Drata vs Microsoft Defender for Cloud comparison

"The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good."

"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually. Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket. Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade. Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."

"Drata offers APIs for every clause so that it can integrate into various platforms."

"The product is 100 percent friendly to use."

"Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it."

"Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company, which already has tools like Intune to enforce laptop encryption. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments."

"My favorite part of Microsoft Defender for Cloud is the compliance features. Defender covers a wide range of workloads, on par with competing products on the market."

"It helps you to identify the gaps in your solution and remediate them. It produces a compliance checklist against known standards such as ISO 27001, HIPAA, iTrust, etc."

"The most valuable feature for me is the variety of APIs available."

"The most valuable features offer the latest threat detection and response capabilities."

"It's quite a good product. It helps to understand the infections and issues you are facing."

"Using Security Center, you have a full view, at any given time, of what's deployed, and that is something that is very useful."

"One of the features that I like about the solution is it is both a hybrid cloud and also multi-cloud. We never know what company we're going to buy, and therefore we are ready to go. If they have GCP or AWS, we have support for that as well. It offers a single-panel blast across multiple clouds."

"The most valuable features of this solution are the remote workforce capabilities and the general experience of the remote workforce."

"In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true."

"The existing features of Drata are already extensive and costly to integrate."

"The solution is quite costly."

"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."

"The product can improve in its API documentation area."

"The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop,"

"One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification."

"Customer service and support from Microsoft are very poor. Even for high-severity cases, response or resolution time can extend to three or four weeks."

"The product's advanced analytics and reporting features could be improved."

"The initial setup is not actually so complex but it feels complex because there are many add-ons. There are many options and my team needs to be aware of all of these changes happening on the backend which is a distraction."

"The product must improve its UI."

"Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time."

"The pricing could be improved, as it is somewhat high for smaller companies."

"As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains."

"You cannot create custom use cases."

"It's one of the more expensive options, but I think it's worth the money if you can afford it."

"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."

"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."

"The licensing cost per server is $15 per month."

"The pricing model for most plans is generally good, but the cost of the new Defender for Storage plan is high and should be revisited, as it could lead to disabling desirable security features due to cost."

"The pricing and licensing of Microsoft Defender for Cloud have been good for us. We appreciate the licensing approach based on employee count rather than a big enterprise license."

"I am not involved in this area. However, I believe its price is okay because even small customers are using Azure Security Center. I don't think it is very expensive."

"Pricing is a consideration, but we strive to keep costs low by enabling only necessary services."

"I rate Microsoft Defender a three out of ten for affordability. The price could be a little lower."

"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."

"Defender's basic version is free, which is good. Many of our teams are evaluating the paid version against third-party products."