AWS GuardDuty vs Microsoft Defender for Cloud comparison


Comparison Buyer's Guide

Executive SummaryUpdated on Jun 6, 2024

Categories and Ranking

SentinelOne Singularity Clo...
Ranking in Cloud Workload Protection Platforms (CWPP)
Average Rating
Number of Reviews
Ranking in other categories
Vulnerability Management (5th), Cloud and Data Center Security (7th), Container Security (6th), Cloud Security Posture Management (CSPM) (5th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Compliance Management (4th)
AWS GuardDuty
Ranking in Cloud Workload Protection Platforms (CWPP)
Average Rating
Number of Reviews
Ranking in other categories
No ranking in other categories
Microsoft Defender for Cloud
Ranking in Cloud Workload Protection Platforms (CWPP)
Average Rating
Number of Reviews
Ranking in other categories
Vulnerability Management (7th), Container Management (10th), Container Security (3rd), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Data Security Posture Management (DSPM) (3rd), Microsoft Security Suite (2nd), Compliance Management (2nd)

Mindshare comparison

As of June 2024, in the Cloud Workload Protection Platforms (CWPP) category, the mindshare of SentinelOne Singularity Cloud Security is 1.6%, up from 0.9% compared to the previous year. The mindshare of AWS GuardDuty is 11.1%, down from 11.4% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 13.9%, down from 16.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Workload Protection Platforms (CWPP)
Unique Categories:
Vulnerability Management
No other categories found
Container Management

Featured Reviews

May 9, 2024
Evidence-based reporting shows all the findings and severity, helping us to prioritize issues
We provide cloud services on our site using AWS. Singularity detects flaws that we must close for security reasons. We use Singularity to observe those findings and fix things based on the customer's requirements. Previously, we used to segregate issues and look after them. Singularity helped us secure our infrastructure. We've significantly reduced our potential security breaches to a minimum. It has improved how we operate on a larger scale. We set up the platform, onboarded the info, and then gradually moved further. Over time, it helped us slowly resolve those issues. We were using the cloud platforms' native security tools, but those were unhelpful. Now, we rely on this more than those services. Singularity reduced our false positive rate by about 60 percent. We've had even better results in terms of our risk posture. We can rely on this tool to improve our security conditions on a broader scale. If I gave our security posture a percent rating, I would give it 89 percent. The solution saves time by giving us everything in one place. You don't need to manually check every account. It tells us a lot. Singularity reduces our detection time by about 60 percent. Singularity has improved collaboration among cloud security, application developers, and AppSec teams. Previously, it would take around a week for engineers to address issues. Now that we use this tool, we resolve issues in one or two days.
Agron Demiraj - PeerSpot reviewer
Dec 11, 2023
Has a simple setup process and a valuable intrusion detection feature
It helps us detect brute-force attacks based on machine learning. It alerts the security team for possible attacks as well The product detects 100% brute force attacks using all legitimate testing methods. It gives the exact source IP of the attacks. The product's most valuable feature is…
Srikanth Matsa - PeerSpot reviewer
Dec 5, 2022
Offers a security posture score that indicates how well our environment is protected but should offer better pricing options
Before Microsoft Defender our external team would give us updates on which ports are opening and which vulnerabilities are being attacked. Now with the recommendations of Microsoft Defender, we can find these vulnerabilities sooner and fix them. Before onboarding those respected resources into Microsoft Defender, we faced a few issues. Once we onboarded those resources, we received prompt recommendations that helped us make the organization's resources more secure. If resources are not secured, it can impact the reputation of the organization. The solution helped identify a lot of the issues, at a high priority that we could resolve. Microsoft Defender helps any organization that needs to follow security baseline recommendations in order to improve its environment. Regarding threats, I recommend Microsoft Sentinel for detecting and hunting the threats. I can identify what exactly happened at that particular time or particular resource with the help of Microsoft Sentinel. The solution has significantly reduced the overall time it takes us to detect issues. Most of the resources are scanned every 30 minutes, so it doesn't take much time for the solution to give us the respected recommendations. Depending on the issue, Microsoft Defender for Cloud has helped reduce our overall time to respond. There are a few recommendations that we can fix immediately by just clicking using the UI. However, the overall time to respond to issues depends upon that respected recommendation list. There are a few things that we need to consider when it comes to the security settings of our virtual machines which can take a long time to identify and fix.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"With PingSafe, it's easy to onboard new accounts."
"The offensive security feature is valuable because it publicly detects the offensive and vulnerable things present in our domain or applications. It checks any applications with public access. Some of the applications give public access to certain files or are present over a particular domain. It detects and lets us know with evidence. That is quite good. It is protecting our infrastructure quite well."
"All the features we use are equal and get the job done."
"The most valuable features of PingSafe are cloud misconfiguration, Kubernetes, and IaC scanning."
"The real-time detection and response capabilities overall are great."
"My favorite feature is Storyline."
"PingSafe released a new security graph tool that helps us identify the root issue. Other tools give you a pass/fail type of profile on all misconfigurations, and those will run into the thousands. PingSafe's graphing algorithm connects various components together and tries to identify what is severe and what is not. It can correlate various vulnerabilities and datasets to test them on the back end to pinpoint the real issue."
"The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best features."
"It is a highly scalable solution since it is a service by AWS. Scalability-wise, I rate the solution a ten out of ten."
"One of the advantages of cloud services is the ability to use them on demand. There's minimal installation involved; you can check the latest offerings and make new deployments while dismantling the previous ones. This approach keeps you ahead of potential services, showcasing the agility of AWS."
"What we found most valuable in Amazon GuardDuty is its threat detection feature, especially because we were monitoring a huge number of AWS accounts, so we needed a solution that would monitor for any kind of malicious activity. The monitoring aspect of the solution was great because it gave us timely notifications if and when anything happened, and Amazon GuardDuty helped keep us on our toes to make sure we took action right away."
"The solution is easy to use."
"Since our environment is cloud based and accessible from the internet, we like the ability to check where the user has logged in from and what kind of API calls that user is doing."
"The correlation back end is the solution's most valuable feature."
"The product has automated protection powered by AI/ML, which is now far more powerful than before. It uses AI/ML in its detection algorithm, providing fast and quick results."
"It kinda just gives us another layer of security. So it does provide some sort of comfort that we do have something that is monitoring for abnormal behavior."
"The product has given us more insight into potential avenues for attack paths."
"Microsoft Defender has a lot of features including regulatory compliance and attaching workbooks but the most valuable is the recommendations it provides for each and every resource when we open Microsoft Defender."
"Defender is a robust platform for dealing with many kinds of threats. We're protected from various threats, like viruses. Attacks can be easily minimized with this solution defending our infrastructure."
"Defender is user-friendly and provides decent visibility into threats."
"The most valuable features of the solution are the insights, meaning the remediation suggestions, as well as the incident alerts."
"Provides a very good view of the entire security setup of your organization."
"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."
"The entire Defender Suite is tightly coupled, integrated, and collaborative."


"Bugs need to be disclosed quickly."
"The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint."
"Crafting customized policies can be tricky."
"There is a bit of a learning curve for new users."
"The main area for improvement I want to see is for the platform to become less resource-intensive. Right now, it can slow down processes on the machine, and it would be a massive improvement if it were more lightweight than it currently is."
"With Cloud Native Security, we can't selectively enable or disable alerts based on our specific use case."
"One area for improvement could be the internal analysis process, specifically the guidance provided for remediation."
"The alerting system of the product is an area that I look at and sometimes get confused about. I feel the alerting feature needs improvement."
"Because it's a threat detection service, they need to keep up with the various threat factors because new threat factors and attack factors come up all the time."
"The solution's user interface could be improved because it will help users to understand multiple options."
"Cost changes. It's very expensive. If you turn on every feature, it's more than most commercial vendors. For smaller orgs, that doesn't make sense."
"For me, I would say just the presentation of findings, like the dashboards and other stuff, could be improved a bit."
"For the next release, they could provide IPS features as well."
"There is currently no consolidated dashboard for AWS GuardDuty. It would be helpful if they could provide a dashboard based on severity levels (high, medium, low) and offer insights account-wise, especially for users utilizing automation structures."
"It would be great if the solution had some automation capabilities."
"We currently find Lacework to be much better at detecting vulnerabilities than AWS GuardDuty. The engines of AWS GuardDuty have to be improved."
"Another thing is that Defender for Cloud uses more resources than CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do."
"From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR."
"The solution's portal is very easy to use, but there's one key component that is missing when it comes to managing policies. For example, if I've onboarded my server and I need to specify antivirus policies, there's no option to do that on the portal. I will have to go to Intune to deploy them. That is one main aspect that is missing and it's worrisome."
"The solution could improve by being more intuitive and easier to use requiring less technical knowledge."
"The documentation and implementation guides could be improved."
"Microsoft Defender could be more centralized. For example, I still need to go to another console to do policy management."
"I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting."
"The product was a bit complex to set up earlier, however, it is a bit streamlined now."

Pricing and Cost Advice

"We have an enterprise license. It is affordable. I'm not sure, but I think we pay 150,000 rupees per month."
"The tool is cost-effective."
"PingSafe is less expensive than other options."
"PingSafe is not very expensive compared to Prisma Cloud, but it's also not that cheap. However, because of its features, it makes sense to us as a company. It's fairly priced."
"Their pricing appears to be based simply on the number of accounts we have, which is common for cloud-based products."
"It is cheap."
"For pricing, it currently seems to be in line with market rates."
"Its pricing was a little less than other providers."
"Pricing is determined by the number of events sent."
"On a scale of one to ten, where one is a high price, and ten is a low price, I rate the pricing a four or five, which is somewhere in the middle."
"I have heard that the solution's price is quite high."
"The price of the solution is exactly right."
"We use a pay-as-you-use license, which is competitively priced in the market."
"GuardDuty only enables accounts in regions where you have an active workload. If there are places where you don't have an active workload, you wouldn't even enable them. That's one area where they could allow you to cut down your cost."
"The platform is inexpensive."
"The tool's licensing model is pay-as-you-go."
"There are improvements that have to be made to the licensing. Currently, for servers, it has to be done by grouping the servers on a single subscription... We don't have an option whereby, if all those resources are in one subscription, we can have each of the individual servers subject to different planning."
"This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service."
"The pricing is very difficult because every type of Defender for Cloud has its own metrics and pricing. If you have Cloud for Key Vault, the pricing is different than it is for storage. Every type has its own pricing list and rules."
"Our clients complain about the cost of Microsoft Defender for Cloud."
"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."
"Microsoft's licensing and pricing are sometimes complicated. If someone is new to Microsoft's licensing, they might have difficulty with it."
"Defender for Cloud is pretty costly for a single line. It's incredibly high to pay monthly for security per server. The cost is considerable for an enterprise with 500-plus virtual machines, and the monthly bill can spike."
"Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool."
Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.
789,728 professionals have used our research since 2012.

Top Industries

By visitors reading reviews
Computer Software Company
Financial Services Firm
Manufacturing Company
Insurance Company
Financial Services Firm
Computer Software Company
Manufacturing Company
Healthcare Company
Computer Software Company
Financial Services Firm
Manufacturing Company

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
Singularity Cloud Security by SentinelOne is cost-efficient.
What needs improvement with PingSafe?
A recurring issue caused frustration: a vulnerability alert would appear, and we'd fix it, but then the same alert wo...
What do you like most about Amazon GuardDuty?
With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavi...
What needs improvement with Amazon GuardDuty?
The product needs to improve its cost-efficiency since it is expensive.
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
What is your experience regarding pricing and costs for Microsoft Defender for Cloud?
Our clients complain about the cost of Microsoft Defender for Cloud. Microsoft needs to bring the cost down. What we'...

Also Known As

No data available
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender

Interactive Demo

Demo not available
Demo not available



Sample Customers

Information Not Available
autodesk, mapbox, fico, webroot
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about AWS GuardDuty vs. Microsoft Defender for Cloud and other solutions. Updated: May 2024.
789,728 professionals have used our research since 2012.