend the product due to its comprehensive features and easy management, especially if your stack is on Microsoft. I'd rate the solution eight out of ten.

We decided to go with Microsoft Defender for Cloud because of its ability to cover cloud applications. No other tool we've seen has such vast coverage for Azure Cloud applications. Also, since it's a Microsoft native tool, it's easier to implement in Azure cloud. Overall, I would rate Microsoft Defender for Cloud eight out of ten. My advice for other users using the tool is to first do a proper risk assessment around the cloud, develop use cases based on the protect-identify-detect-defend model, and then implement the solution accordingly.

I would recommend the solution to others and rate it a nine out of ten.

Specific government protocols and security standards must be followed in a secure environment. Microsoft Defender for Cloud helps manage vulnerabilities in your cloud infrastructure. It offers protection against threats such as worms, spyware, and viruses. The tool provides continuous monitoring and real-time threat detection, which is essential for maintaining a secure network environment. Overall, I rate the solution an eight out of ten.

I would rate Microsoft Defender for Cloud eight out of ten, mostly because of documentation and availability of information. The difference between the Azure Active Directory Premium P1 and P2 licenses lies not only in their capabilities but also in the amount of logging that is performed for each user. I need to know what is and is not being logged, and which security events are not being logged. I can't find a list of these events anywhere. What is the difference between a one-year retention license and a 180-day license? What additional logging is performed with the one-year license? Microsoft has mentioned that advanced auditing is occurring, but I don't know which events they are getting. I would like to see a list of all the events that are logged, from least to most. This list would probably look like a triangle, with a few items at the top and more and more items as we go down. I would like to see this list for both the AAD Premium P1 and P2 licenses. I can't get this list. My client has asked me what events we are not capturing, and my answer is that I don't know because I can't find it. Microsoft won't give me a list of the events that are logged, either. They can only reference the services that the events map to. I want to know the events. The uncertainty and doubt around this is a security feature. Microsoft is trying to make me buy the product because they know that if I get hacked, I could be liable for malpractice. But I'm not going to buy it without more details. I'm very upset that they didn't provide more information.

I would rate Microsoft Defender for Cloud nine out of ten. We have Microsoft Defender for Cloud deployed across 2,000 locations and over 3,000 endpoints. No maintenance is required from our end.

We use Microsoft Defender for Cloud to support Azure natively. The solution’s ability to protect hybrid and multi-cloud environments is pretty important for us. Just as much as anyone else. The unified portal for managing and providing visibility across hybrid and multi-cloud environments could be better with some of the ways things are displayed. Overall, it’s all right. We have had the solution since we started cloud. I cannot provide a comparison for it. I don't pay too much attention to Microsoft Secure Score. However, I’m sure the product has affected it. We use the product to track down vulnerabilities and missing patches. When those get passed, I'm sure that it changes the score. We have integrated Microsoft 365 and Microsoft Defender for Cloud with Microsoft Sentinel. However, I don't deal with it specifically. The tool’s UI could be better. As it is right now, we can only view information from one device at a time. It is extremely limiting. The solution is pretty good at keeping our multi-cloud infrastructure and cloud resources secure. We use AWS, and we also have some Windows devices in AWS. We have Microsoft Defender on those. Microsoft Defender for Cloud has helped save some of our SOC time. The reporting features, being able to search multiple devices for a specific vulnerability or incident and tying it back, are very difficult to do in the UI. There's some scripting that can be done, but that doesn't make it easier for a lot of people. We have set up alerts in the tool. That, combined with other industry scanners like Tenable Nessus, Invicti, and a couple of others that we utilize in our environment, sends updates and alerts to us so that we can quickly respond to issues. We were not measuring TTR. So, the effect on the overall TTR is negligible. It is hard to quantify whether the product has saved us money. We haven't seen any attacks from ransomware gangs. Possibly, those are being prevented, and we don't get alerts for some of these attacks. It has not saved us money. It's expensive. However, it is not expensive compared to all our computers being locked up, and someone demanded two million dollars. People evaluating the product must look at other options to determine what works best for their environment and organization. It may not necessarily be the best option, but it might be. It certainly works well in a wholly Microsoft Windows environment, especially with other Microsoft software as a primary. If they’re using OfficeSuite, like Microsoft Word and Microsoft Excel, it works well. If they have other things within their environment, they must do their homework and research to see if it works. Overall, I rate the tool a seven out of ten.

I give Microsoft Defender for Cloud an eight out of ten. We have not used all the modules yet. The time to detection has remained relatively the same. Our time to respond has remained the same because we previously used Prisma Cloud. Prisma Cloud is what we were using before, so we already have an established service level for handling incidents. We are remediating some of the configuration and cloud issues. The primary users of the solution in our organization are the automation team and the software engineering team. We have also migrated some of our ERP systems to the solution. I recommend Microsoft Defender for Cloud because it is a mature product that can meet most businesses' security requirements and budgets.

I rate Microsoft Defender for Cloud an eight out of ten. Getting all your security solutions from a single vendor makes things easier to manage. However, the Microsoft security suite is quite expensive.

I would rate this solution an eight out of ten. Using this solution gave us confidence.

I rate Microsoft Defender for Cloud a seven out of ten. Most of the time, it isn't the most advanced antivirus software on the market. It isn't a highly complex solution. It's something that a lot of analysts can use. Defender gives you a broad overview of what's happening in your environment, and it's a great solution if you're a Microsoft shop.

We don't use the full capabilities of Defender for Cloud so I don't know if it is the same as Defender for Endpoint. That solution is autonomous and acts on incidents immediately, based on playbooks for a type of incident behavior. Defender for Endpoint is capable of acting immediately when an attacker wants to encrypt a disk, for instance. I don't know if Defender for Cloud has the same capabilities, but it should. In the discussion about going with a best-of-breed strategy or a single vendor's security suite, we have a mix. My thought is that I would like to have at least two big vendors, rather than one for everything. That way they can challenge each other. Overall, I'm happy with Defender for Cloud. We're just at the beginning of using it but we want to extend our own solutions with Defender for Cloud as much as possible.

When you are designing the solution, you should activate the solution from day one. I would rate this solution as 8.5 out of 10.

The intelligent threat hunting provided by Microsoft 365 and Microsoft Sentinel based on the alerts, incidents, and logs passed along by Microsoft Defender for Cloud is moderate. The ability of Microsoft solutions to work natively together to deliver integrated protection as well as coordinated detection and responses across the environment is improving a lot, but it still has a ways to go. Overall, if you are worried about security, you should have Microsoft Defender for Cloud. It's the minimum you should have.

I rate Defender for Cloud eight out of ten. It uses more resources than competing solutions, but that's the only issue. If you plan to implement Defender for Cloud, I recommend considering the operating systems you use. If there are a lot of Server 2008 and 2012 VMs, it might not be the best solution. It is still possible, but it's harder to monitor and manage. It's tricky to check if everything works. These issues don't exist as long as you use the 2016 version or above.

I would rate this solution six out of ten. As a perimeter defense system, I would rate the solution a seven. As a micro-segmentation system or application, I would rate it a four. As a perimeter defense solution, it's excellent. As a micro-segmentation product, it's not so great, especially if you have a lot of systems. It's not the product's fault because I don't think that's what it was built for.

We are channel partners for Microsoft. We are a gold partner and a channel partner. We earlier were using the on-premises deployment. Then we moved to the cloud for the last two-and-a-half years. It's a hybrid cloud. I'd advise new users that they can implement it, however, it is complex in nature. No doubt it is useful as per the log analysis and threat protection analysis. I would rate the solution a seven out of ten.

I rate Defender for Cloud eight out of ten. I would recommend it depending on your use case. It's a single solution that can address mixed infrastructure that includes on-premises, AWS, GCP, or Azure. Defender can provide security for all four.

I rate Azure Defender eight out of 10. If you're looking for standard Azure Defender services like cloud posture management or application security, these features are all highly mature. Defender also has newer capabilities that they recently introduced, such as endpoint security, cross-cloud integration with Azure Arc, and Kubernetes runtime security. These are all new services, so potential users need to think twice before buying into it solely for these features because I don't think the support is there to encourage customers to buy the product. I don't feel confident about Microsoft's support in these particular areas. I would exercise caution before buying Defender for these particular use cases.

It's a good solution for, I'd say, small to medium business startups. It's also viable for enterprise solutions. I'd rate the solution at a ten out of ten. We have been very happy with its capabilities.

When you're using such platform services, you've got to be a little bit careful because the products are always getting updated. You need to keep an eye on the product roadmap in terms of what's coming up so that you are not duplicating. That's what we had to do with Stackrox. We discussed with Microsoft's technical support team, and we got a confirmation that they're not going to take care of CIS benchmarks in the near future. It was a little bit disheartening, but at least, we knew upfront that Microsoft is not going to look into this area. They were open and candid about what they were going to do and what they were not going to do. So, we started looking at other products. Microsoft keeps on updating its products to keep them relevant. So, you need to know what they are implementing in the next three months or six months so that you can at least tell the security teams that a certain feature is coming up. We didn't have to do it for Azure Security Center, but for Azure Firewall, we had to request certain features, and there are a lot of features that are still pending. For example, if I use Azure Firewall, just-in-time permissions do not work. If VMs are behind Azure Firewall, then through Azure Security Center, I can't give permissions, but if I use the Palo Alto firewall, I can do the same. So, we had to set up our VMs by using the Palo Alto firewall. Sometimes, Microsoft does strange things, and they don't talk to the Azure Firewall team. After one and a half years of asking for that feature, it is still a no-go. We want to use Azure Firewall because it is not VM-based. With the Palo Alto firewall, I have to provide one more VM in between and start administering it. So, I have one extra resource that needs to be administered, and it is non-Azure or non-Microsoft. When you start enforcing policies across multiple subscriptions, you need to be very careful. You need to pay attention to the notifications that come out. The notification details were where we had to do some customization. We had to prioritize the notifications and then put them into a group mailbox so that instead of one person, a group of teams gets notified. We could write an Azure function around it to integrate with Microsoft Teams. We could push them to the Microsoft Teams channel. It took some amount of effort. It took about a week of tinkering, but we were able to notify the entire development team. As we started auditing and enforcing from our sandbox to the development environment, we started discovering a lot more things. We got formal requests on why we had to disable some policies. We got more specific feedback. When we are able to catch such things early in the life cycle, it becomes easier to protect the higher-level environments properly. It was very good in terms of the dashboard, converting from non-compliance to audit, or enforcing policies across multiple subscriptions. We had to customize the notifications, and it would've been nice if there was a more intuitive way of customizing the notification, but it might also be because of our knowledge level at that time. We could have also integrated it with Slack because it supports integration with Slack, but we predominantly use Microsoft Teams. I would advise others to start playing with it. They can start with a sandbox environment. If an enterprise has multiple resources, such as VMs, databases, they should put all of them in different resource groups in a subscription and categorize their resources properly. All resources should be structured properly. Otherwise, it is really difficult to administer policies at the resource level. They have to group them properly so that they are managing resource groups or subscriptions rather than individual resources. So, structuring of the resources is the key to the administration of policies. It took quite some time for us. It was not an easy task. We create Terraform scripts for setting the entire infrastructure. So, we had to reorganize our Terraform scripts to ensure that the resources were created in appropriate resource groups and communication can happen across resource groups. We had to set up the NSGs properly from the network point of view so that they all were accessible. It took us quite some time, but organizing the resources pays very well when it comes to spinning the higher-level environments and ensuring that they're compliant or they work. I would rate it an eight out of 10.

I worked on all the Defenders, ten now, and, right now, we are more focused on Azure Defender, which is a part of the Azure Security Center on the Azure Portal. Defender is actually deployed on servers including other staff services, second path services, servers and community, and SQL databases. On each of these, you can deploy Defender. This product is a Saas solution that is automatically updated from the Microsoft side. Any clients will not need to update manually. If you have a hybrid cloud network or hybrid environment inside your organization, this solution will still work for you. I'd rate the solution at an eight out of ten. When it comes to Microsoft, the education surrounding Azure services and training is very easily available online without having to make any calls. If you want to join their webinars, you can join. If you want to get any certification, it is almost free for everyone. For a student they offer the training at 50% or 40% of the cost, or if you work at a good company. I did not pay anything for any certification. I have eight certifications from Microsoft.

I liked the centralization that it offered. However, I am cautious about the licensing part because I am unsure how you would manage the solution if it wasn't bundled. When we started, our team didn't make a clear roadmap, which slowed us down. I recommend that you clearly define your roadmap before getting started. The solution is very good. I would rate it as eight out of 10.

I rate Azure Defender an eight out of ten.

For organizations who have an on-prem environment and are planning to move to a cloud-based solution, Azure Security Center is definitely one of the best tools that they can use. Year-over-year, I can see a lot of differences and improvements that Microsoft has definitely implemented, in terms of risk analysis, threat impact, and risk impact. Most of the time, for any action that is performed within an organization or environment, if there is a risk or threat analysis, it is the security operation center who gets to know about it. The end user doesn't get affected at any cost unless there is a ransomware or cyberattack. I wouldn't say that this is the only tool or product that has helped us out. There are a lot of technologies that Microsoft has come up with, which all together have made a difference. From a score of one to 10 for overall security, I would rate Azure Security Center somewhere between a seven to eight. This is not the only tool that my team depends on. There are other tools, but in terms of threat analysis and threat impact, this particular tool has definitely helped us. We use a lot of Microsoft technologies, not only Azure Security Center. Apart from Azure Security Center, we use the playbook. We are also moving forward with Azure IoT Central and Log Analytics, which is a SIEM tool. So, I have Azure Security Center, Azure Advanced Threat Protection, Windows Defender, Log Analytics, and Azure IoT Central. Using Azure Security Center, there are a lot of things that get automated. So, I am not dependent completely on Azure Security Center. It is a collaboration of different tools and technologies to achieve the end result. That is why I am saying seven to eight out of 10, because I am not dependent on a particular tool. It is also one of the tools that is definitely helpful for checking risk analysis, but there are other tools as well. I would rate Azure Security Center as seven to eight of 10. If you talk about Microsoft products, I would rate it anywhere between eight to nine out of 10.

I would rate Azure Security Center a nine out of 10.

We use between 80% and 90% of the functionality within the solution. We don't use workbooks as of now but otherwise, we use pretty much everything. There are a few options that are included but not enabled out of the box. One example of this is Azure Defender. Maintenance-wise, one thing that we do is keep up to date on policies and compliance. Microsoft provides a lot of out-of-the-box compliance initiatives, and sometimes they can go out of date and are replaced. We have to make sure that the new ones are correctly enabled and that the older ones are no longer active. Essentially, we want to disregard the old policies and ensure that the new ones are enforced. The biggest lesson that I have learned is to keep an eye on your resource usage in Azure, because if it's a large environment with a lot of users then you might not know who opens the door to the outside. Using Security Center lets you keep track of what's going on in your environment. I would rate this solution an eight out of ten.

My advice for anybody who is implementing this product is to start building knowledge about it. Go to the Microsoft documentation and learn about it. As much as they show all of its great functionalities, you really need knowledge of other supporting resources that work with Azure Security Center, because it is just like a hub. It's what you push into it and how you customize it that determines what you get. This means that if you don't have knowledge of Firewall Manager and you just want to use Security Center, it becomes a problem for you. This is something that you need to know. So, I advise people to get a holistic knowledge of all of the supporting resources that work with Azure Security Center to be able to maximize its value. If you are looking to build on Azure then I would recommend the Security Center, mainly because of the cost and you will immediately get all of the functionality that you need. The biggest lesson that I learned from using this product is that you don't get the best value right out of the box. You need further customization and configuration. The capabilities are there but if you don't have a dedicated security team with good technical know-how, such as scripting skills, or being able to work with the Logic App, or maybe the basic functionalities of security, then when you want more in-depth details into your subscriptions, it will become a problem. I would rate this solution a seven out of ten.

For cloud security posture, Azure Security Center is a good product. It is different from a Security Information and Event Management (SIEM) tool. We are also using a SIEM tool. Microsoft has a SIEM tool called Sentinel, and there are many SIEM tools out there in the market such as Splunk, QRadar, and ArcSight. Azure Security Center is not a replacement for Sentinel. It gives the complete posture of your cloud. It was started with the purpose of finding any anomalies and malfunctioning for Azure AD, which is related to login and logout of employees, but then they elaborated it a bit more. I would rate Azure Security Center a nine out of 10.

The first piece of advice that I would give somebody who's going to try to use Security Center is to try to understand their environment as much as possible, and then try to match their environment with the recommendation section of the tool and start remediating from there. There are going to be recommendations in Security Center that will make sense if the team looking at the security infrastructure understands what is going on. If the team does not have a full understanding then it will be very difficult to know what to do, or how to remedy it. The fact that I had to deal with many components, of which I don't know very much about, has been really great because it forced me to learn about their security. Typically, I don't have to deal with that. My learning has definitely increased, and of course, that's always good. I would rate this solution a nine out of ten.

In summary, if you would like to work with a product that addresses security in the cloud, or in a multi-cloud environment then this is exactly the product. There is no need to implement anything else. There are multiple things that are absolutely nice about this product. That said, there is no such thing as a perfect product. I would rate Azure Security Center a nine out of ten.

Azure Defender and Azure Resource Manager are all a part of Microsoft Azure. We use all of them. This solution has the best security center, security manager dashboard that I have ever seen. I would recommend using this solution. It has everything in one place, and it's easy to configure and easy to deploy. I would rate Azure Defender an eight out of ten.

I would recommend this product. I would rate this solution an eight out of 10.

I would rate Security Center an eight out of ten. Not a ten because of the bugs that we have experienced and because of the cost. It's quite a good product. It helps to understand the infections and issues you are facing.

I plan to continue using this solution and I recommend it to others. I would rate Azure Security Center a seven out of ten.

I would highly recommend this solution. I would rate Azure Security Center an eight out of ten.

I am currently working on my Cloud Security Certification. For anyone who is considering this solution, from a cybersecurity standpoint, if they are doing any kind of scanning, vulnerability scanning for software or systems and they're feeding into the cloud, make sure to check whether the security center doesn't offer adequate options for them to work with. If not, then look into other software like Spunk. They look into everything and they have plenty of conversations with the staff. That's the cloud security provider. I would rate Azure Security Center an eight out of ten.

We're a Microsoft partner. The solution works for us, however, a client has its own needs and requirements. It's not a one-size-fits-all solution. I'd rate the solution seven out of ten.

I would say the biggest advice I'd give to anyone is to make sure that your hierarchy for your subscriptions is done correctly, single management. You can't have 10 different groups managing it. It's got to have a single structure of management and then the hierarchy needs to be set up correctly. I would give it an eight out of ten. I think it's one of the best in breeds. I'm comparing it to AWS and some of the smaller ones out there, but I find it very intuitive. That's one thing I do like about their products, they're very intuitive. Not a perfect ten because we're not using it to its full capacity.

If you're in the world of cloud and your company is using Azure as their primary cloud, I think Azure Security Center is a must-have feature, because it provides a bird's eye view of the entire security position of the organization. The solution is integrated and there is service from Microsoft. New features are being added regularly and I think it's a great solution. I would rate this solution an eight out of 10.