Try our new research platform with insights from 80,000+ expert users

AWS GuardDuty vs Microsoft Defender for Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Cloud Workload Protection Platforms (CWPP)
4th
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
114
Ranking in other categories
Vulnerability Management (5th), Cloud and Data Center Security (3rd), Container Security (3rd), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (1st)
AWS GuardDuty
Ranking in Cloud Workload Protection Platforms (CWPP)
3rd
Average Rating
8.2
Reviews Sentiment
7.9
Number of Reviews
23
Ranking in other categories
No ranking in other categories
Microsoft Defender for Cloud
Ranking in Cloud Workload Protection Platforms (CWPP)
2nd
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
78
Ranking in other categories
Vulnerability Management (7th), Container Management (8th), Container Security (7th), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (5th), Microsoft Security Suite (7th), Compliance Management (5th)
 

Mindshare comparison

As of July 2025, in the Cloud Workload Protection Platforms (CWPP) category, the mindshare of SentinelOne Singularity Cloud Security is 3.1%, up from 1.1% compared to the previous year. The mindshare of AWS GuardDuty is 11.4%, down from 13.4% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 13.4%, down from 16.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Workload Protection Platforms (CWPP)
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Terence Dube - PeerSpot reviewer
Comprehensive threat detection simplifies security management
GuardDuty is limited to AWS environments. While incorporating Amazon Detective for detailed investigation can be useful, including more granular details in findings, such as specific user actions or historical comparisons, would be beneficial. Furthermore, managing global AWS environments requires setting up additional tools for viewing GuardDuty findings across multiple regions. A unified dashboard that aggregates findings across all regions without requiring manual aggregation could enhance convenience for users.
Vibhor Goel - PeerSpot reviewer
A single tool for complete visibility and addressing security gaps
Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Singularity Cloud Security's most valuable features are its ease of scalability and comprehensive security measures."
"The most valuable feature is the easy-to-understand user interface, which allows even non-technical users to comprehend and resolve issues."
"The most valuable features are automated threat response, AI detection, and static and dynamic detection."
"The offensive security feature is valuable because it publicly detects the offensive and vulnerable things present in our domain or applications. It checks any applications with public access. Some of the applications give public access to certain files or are present over a particular domain. It detects and lets us know with evidence. That is quite good. It is protecting our infrastructure quite well."
"Singularity Cloud Security offers autonomous response capabilities, automatically remediating threats and restoring affected files without manual intervention."
"We like SentinelOne Singularity Cloud Security's vulnerability assessment and management features, and its vulnerability databases."
"When creating cloud infrastructure, Cloud Native Security evaluates the cloud security parameters and how they will impact the organization's risk. It lets us know whether our security parameter conforms to international industry standards. It alerts us about anything that increases our risk, so we can address those vulnerabilities and prevent attacks."
"We like the platform and its response time. We also like that its console is user-friendly as well as modern and sleek."
"The product has automated protection powered by AI/ML, which is now far more powerful than before. It uses AI/ML in its detection algorithm, providing fast and quick results."
"With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavior or traffic patterns right away, which is great for staying on top of potential security risks."
"The out-of-band malware detection from the EBS volumes. It's really cool. No agents or anything needed, it automatically finds and correlates based on malware."
"AWS GuardDuty helps by providing continuous threat detection and signaling potential threats. Its most valuable feature is continuous monitoring. The tool's integration with other AWS services has improved security. It provides continuous monitoring and intelligent threat detection, quickly signaling any issues. I would rate this improvement a seven out of ten."
"The solution will detect abnormalities in the AWS workload and alert us so that we can monitor and take action."
"What we found most valuable in Amazon GuardDuty is its threat detection feature, especially because we were monitoring a huge number of AWS accounts, so we needed a solution that would monitor for any kind of malicious activity. The monitoring aspect of the solution was great because it gave us timely notifications if and when anything happened, and Amazon GuardDuty helped keep us on our toes to make sure we took action right away."
"The way it monitors accounts is definitely a very important feature."
"Since our environment is cloud based and accessible from the internet, we like the ability to check where the user has logged in from and what kind of API calls that user is doing."
"It's got a lot of great features."
"We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language."
"The integration with Logic Apps allows for automated responses to incidents."
"Microsoft Defender for Cloud can find potential phishing links and malicious code in data at rest."
"Provides a very good view of the entire security setup of your organization."
"The UX and UI are very good. Users have more of a taste for Microsoft UI."
"Everything is built into Azure, and if we go for cross-cloud development with Azure Arc, we can use most of the features. While it's possible to deploy and convert third-party applications, it is difficult to maintain, whereas Azure deployments to the cloud are always easier. Also, Microsoft is a big company, so they always provide enough support, and we trust the Microsoft brand."
"It helps you to identify the gaps in your solution and remediate them. It produces a compliance checklist against known standards such as ISO 27001, HIPAA, iTrust, etc."
 

Cons

"There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature."
"I request that SentinelOne investigate this false positive, as SentinelOne has a higher false positive rate than other XDR solutions."
"SentinelOne Singularity Cloud Security can improve by eliminating 100 percent of the false positives."
"While SentinelOne offers robust security features, its higher cost may present a challenge for budget-conscious organizations."
"When you find a vulnerability and resolve it, the same issue will not occur again. I want SentinelOne Singularity Cloud Security to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again."
"In addition to the console alerts, I would like SentinelOne Singularity Cloud Security to also send email notifications."
"The reporting works well, but sometimes the severity classifications are inaccurate. Sometimes, it flags an issue as high-impact, but it should be a lower severity."
"Sometimes the Storyline ID is a bit wacky."
"For the next release, they could provide IPS features as well."
"It would be great if the solution had some automation capabilities."
"I think that some detections in container environments such as container runtime, and on services such as AWS container service, Fargate service or EKS service could be improved."
"GuardDuty is limited to AWS environments."
"An improvement would be to have a mobile version where remote workers can log in and monitor and fix issues."
"I work in a bank, and it would be good if AWS GuardDuty could be integrated with other monitoring and detection tools we use."
"It is evolving, and at the moment, I will just need it on a larger scale. Then, it will satisfy my demand, initially."
"The solution has to be integrated with new services that AWS adds like QuickSight, Managed Airflow, AppFlow and MWAA."
"I would like to see more connectors and plugins with other platforms."
"I felt that there was disconnection in terms of understanding the UI. The communication for moving from the old UI to the new UI could be improved. It was a bit awkward."
"Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations."
"Defender could improve how data is represented. It can be unstructured or slow to load."
"Support needs to be highly responsive, especially in large enterprise environments."
"The cost is always a concern, but overall, it's not too bad because it is easy to use and pretty friendly."
"I would like to see more connectors and plugins with other platforms."
"As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains."
 

Pricing and Cost Advice

"Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable."
"PingSafe is cost-effective for the amount of infrastructure we have. It's reasonable for what they offer compared to our previous solution. It's at least 25 percent to 30 percent less."
"I understand that SentinelOne is a market leader, but the bill we received was astronomical."
"While SentinelOne Singularity Cloud Security offers robust protection, its high cost may be prohibitive for small and medium-sized businesses."
"It is a little expensive. I would rate it a four out of ten for pricing."
"SentinelOne provided competitive pricing compared to other vendors, and we are satisfied with the deal."
"It's not cheap, but it is worth the price."
"Singularity Cloud Workload Security's licensing and price were cheaper than the other solutions we looked at."
"The pricing model is pay as you go and is based on the number of events per month."
"We use a pay-as-you-use license, which is competitively priced in the market."
"80 percent of the customers are using AWS GuardDuty, and we recommend it due to its low cost, especially for small customers, ranging from five to ten dollars a month. In our policies, we enforce the usage of this service, making it a recommended practice for security."
"The tool's licensing model is pay-as-you-go."
"I have heard that the solution's price is quite high."
"Pricing is determined by the number of events sent."
"On a scale of one to ten, where one is a high price, and ten is a low price, I rate the pricing a four or five, which is somewhere in the middle."
"It can get very expensive. If you turn on every feature, it can turn into hundreds of thousands of dollars."
"Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters."
"While we pay for any additional features, the pricing seems competitive, though I am not involved in the specific cost details."
"Pricing depends on your workload size, but it is very cheap. If you're talking about virtual machines, it is $5 or something for each machine, which is minimal. If you go for some agent-based solution for every virtual machine, then you need to pay the same thing or more than that. For an on-premises solution like this, we were paying around $30 to $50 based on size. With Defender, Microsoft doesn't bother about the size. You pay based on the number of machines. So, if you have 10 virtual machines, and 10 virtual machines are being monitored, you are paying based on that rather than the size of the virtual machine. Thus, you are paying for the number of units rather than paying for the size of your units."
"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."
"Azure Defender is definitely pricey, but their competitors cost about the same. For example, a Palo Alto solution is the same price per endpoint, but the ground strikes cost a bit more than Azure Defender. Still, it's pricey for a company like ours. Maybe well-established organizations can afford it, but it might be too costly for a startup."
"The cost of the license is based on the subscriptions that you have."
"The pricing and licensing of Microsoft Defender for Cloud have been good for us. We appreciate the licensing approach based on employee count rather than a big enterprise license."
"We only use the free tier, so we haven't faced any pricing, setup costs, or licensing challenges."
report
Use our free recommendation engine to learn which Cloud Workload Protection Platforms (CWPP) solutions are best for your needs.
860,745 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
9%
Government
6%
Financial Services Firm
16%
Computer Software Company
14%
Manufacturing Company
8%
Government
6%
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
I don't handle the price part, but it isn't more expensive than Palo Alto Prisma Cloud. It's not cheap, but it is wor...
What needs improvement with PingSafe?
There is scope for more application security posture management features. Additionally, the runtime protection needs ...
What do you like most about Amazon GuardDuty?
With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavi...
What is your experience regarding pricing and costs for Amazon GuardDuty?
I don't worry much about the pricing, but I think it is a good price for what they deliver. This cost is cheaper beca...
What needs improvement with Amazon GuardDuty?
I think that some detections in container environments such as container runtime, and on services such as AWS contain...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
 

Also Known As

PingSafe
No data available
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
autodesk, mapbox, fico, webroot
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about AWS GuardDuty vs. Microsoft Defender for Cloud and other solutions. Updated: June 2025.
860,745 professionals have used our research since 2012.