AWS GuardDuty vs Microsoft Defender for Cloud comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Mar 29, 2023

We performed a comparison between AWS (AWS GuardDuty) and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: AWS GuardDuty's initial setup complexity depends on architecture and integrations. Microsoft Defender for Cloud requires no setup and is easy to manage, with minimal maintenance needs.
  • Features: AWS GuardDuty monitors AWS accounts, and offers threat response and remediation features. Microsoft Defender for Cloud has hybrid/multi-cloud solutions, policy administration, network maps, and real-time assessment for remediation.
  • Pricing: AWS GuardDuty costs $1/GB for the first 500GB and increases gradually, while Microsoft Defender for Cloud has a $15 per resource pricing model with no additional costs for standard features.
  • Service and Support: AWS GuardDuty offers chat, phone, and web support, with rare escalations, but phone wait times can be long. Microsoft Defender for Cloud offers precise and effective enterprise-level support, with improved quality.
  • ROI: AWS GuardDuty’s ROI is qualitative, improving overall security posture to gain customer trust. Microsoft Defender for Cloud, studies show a 200% ROI due to risk prevention and seamless integration with Azure services.

Comparison Results: Based on the parameters we compared, Microsoft Defender for Cloud comes out ahead of AWS GuardDuty. AWS GuardDuty’s initial setup and integrations are more complex. It as well has less comprehensive features and a less straightforward pricing model.

To learn more, read our detailed AWS GuardDuty vs. Microsoft Defender for Cloud Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We use the tool for threat detection. AWS includes AI features as well. AWS GuardDuty gives us reports.""The way it monitors accounts is definitely a very important feature.""One of the advantages of cloud services is the ability to use them on demand. There's minimal installation involved; you can check the latest offerings and make new deployments while dismantling the previous ones. This approach keeps you ahead of potential services, showcasing the agility of AWS.""What we found most valuable in Amazon GuardDuty is its threat detection feature, especially because we were monitoring a huge number of AWS accounts, so we needed a solution that would monitor for any kind of malicious activity. The monitoring aspect of the solution was great because it gave us timely notifications if and when anything happened, and Amazon GuardDuty helped keep us on our toes to make sure we took action right away.""The solution will detect abnormalities in the AWS workload and alert us so that we can monitor and take action.""It kinda just gives us another layer of security. So it does provide some sort of comfort that we do have something that is monitoring for abnormal behavior.""Since our environment is cloud based and accessible from the internet, we like the ability to check where the user has logged in from and what kind of API calls that user is doing.""The most valuable features are the single system for data collection and the alert mechanisms."

More AWS GuardDuty Pros →

"Using Security Center, you have a full view, at any given time, of what's deployed, and that is something that is very useful.""Threat protection is comprehensive and simple.""The product has given us more insight into potential avenues for attack paths.""We saw improvement from a regulatory compliance perspective due to having a single dashboard.""The first valuable feature was the fact that it gave us a list of everything that users were surfing on the web. Having the list, we could make decisions about those sites.""It is very intuitive when it comes to policy administration, alerts and notifications, and ease of setting up roles at different hierarchies. It has also been good in terms of the network technology maps. It provides a good overview, but it also depends on the complexity of your network.""The main feature is the security posture assessment through the security score. I find that to be very helpful because it gives us guidance on what needs to be secured and recommendations on how to secure the workloads that have been onboarded.""DSPM is the most valuable feature."

More Microsoft Defender for Cloud Pros →

Cons
"Amazon GuardDuty could be better enriched in threat intelligence data.""It would be great if the solution had some automation capabilities.""The solution's user interface could be improved because it will help users to understand multiple options.""AWS GuardDuty needs to be more customer-oriented.""It is evolving, and at the moment, I will just need it on a larger scale. Then, it will satisfy my demand, initially.""The solution has to be integrated with new services that AWS adds like QuickSight, Managed Airflow, AppFlow and MWAA.""Improvement-wise, Amazon GuardDuty should have an overall dashboard analytics function so we could see what's in the current environment, and then in addition to that, provide best practices and recommendations, particularly to provide some type of observability, and then figure out the login side of it, based on our current environment, in terms of what we're not monitoring and what we should monitor. The solution should also give us a sample code configuration to implement that added feature or feature request. What I'd like to see in the next release of Amazon GuardDuty are more security analytics, reporting, and monitoring. They should provide recommendations and additional options that answer questions such as "Hey, what can we see in our environment?", "What should we implement within the environment?", What's recommended?" We know that cost will always be associated with that, but Amazon GuardDuty should show us the increased costs or decreased costs if we implement it or don't implement it, and that would be a good feature request, particularly with all products within AWS, just for cloud products in general because there are times features are implemented, but once they're deployed, they don't tell you about costs that would be generated along with those features. After features are deployed, there should a summary of the costs that would be generated, and projected based on current usage, so they would give us the option to figure out how long we're going to use those features and the option to keep those on or turn those off. If more services were like that, a lot more people would use those on the cloud.""There is currently no consolidated dashboard for AWS GuardDuty. It would be helpful if they could provide a dashboard based on severity levels (high, medium, low) and offer insights account-wise, especially for users utilizing automation structures."

More AWS GuardDuty Cons →

"Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time.""They could always work to make the pricing a bit lower.""From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR.""The remediation process could be improved.""Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority.""Sometimes it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or a special kind of product.""The product must improve its UI.""The solution's portal is very easy to use, but there's one key component that is missing when it comes to managing policies. For example, if I've onboarded my server and I need to specify antivirus policies, there's no option to do that on the portal. I will have to go to Intune to deploy them. That is one main aspect that is missing and it's worrisome."

More Microsoft Defender for Cloud Cons →

Pricing and Cost Advice
  • "We use a pay-as-you-use license, which is competitively priced in the market."
  • "I don't have all the details in terms of licensing for Amazon GuardDuty, but my organization does have a license set up for it."
  • "In terms of the costs associated with Amazon GuardDuty, it was $1 per GB from what I recall. Pricing was based on per gigabyte. For example, for the first five hundred gigabytes per month, it'll be $1 per GB, so it'll be $500. If your usage was greater, there's another bracket, for example, the next two thousand GB, then there's an add-on cost of 50 cents per GB. That's how Amazon GuardDuty pricing slowly goes up. I can't remember if there was any kind of additional cost apart from standard licensing for the solution. Nothing else that at least comes to mind. What the service was charging was worth it. That was one good thing when using Amazon GuardDuty because my company could be in a certain tier for a certain period. My company wasn't under a licensing model where it could overestimate its usage and under-utilize its usage and pay much more. This was what made the pricing model for Amazon GuardDuty better."
  • "Pricing is determined by the number of events sent."
  • "The pricing model is pay as you go and is based on the number of events per month."
  • "On a scale of one to ten, where one is a high price, and ten is a low price, I rate the pricing a four or five, which is somewhere in the middle."
  • "GuardDuty only enables accounts in regions where you have an active workload. If there are places where you don't have an active workload, you wouldn't even enable them. That's one area where they could allow you to cut down your cost."
  • "The tool has no subscription charges."
  • More AWS GuardDuty Pricing and Cost Advice →

  • "I'm not privy to that information, but I know it's probably close to a million dollars a year."
  • "We are using the free version of the Azure Security Center."
  • "Azure Defender is a bit pricey. The price could be lower."
  • "This is a worldwide service and depending on the country, there will be different prices."
  • "Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward."
  • "There is a helpful cost-reducing option that allows you to integrate production subscriptions with non-production subscriptions."
  • "Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool."
  • "I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive."
  • More Microsoft Defender for Cloud Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which CWPP (Cloud Workload Protection Platforms) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:We have over 1,000 employees, and we monitor their activity through AWS GuardDuty.
    Top Answer:I have heard that the solution's price is quite high. Sometimes, they need to fine-tune the service on AWS. For example, Amazon Simple Storage Service (S3) is used for static content because it is… more »
    Top Answer:The solution's user interface could be improved because it will help users to understand multiple options. Currently, we have multiple options on AWS GuardDuty, which may confuse new users.
    Top Answer:Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening across your ecosystem. It also has great remote workforce capabilities and supports a… more »
    Top Answer:The entire Defender Suite is tightly coupled, integrated, and collaborative.
    Top Answer:Our clients complain about the cost of Microsoft Defender for Cloud. Microsoft needs to bring the cost down. What we're doing to their detriment is simply lowering the amount of log retention we're… more »
    Ranking
    Views
    8,818
    Comparisons
    7,436
    Reviews
    16
    Average Words per Review
    671
    Rating
    7.9
    Views
    16,509
    Comparisons
    12,378
    Reviews
    21
    Average Words per Review
    1,043
    Rating
    7.9
    Comparisons
    Also Known As
    Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
    Learn More
    Interactive Demo
    Overview

    Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs.

    Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to quickly discover suspicious and problematic activity in a user's AWS ecosystem. Activities may include concerns such as interactions with malicious IP addresses or domains, exposed credentials usage, or changes and/or escalation of privileges.

    GuardDuty is able to easily determine problematic AWS EC2 (Elastic Compute Cloud) instances delivering malware or mining bitcoin. It is also able to trace AWS account access history for evidence of destabilization. such as suspicious API calls resulting in changing password policies to minimize password strength or anomalous infrastructure deployments in new or different never-used regions.

    GuardDuty will continually alert users regarding their AWS environment status and will send the security discoveries to the GuardDuty dashboard or Amazon CloudWatch events for users to view.

    Users can access GuardDuty via:

    • AWS SDKs: Amazon provides users with several software development kits (SDKs) that are made up of libraries and sample code of numerous popular programming languages and platforms, such as Android, iOS, Java, .Net, Python, and Ruby. The SDKs make it easier to develop programmatic access to GuardDuty.

    • GuardDuty HTTPS API: This allows users to issue HTTPS requests directly to the service.

    • GuardDuty Console: This is a browser-based intuitive dashboard interface where users can access and use GuardDuty.

    Amazon Elastic Kubernetes Service (Amazon EKS)

    Kubernetes protection is an optional add-on in Amazon GuardDuty. This tool is able to discover malicious behavior and possible destabilization of an organization's Kubernetes clusters inside of Amazon Elastic Kubernetes Service (Amazon EKS).

    When Amazon EKS is activated, GuardDuty will actively use various data sources to discover potential risks against Kubernetes API. When Kubernetes protection is enabled, GuardDuty uses optional data sources to detect threats against Kubernetes API.

    Kubernetes audit logs are a Kubernetes feature that captures historical API activity from applications, the control plane, users, and endpoints. GuardDuty collates these logs from Amazon EKS to create Kubernetes discoveries for the organization's Amazon EKS assets; there is no need to store or turn on the logs.

    As long as Kubernetes protection remains activated, GuardDuty will continuously dissect Kubernetes data sources from the Amazon EKS clusters to ensure no suspicious or anomalous behavior is taking place.

    Amazon Simple Cloud Storage (S3) Protection

    Amazon S3 allows Amazon GuardDuty to actively audit object-level API processes to discover possible security threats to data inside an organization's S3 buckets. GuardDuty continually audits risk to the organization’s S3 assets by carefully dissecting AWS CloudTrail management events and AWS CloudTrail S3 data events. These tools are continually auditing various CloudTrail management events for potential suspicious activities that affect S3 buckets, such as PutBucketReplication, DeleteBucket, ListBucket, and data events for S3 object-level API processes, such as PutObject, GetObject, ListObject, and DeleteObject.

    Reviews from Real Users

    The most valuable features are the single system for data collection and the alert mechanisms. Prior to using GuardDuty, we had multiple systems to collect data and put it in a centralized location so we could look into it. Now we don't need to do that anymore as GuardDuty does it for us.” - Arunkumar A., Information Security Manager at Tata Consultancy Services

    Microsoft Defender for Cloud is a comprehensive security solution that provides advanced threat protection for cloud workloads. It offers real-time visibility into the security posture of cloud environments, enabling organizations to quickly identify and respond to potential threats. With its advanced machine learning capabilities, Microsoft Defender for Cloud can detect and block sophisticated attacks, including zero-day exploits and fileless malware.

    The solution also provides automated remediation capabilities, allowing security teams to quickly and easily respond to security incidents. With Microsoft Defender for Cloud, organizations can ensure the security and compliance of their cloud workloads, while reducing the burden on their security teams.

    Sample Customers
    autodesk, mapbox, fico, webroot
    Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
    Top Industries
    REVIEWERS
    Financial Services Firm38%
    Computer Software Company15%
    Media Company8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Financial Services Firm16%
    Computer Software Company16%
    Manufacturing Company8%
    Healthcare Company5%
    REVIEWERS
    Computer Software Company24%
    Agriculture10%
    Recruiting/Hr Firm10%
    Consumer Goods Company10%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm13%
    Manufacturing Company8%
    Government7%
    Company Size
    REVIEWERS
    Small Business35%
    Midsize Enterprise15%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise14%
    Large Enterprise66%
    REVIEWERS
    Small Business27%
    Midsize Enterprise11%
    Large Enterprise62%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise14%
    Large Enterprise65%
    Buyer's Guide
    AWS GuardDuty vs. Microsoft Defender for Cloud
    March 2024
    Find out what your peers are saying about AWS GuardDuty vs. Microsoft Defender for Cloud and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    AWS GuardDuty is ranked 4th in CWPP (Cloud Workload Protection Platforms) with 19 reviews while Microsoft Defender for Cloud is ranked 2nd in CWPP (Cloud Workload Protection Platforms) with 46 reviews. AWS GuardDuty is rated 8.2, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of AWS GuardDuty writes "A stellar threat-detection service that has helped bolster security against malicious threats". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". AWS GuardDuty is most compared with Prisma Cloud by Palo Alto Networks, CrowdStrike Falcon Cloud Security, Wiz, Check Point CloudGuard CNAPP and Lacework, whereas Microsoft Defender for Cloud is most compared with Microsoft Defender XDR, Prisma Cloud by Palo Alto Networks, Microsoft Sentinel, Wiz and Microsoft Defender for Endpoint. See our AWS GuardDuty vs. Microsoft Defender for Cloud report.

    See our list of best CWPP (Cloud Workload Protection Platforms) vendors.

    We monitor all CWPP (Cloud Workload Protection Platforms) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.