Azure DDoS Protection vs Microsoft Defender for Cloud comparison

"The most important feature is that the solution continuously monitors traffic by inbuilt rules to identify preconfigured attacks."

"I like the user interface, documentation, and support. Azure DDoS Protection is one of the most valuable solutions for any endpoint that is publicly reachable through the internet. It will automatically secure all your endpoints from third-party attacks, cyber attacks, or phishing attacks."

"The most valuable feature of Azure DDoS Protection is that it performs well."

"Azure DDoS Protection offers superior protection against denial-of-service attacks."

"DDoS Protection is simple to deploy and integrates seamlessly with the Azure environment. Ease of deployment is a crucial feature for us."

"This solution is the best option for us because we use a lot of Microsoft products. So, it is easy for us to deploy or integrate any features or products."

"It isn't a highly complex solution. It's something that a lot of analysts can use. Defender gives you a broad overview of what's happening in your environment, and it's a great solution if you're a Microsoft shop."

"The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark."

"The most valuable feature is that it's intuitive. It's very intuitive."

"This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot."

"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."

"The main feature is the security posture assessment through the security score. I find that to be very helpful because it gives us guidance on what needs to be secured and recommendations on how to secure the workloads that have been onboarded."

"It's got a lot of great features."

"When you have commissioned Defender, you have these things visible already on your dashboard. This gives the efficiency to the people to do their actual work rather than bothering about the email, sorting out the email, or looking at it through an ITSM solution, whey they have to look at the description and use cases. Efficiency increases with this optimized, ready-made solution since you don't need to invest in something externally. You can start using the dashboard and auditing capability provided from day one. Thus, you have fewer costs with a more optimized, easier-to-use solution, providing operational efficiency for your team."

"Azure DDoS Protection could improve on the reporting."

"The visibility could be better. We would like to have better metrics, so we could see all the information in a central place."

"The reporting aspect and dashboard management monitoring need improvement."

"Sometimes, it is hard for our staff to keep track of changes (in the GUI) between different projects, because there are constant changes. As a result, it is hard to manage, recall, and see all the features because they have been moved from one place to another."

"The UI needs to be improved."

"The implementation of Azure DDoS Protection results in a decrease in our bandwidth capacity and should be optimized to reduce resource consumption."

"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."

"Microsoft Defender could be more centralized. For example, I still need to go to another console to do policy management."

"Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations."

"The solution is quite complex. A lot of the different policies that actually get applied don't pertain to every client. If you need to have something open for a client application to work, then you get dinged for having a port open or having an older version of TLS available."

"Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender."

"The product must improve its UI."

"Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured."

"If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented."

"You can test it for a certain period of time free of charge. You can have a free account. You can test it to compare its pros and cons with other products that you are testing."

"The pricing is good but is not the best. It could be improved so that middle-sized organizations, such as startups, can benefit from it."

"The pricing is quite high. It is a monthly subscription that costs about $2,000 per month, depending on the user sizes."

"Our clients complain about the cost of Microsoft Defender for Cloud."

"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."

"The tool is pretty expensive."

"It has global licensing. It comes with multiple licenses since there are around 50,000 people (in our organization) who look at it."

"The cost of the license is based on the subscriptions that you have."

"Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward."

"The licensing cost per server is $15 per month."

"It is bundled with our enterprise subscription, which makes it easy to go for it. It is available by default, and there is no extra cost for using the standard features."