When comparing Microsoft and Palo Alto Networks in the context of Cloud Security Posture Management (CSPM), it's important to consider the strengths and focus areas of each vendor's offerings. Microsoft Defender for Cloud and Palo Alto's Prisma Cloud designed for managing cloud security risks, ensuring compliance, and automating governance across cloud environments.
Defender provides a unified security management system that strengthens the security posture of your data centers, and it is particularly well-integrated with Azure services, although it also supports multi-cloud environments to an extent. Defender receives positive feedback for its threat protection, seamless integration with Microsoft tools, and reasonable pricing options. Prisma Cloud is a comprehensive cloud-native security platform that integrates security across the full development lifecycle and cloud environments, including AWS, Google Cloud, and Azure. The solution is commended for its robust security features, and comprehensive compliance capabilities.
The summary above is based on 134 interviews we conducted recently with Palo Alto Networks and Microsoft Defender users. To access the review's full transcripts, download our report.
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"The solution is very user-friendly."
"It has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem."
"Defender for Cloud is a plug-and-play solution that provides continuous posture management once enabled."
"The most valuable features of the solution are the insights, meaning the remediation suggestions, as well as the incident alerts."
"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."
"The most valuable feature is that it's intuitive. It's very intuitive."
"The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra."
"The entire Defender Suite is tightly coupled, integrated, and collaborative."
"The technical support is very good."
"Due to the maturity of most companies, security posture management is the most valuable feature."
"The solution's dashboard looks very user-friendly."
"It has a feature for customized security policy. I implement it in banking, health insurance, and other sectors, and every organization has its own customized policies and procedures. In Prisma Cloud, you can customize policies, and based on that, you can do monitoring."
"I like Palo Alto's threat protection and Wi-Fi coverage. It has advanced features like DNS security and sandboxing. The automation capabilities are excellent."
"I find the CSPM area to be a more valuable and flexible feature."
"Cloud security posture management is the preferred feature among other vendors."
"We found it to be easy and flexible. We could easily configure it for our needs, and we could spread the Prisma Cloud platform to 16 countries without encountering any kind of problem."
"It also provides us with a single tool to manage our entire cloud architecture. In fact, we are using a multi-account strategy with our AWS organization. We use Prisma as a single source of truth to identify high- or medium-severity threats inside our organization."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"The only thing that needs to be improved is the number of scans per day."
"The remediation workflow within the Wiz could be improved."
"It needs to be simplified and made more user-friendly for a non-technical person."
"If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented."
"The solution is quite complex. A lot of the different policies that actually get applied don't pertain to every client. If you need to have something open for a client application to work, then you get dinged for having a port open or having an older version of TLS available."
"Most of the time, when we log into the support, we don't get a chance to interact with Microsoft employees directly, except having it go to outsource employees of Microsoft. The initial interaction has not been that great because outsourced companies cannot provide the kind of quality or technical expertise that we look for. We have a technical manager from Microsoft, but they are kind of average unless we make noise and ask them to escalate. We then can get the right people and the right solution, but it definitely takes time."
"One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view."
"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."
"Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations."
"From my own perspective, they just need a product that is tailored to micro-segmentation so I can configure rules for multiple systems at once and manage it."
"I would like to see the inclusion of automated counter-attack, although this is probably illegal."
"I think Prisma Cloud could improve its preventive governance policy and CWP run time modules."
"They charge seven workloads for monitoring one compute, and that is quite expensive. This makes it difficult to move fully with the compute part because of the workload."
"Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that."
"The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls."
"They need to improve the API gateway."
"Sometimes we do get false alerts. That should be improved."
"The user interface should be improved and made easier."
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Microsoft Defender for Cloud is ranked 3rd in Container Security with 46 reviews while Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 81 reviews. Microsoft Defender for Cloud is rated 8.0, while Prisma Cloud by Palo Alto Networks is rated 8.4. The top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". On the other hand, the top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Microsoft Defender XDR, Microsoft Defender for Endpoint, Microsoft Sentinel and Azure Firewall, whereas Prisma Cloud by Palo Alto Networks is most compared with Aqua Cloud Security Platform, AWS Security Hub, CrowdStrike Falcon Cloud Security, AWS GuardDuty and Check Point CloudGuard CNAPP. See our Microsoft Defender for Cloud vs. Prisma Cloud by Palo Alto Networks report.
See our list of best Container Security vendors, best Cloud Workload Protection Platforms (CWPP) vendors, and best Cloud-Native Application Protection Platforms (CNAPP) vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.