Try our new research platform with insights from 80,000+ expert users

DefectDojo vs Microsoft Defender for Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Ranking in Vulnerability Management
18th
Average Rating
9.4
Reviews Sentiment
8.2
Number of Reviews
5
Ranking in other categories
Continuous Threat Exposure Management (CTEM) (2nd)
DefectDojo
Ranking in Vulnerability Management
37th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
1
Ranking in other categories
DevSecOps (11th)
Microsoft Defender for Cloud
Ranking in Vulnerability Management
7th
Average Rating
8.0
Reviews Sentiment
7.0
Number of Reviews
78
Ranking in other categories
Container Management (8th), Container Security (7th), Cloud Workload Protection Platforms (CWPP) (2nd), Cloud Security Posture Management (CSPM) (4th), Cloud-Native Application Protection Platforms (CNAPP) (4th), Data Security Posture Management (DSPM) (5th), Microsoft Security Suite (7th), Compliance Management (5th)
 

Mindshare comparison

As of July 2025, in the Vulnerability Management category, the mindshare of Zafran Security is 0.8%, up from 0.0% compared to the previous year. The mindshare of DefectDojo is 0.7%, up from 0.1% compared to the previous year. The mindshare of Microsoft Defender for Cloud is 5.7%, up from 4.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
reviewer2267097 - PeerSpot reviewer
Easy to use with efficient vulnerability reporting and team collaboration
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and we send this report to DefectDojo to have CVMs, Central Vulnerability Management. DefectDojo is Central Vulnerability Management. If you have a dashboard to set, we have…
Vibhor Goel - PeerSpot reviewer
A single tool for complete visibility and addressing security gaps
Currently, issues are structured in Microsoft Defender for Cloud at severity levels of high, critical, or warning, but these severity levels are not always right. For example, Microsoft might consider a port being open as critical, but that might not be the case for our company. Similarly, it might suggest closing some management ports, but you might need them to be able to log in, so the severity levels for certain things can be improved. Even though Microsoft Defender for Cloud provides a way to temporarily disable certain alerts or notifications without affecting our security score, it would be better to have more granularized control over these recommendations. Currently, we cannot even disable certain alerts or notifications. There should be an automated mechanism to design Azure policies based on the recommendations, possibly with AI integration. Instead of an engineer having to write a policy to fix security gaps, which is very time-consuming, there should be an inbuilt capability to auto-remediate everything and have proper control in place. Additionally, enabling Defender for Cloud at the resource group level, rather than only at the subscription level, would be beneficial.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Overall, we have seen about eighty-seven percent reduction of the number of vulnerabilities that require urgency to remediate, specifically the number of criticals."
"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"We saw benefits from Zafran Security almost immediately after deploying it."
"We are able to see the real risk of a vulnerability on our environment with our security tools."
"With the pipeline of detection and DefectDojo, we are able to see the real vulnerabilities, and we fix them."
"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."
"Defender for Cloud is a plug-and-play solution that provides continuous posture management once enabled."
"I would rate Microsoft Defender for Cloud a nine out of 10."
"The most valuable feature is the recommendations provided on how to improve security."
"The solution is quite good and addresses many security gaps."
"It takes very little effort to integrate it. It also gives very good visibility into what exactly is happening."
"The valuable features include the ability to manage devices and the fact that Defender can replace other security tools like SCCM."
"The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra."
 

Cons

"I think the ability to have some enhanced reporting capabilities is something they can improve on, as they have good reports but we have asked for some specific reporting enhancements."
"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvements."
"We need something to notify the team responsible for a product when vulnerabilities are found."
"After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated."
"Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured."
"The range of workloads is broad, but we'd love to add more workloads and make it a single security solution that covers all those workloads. Covering more would allow us to see and protect more workloads from a single pane of glass. Additional features should include protection for more AI workloads as it currently focuses primarily on OpenAI."
"I rate Microsoft support five out of 10. It gets better once you're escalated past the first and second levels. It's difficult to get the necessary support when tickets are first opened."
"The pricing could be better."
"From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR."
"Microsoft Graph needs improvement."
"Azure Security Center takes a long time to update, compared to the on-premises version of Microsoft Defender."
 

Pricing and Cost Advice

Information not available
Information not available
"Microsoft's licensing and pricing are sometimes complicated. If someone is new to Microsoft's licensing, they might have difficulty with it."
"Azure Defender is definitely pricey, but their competitors cost about the same. For example, a Palo Alto solution is the same price per endpoint, but the ground strikes cost a bit more than Azure Defender. Still, it's pricey for a company like ours. Maybe well-established organizations can afford it, but it might be too costly for a startup."
"The product's pricing policy is generally favorable."
"The licensing is straightforward but can become expensive if you cover everything. You must balance the cost against the importance of what needs covering."
"The pricing model for most plans is generally good, but the cost of the new Defender for Storage plan is high and should be revisited, as it could lead to disabling desirable security features due to cost."
"Pricing is difficult because each license has its own metrics and cost."
"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."
"Our clients complain about the cost of Microsoft Defender for Cloud."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
860,711 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
11%
Financial Services Firm
11%
Manufacturing Company
7%
Healthcare Company
6%
Computer Software Company
20%
Financial Services Firm
17%
Comms Service Provider
13%
Retailer
7%
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
9%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
The current pricing of Zafran Security is fair overall. They were good to work with to accommodate our organization w...
What needs improvement with Zafran Security?
The dashboarding and reporting functionality of Zafran Security is an area that definitely could use some improvement...
What is your primary use case for Zafran Security?
Zafran Security is helping reduce the amount of critical vulnerabilities in our environments that require prompt reme...
What is your experience regarding pricing and costs for DefectDojo?
The pricing is great. It is much cheaper compared to other solutions. We don't want to pay for things we are able to ...
What needs improvement with DefectDojo?
We need something to notify the team responsible for a product when vulnerabilities are found. We are able to attach ...
What is your primary use case for DefectDojo?
Use case, so all the reports from GitLeaks, DefectDojo, GitLeaks or dependency check or Trivy, they make reports, and...
How is Prisma Cloud vs Azure Security Center for security?
Azure Security Center is very easy to use, integrates well, and gives very good visibility on what is happening acros...
What do you like most about Microsoft Defender for Cloud?
The entire Defender Suite is tightly coupled, integrated, and collaborative.
 

Also Known As

No data available
No data available
Microsoft Azure Security Center, Azure Security Center, Microsoft ASC, Azure Defender
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
Information Not Available
Microsoft Defender for Cloud is trusted by companies such as ASOS, Vatenfall, SWC Technology Partners, and more.
Find out what your peers are saying about Qualys, Wiz, Tenable and others in Vulnerability Management. Updated: June 2025.
860,711 professionals have used our research since 2012.