We performed a comparison between Microsoft Defender for Cloud and Netsurion based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Microsoft Defender for Cloud is highly regarded for its automated processes, advanced threat analysis, and extensive security measures, including protection against ransomware and access controls. Netsurion delivers thorough and informative notifications and effectively identifies threats. Users praise its seamless incorporation of endpoint security measures. Microsoft Defender for Cloud could use enhancements in automation and ease of use. Netsurion should focus on enhancing weekly reporting, utilizing internet options for enhanced security, and strengthening threat detection and response.
Service and Support: Some Defender for Cloud users reported positive experiences with Microsoft, while others complained that the solution's outsourced support lacked technical knowledge. Netsurion's customer service has received mixed reviews, with some users expressing concerns about technical planning and the installation process.
Ease of Deployment: The initial setup of Microsoft Defender for Cloud is described as straightforward, but the deployment time may vary depending on specific requirements. Netsurion's initial setup was described as easy, with clear instructions and packages provided. Reviewers appreciated the support and assistance from Netsurion. Netsurion guided the setup discussion based on business needs, making it easier to understand and implement.
Pricing: Microsoft Defender for Cloud is in the mid-to-high pricing tier. While some users find it expensive, others believe it offers good value. Netsurion is considered a good value for the money and competitive. Users say the solution’s pricing is transparent.
ROI: Microsoft Defender for Cloud streamlines security tasks and saves users money by consolidating various solutions. Netsurion offers actionable intelligence and eliminates the requirement for specialized staff, saving time and costs. Its managed SOC component also delivered substantial benefits to organizations.
"The product has given us more insight into potential avenues for attack paths."
"It isn't a highly complex solution. It's something that a lot of analysts can use. Defender gives you a broad overview of what's happening in your environment, and it's a great solution if you're a Microsoft shop."
"It's got a lot of great features."
"Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription."
"The first valuable feature was the fact that it gave us a list of everything that users were surfing on the web. Having the list, we could make decisions about those sites."
"DSPM is the most valuable feature."
"Most importantly, it's an integrated solution. We not only have Defender for Cloud, but we also have Defender for Endpoint, Defender for Office 365, and Defender for Identity. It's an integrated, holistic solution."
"Provides a very good view of the entire security setup of your organization."
"I like EventTracker's dashboard. I see it every time I log in because it's the first thing you get to. We have our own widgets that we use. For the sake of transparency, there are a few widgets that we look at there and then we move out from there... Among the particularly helpful widgets, the not-reporting widget is a big one. The number-of-logs-processed is also a good one."
"There are a host of things that are most valuable. Obviously monitoring our environment and reporting out different events is important. They perform a suite of services. They monitor all of our servers, all of our key infrastructure, like our DNS, our switches, all that stuff. They aggregate and correlate that quarterly. They'll tell us if we're getting a lot of login failures and something is going on or if something's weird."
"The most important feature is keeping track of when accounts are created and deleted, when permission groups are changed, and memberships are changed in groups; and overall, how many errors are occurring on the various systems that we're monitoring."
"The most valuable feature is definitely real-time alerting, especially in situations where someone might attempt to exploit or hack into our network."
"If I were to look at logs manually, there's no way I could do that. As an example, they are 48 million logs processed a day. There is no way I could look at all 48 million of those. So, it gives me a good structure to be able to look at the different incidents which are created and do different searches."
"When it comes to threat detection and response, it does a very good job detecting and blocking on its own. And the SOC is a nice added value because they're doing analysis on things that aren't as obvious, on things that you can't just detect with a signature or behavior. Also, any SIEM will come with a lot of noise, so having them do a lot of the initial analysis to find out what's critical and what issues are false alarms is very good."
"If we need to do a search for user lockouts, we can go, search, and find locations where they have been locked out, then keep track of those events, historically."
"I like the UI, overall. I like the main page and there are aspects of the search page that I like. When you bring it up on the left-hand side of the page, as you look at the events, the ability to simply hit and click the plus/minus to pull events in and out of the overall view is well done and is very effective from a threat-hunting and an analysis perspective. I like the detail it shows."
"Microsoft Defender could be more centralized. For example, I still need to go to another console to do policy management."
"The initial setup is not actually so complex but it feels complex because there are many add-ons. There are many options and my team needs to be aware of all of these changes happening on the backend which is a distraction."
"There is no perfect product in the world and there are always features that can be added."
"I would like to have the ability to customize executive reporting."
"Another thing is that Defender for Cloud uses more resources than CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do."
"Another thing that could be improved was that they could recommend processes on how to react to alerts, or recommend best practices based on how other organizations do things if they receive an alert about XYZ."
"Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority."
"The product must improve its UI."
"Communication is always something that can be improved, but I feel that any time we've had a communication issue, it's quickly addressed when we bring those up at the monthly meetings. Usually, it's an individual that wasn't clear in the communication, it's not the process per se. You always have to be able to segregate if the process didn't work or an individual either didn't say the right thing or my people didn't understand what they were being told."
"With version 8, there are quite a few things. The query tool was one of the big ones, and the query speed was one of the big ones, but they've made some great strides between versions 8 and 9. There were also issues in version 8 around the ability to get the data back out. It's one thing to collect data, but it's a whole other thing to be able to present it or run it in a timely manner. The old tool, depending on how far back I was looking, might even time out and I would have to run it again."
"There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days."
"Netsurion's SOC can be a bit too aggressive at times."
"We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports."
"The MITRE ATT&CK framework could be faster when identifying and understanding sophisticated threats. Whenever something happens, we usually get notified a couple hours later."
"I would also like to have a dashboard that I can access anytime to review the real-time data from their website."
"The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them."
Microsoft Defender for Cloud is ranked 2nd in Cloud Workload Protection Platforms (CWPP) with 46 reviews while Netsurion is ranked 4th in Managed Security Services with 24 reviews. Microsoft Defender for Cloud is rated 8.0, while Netsurion is rated 8.4. The top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and Microsoft Defender for Endpoint, whereas Netsurion is most compared with Arctic Wolf Managed Detection and Response, CyberHat CYREBRO and Wazuh. See our Microsoft Defender for Cloud vs. Netsurion report.
We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.