We performed a comparison between AWS (AWS GuardDuty) and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender for Cloud comes out ahead of AWS GuardDuty. AWS GuardDuty’s initial setup and integrations are more complex. It as well has less comprehensive features and a less straightforward pricing model.
"It kinda just gives us another layer of security. So it does provide some sort of comfort that we do have something that is monitoring for abnormal behavior."
"The way it monitors accounts is definitely a very important feature."
"The product has automated protection powered by AI/ML, which is now far more powerful than before. It uses AI/ML in its detection algorithm, providing fast and quick results."
"What we found most valuable in Amazon GuardDuty is its threat detection feature, especially because we were monitoring a huge number of AWS accounts, so we needed a solution that would monitor for any kind of malicious activity. The monitoring aspect of the solution was great because it gave us timely notifications if and when anything happened, and Amazon GuardDuty helped keep us on our toes to make sure we took action right away."
"Deployment is great, and we didn't face any big challenges."
"Since our environment is cloud based and accessible from the internet, we like the ability to check where the user has logged in from and what kind of API calls that user is doing."
"We use the tool for threat detection. AWS includes AI features as well. AWS GuardDuty gives us reports."
"The solution will detect abnormalities in the AWS workload and alert us so that we can monitor and take action."
"Defender for Cloud is a plug-and-play solution that provides continuous posture management once enabled."
"The integration with Logic Apps allows for automated responses to incidents."
"This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot."
"The solution is very easy to deploy."
"We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language."
"The dashboard is very good. It gives our clients a lot of information and allows them to have a complete overview of the system. Everything is visible in one glance."
"When you have commissioned Defender, you have these things visible already on your dashboard. This gives the efficiency to the people to do their actual work rather than bothering about the email, sorting out the email, or looking at it through an ITSM solution, whey they have to look at the description and use cases. Efficiency increases with this optimized, ready-made solution since you don't need to invest in something externally. You can start using the dashboard and auditing capability provided from day one. Thus, you have fewer costs with a more optimized, easier-to-use solution, providing operational efficiency for your team."
"The main feature is the security posture assessment through the security score. I find that to be very helpful because it gives us guidance on what needs to be secured and recommendations on how to secure the workloads that have been onboarded."
"I work in a bank, and it would be good if AWS GuardDuty could be integrated with other monitoring and detection tools we use."
"It is evolving, and at the moment, I will just need it on a larger scale. Then, it will satisfy my demand, initially."
"AWS GuardDuty needs to be more customer-oriented."
"We currently find Lacework to be much better at detecting vulnerabilities than AWS GuardDuty. The engines of AWS GuardDuty have to be improved."
"There is currently no consolidated dashboard for AWS GuardDuty. It would be helpful if they could provide a dashboard based on severity levels (high, medium, low) and offer insights account-wise, especially for users utilizing automation structures."
"Cost changes. It's very expensive. If you turn on every feature, it's more than most commercial vendors. For smaller orgs, that doesn't make sense."
"One improvement I would suggest for AWS GuardDuty is the ability to assign findings to specific users or groups, facilitating better communication and follow-up actions."
"The solution's user interface could be improved because it will help users to understand multiple options."
"Microsoft sources most of their threat intelligence internally, but I think they should open themselves up to bodies that provide feel intelligence to build a better engine. There may be threats out there that they don't report because their team is not doing anything on that and they don't have arrangements with another party that is involved in that research."
"Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time."
"The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services."
"As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains."
"They could always work to make the pricing a bit lower."
"Sometimes it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or a special kind of product."
"I would like to have the ability to customize executive reporting."
"I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting."
AWS GuardDuty is ranked 4th in CWPP (Cloud Workload Protection Platforms) with 19 reviews while Microsoft Defender for Cloud is ranked 2nd in CWPP (Cloud Workload Protection Platforms) with 46 reviews. AWS GuardDuty is rated 8.2, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of AWS GuardDuty writes "A stellar threat-detection service that has helped bolster security against malicious threats". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". AWS GuardDuty is most compared with Prisma Cloud by Palo Alto Networks, CrowdStrike Falcon Cloud Security, Wiz, Check Point CloudGuard CNAPP and Lacework, whereas Microsoft Defender for Cloud is most compared with Microsoft Defender XDR, Prisma Cloud by Palo Alto Networks, Microsoft Sentinel, Wiz and Microsoft Defender for Endpoint. See our AWS GuardDuty vs. Microsoft Defender for Cloud report.
See our list of best CWPP (Cloud Workload Protection Platforms) vendors.
We monitor all CWPP (Cloud Workload Protection Platforms) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.