Try our new research platform with insights from 80,000+ expert users

DefectDojo vs Microsoft Defender for Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 13, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
18th
Average Rating
9.6
Reviews Sentiment
7.8
Number of Reviews
6
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (2nd)
DefectDojo
Ranking in Vulnerability Management
37th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
1
Ranking in other categories
DevSecOps (11th)
Microsoft Defender for Cloud
Ranking in Vulnerability Management
7th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
78
Ranking in other categories
Container Management (8th), Container Security (7th), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (5th), Microsoft Security Suite (7th), Compliance Management (5th)
 

Mindshare comparison

As of July 2025, in the Vulnerability Management category, the mindshare of Zafran Security is 0.8%, up from 0.0% compared to the previous year. The mindshare of DefectDojo is 0.7%, up from 0.1% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 5.7%, up from 4.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
reviewer2267097 - PeerSpot reviewer
Easy to use with efficient vulnerability reporting and team collaboration
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and we send this report to DefectDojo to have CVMs, Central Vulnerability Management. DefectDojo is Central Vulnerability Management. If you have a dashboard to set, we have…
Vibhor Goel - PeerSpot reviewer
A single tool for complete visibility and addressing security gaps
Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We saw benefits from Zafran Security almost immediately after deploying it."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Overall, we have seen about eighty-seven percent reduction of the number of vulnerabilities that require urgency to remediate, specifically the number of criticals."
"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"With the pipeline of detection and DefectDojo, we are able to see the real vulnerabilities, and we fix them."
"The most valuable features are ransomware protection and access controls. The solution has helped us secure some folders on our systems from unauthorized modifications."
"The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark."
"The most valuable feature is that it's intuitive. It's very intuitive."
"The most valuable features offer the latest threat detection and response capabilities."
"It has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem."
"Microsoft Defender for Cloud can find potential phishing links and malicious code in data at rest."
"Good compliance policies."
"I have not experienced any difficulties or issues with the stability of Microsoft Defender for Cloud."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"I think the ability to have some enhanced reporting capabilities is something they can improve on, as they have good reports but we have asked for some specific reporting enhancements."
"The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvements."
"We need something to notify the team responsible for a product when vulnerabilities are found."
"I would like to have the ability to customize executive reporting."
"Integration into other third-party products, particularly those from tier three vendors like ManageEngine and Hexcode, has proven difficult."
"Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority."
"There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place."
"I would like to see more connectors and plugins with other platforms."
"While we are satisfied with Defender for Cloud's features, an AI enhancement could potentially provide better advice and adapt more effectively to our environment."
"I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting."
"It's hard to reach someone who understands my problems. I haven't had many issues, so I haven't called them."
 

Pricing and Cost Advice

Information not available
Information not available
"This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service."
"Defender's basic version is free, which is good. Many of our teams are evaluating the paid version against third-party products."
"The product's pricing policy is generally favorable."
"The pricing is very difficult because every type of Defender for Cloud has its own metrics and pricing. If you have Cloud for Key Vault, the pricing is different than it is for storage. Every type has its own pricing list and rules."
"Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters."
"I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive."
"The cost of the license is based on the subscriptions that you have."
"The licensing is straightforward but can become expensive if you cover everything. You must balance the cost against the importance of what needs covering."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
862,452 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
11%
Financial Services Firm
11%
Manufacturing Company
7%
Healthcare Company
6%
Computer Software Company
20%
Financial Services Firm
16%
Comms Service Provider
13%
Retailer
8%
Computer Software Company
13%
Financial Services Firm
13%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
The current pricing of Zafran Security is fair overall. They were good to work with to accommodate our organization w...
What needs improvement with Zafran Security?
The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvement...
What is your primary use case for Zafran Security?
Zafran Security is helping reduce the amount of critical vulnerabilities in our environments that require prompt reme...
What is your experience regarding pricing and costs for DefectDojo?
The pricing is great. It is much cheaper compared to other solutions. We don't want to pay for things we are able to ...
What needs improvement with DefectDojo?
We need something to notify the team responsible for a product when vulnerabilities are found. We are able to attach ...
What is your primary use case for DefectDojo?
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
 

Also Known As

No data available
No data available
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about Qualys, Wiz, Tenable and others in Vulnerability Management. Updated: July 2025.
862,452 professionals have used our research since 2012.