Microsoft Defender for Cloud vs ReversingLabs comparison

"Microsoft Defender for Cloud is a valuable tool that integrates seamlessly with Azure Policy and our Security SIEM, simplifying implementation and enhancing security posture."

"The most valuable features are the monitoring of users, endpoint detection and response, and the adaptability of the AI threat intelligence engine, which quickly adapts to customizations."

"The product has given us more insight into potential avenues for attack paths."

"Provides a very good view of the entire security setup of your organization."

"Microsoft Defender for Cloud is a valuable tool that integrates seamlessly with Azure Policy and our Security SIEM, simplifying implementation and enhancing security posture."

"Microsoft Defender for Cloud has made our environment more secure."

"I find Microsoft Defender for Cloud's KQL very flexible and powerful. It's really easy to search through with KQL queries to find the security breaches and incidents and to track down the breach itself."

"The most valuable feature is the hunting feature, which integrates well into the entire Microsoft ecosystem."

"As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."

"It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."

"As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."

"ReversingLabs has a large sample size."

"The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild."

"Although Microsoft Defender for Cloud is based on security, I wish it went beyond providing assessments, reports, and generic steps. More detailed procedures would be helpful, especially for lower-level support staff."

"However, some Copilot features aren't available in the GCP environment. This is something we hope will be addressed in the future."

"I would rate Microsoft Defender for Cloud a six out of 10 due to its lack of necessary features to operate as a standalone solution."

"Most customer teams need more training on this type of product."

"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."

"Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority."

"The vulnerabilities are duplicated many times."

"I've heard there might be issues with scalability for larger enterprises."

"The solution needs to improve integrations."

"I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually."

"While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."

"We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."

"The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."

"The product's pricing policy is generally favorable."

"We are using the free version of the Azure Security Center."

"I am not involved much with the pricing but the bundle offering is good."

"This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service."

"Security Center charges $15 per resource for any workload that you onboard into it. They charge per VM or per data-base server or per application. It's not like Microsoft 365 licensing, where there are levels like E3 and E5. Security Center is pretty straightforward."

"Pricing is a consideration, but we strive to keep costs low by enabling only necessary services."

"The tool is pretty expensive."

"There are two different plans. We're using the secure basic plan, but we have used the end security plan as well. There are additional costs, but it gives us more functionalities compared to the basic plan."

"Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months."

"We have a yearly contract based on the number of queries and malicious programs which can be processed."