Drata vs Microsoft Defender for Cloud comparison

"Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it."

"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually. Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket. Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade. Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."

"My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked."

"Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company, which already has tools like Intune to enforce laptop encryption. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments."

"Drata offers APIs for every clause so that it can integrate into various platforms."

"The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good."

"The product is 100 percent friendly to use."

"The most valuable feature is the regulatory compliance aspect, where we utilize predefined initiatives like NIST. Alert management is another useful feature. Alerts are directly integrated with our email or DevOps board for easy viewing, allowing us to identify problem areas efficiently."

"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."

"I would like to see more connectors and plugins with other platforms."

"The most valuable feature is the recommendations provided on how to improve security."

"The most valuable feature of Microsoft Defender for Cloud is its ability to assess an environment and give us a clear idea of what security components are lacking and which are not."

"When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties."

"The feature of Microsoft Defender for Cloud that I have found most valuable is the alerts, which are pretty standard for security."

"We can create alerts that trigger if there is any malicious activity happening in the workflow and these alerts can be retrieved using the query language."

"One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification."

"The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop,"

"The product can improve in its API documentation area."

"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."

"The solution is quite costly."

"Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time."

"The existing features of Drata are already extensive and costly to integrate."

"In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true."

"I would like to see more connectors and plugins with other platforms."

"Another thing that could be improved was that they could recommend processes on how to react to alerts, or recommend best practices based on how other organizations do things if they receive an alert about XYZ."

"The solution could improve by being more intuitive and easier to use requiring less technical knowledge."

"The customer service at Microsoft has room for improvement. The first line of support is not technically adept and often requires engaging higher-level technicians to resolve issues."

"The pricing could be improved, as it is somewhat high for smaller companies."

"An area where Microsoft Defender for Cloud could be improved is in getting away from having multiple menus that do the same thing, which seems imposing when looking at it."

"I would like to see more connectors and plugins with other platforms."

"While we are satisfied with Defender for Cloud's features, an AI enhancement could potentially provide better advice and adapt more effectively to our environment."

"It's one of the more expensive options, but I think it's worth the money if you can afford it."

"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."

"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."

"The price of the solution is good for the features we receive and there is an additional cost for Microsoft premier support. However, some of my potential customers have found it to be expensive and have gone on to choose another solution."

"Understanding the costs of cloud services can be complicated at first. As with a lot of things in the cloud, it can be quite hard to understand the end cost, but it becomes clearer over time. Early on, the lack of transparency is a challenge. Microsoft does not tell you the cost when they launch something. It is clever marketing, and there is room for improvement there. There should be clarity from the start."

"I am not involved much with the pricing but the bundle offering is good."

"We only use the free tier, so we haven't faced any pricing, setup costs, or licensing challenges."

"The pricing and licensing of Microsoft Defender for Cloud have been good for us. We appreciate the licensing approach based on employee count rather than a big enterprise license."

"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."

"The solution is expensive, and I rate it a five to six out of ten."

"The tool is pretty expensive."