Buyer's Guide
CWPP (Cloud Workload Protection Platforms)
March 2023
Get our free report covering Microsoft, Palo Alto Networks, Amazon, and other competitors of Microsoft Defender for Cloud. Updated: March 2023.
687,947 professionals have used our research since 2012.

Read reviews of Microsoft Defender for Cloud alternatives and competitors

Sachin Vinay - PeerSpot reviewer
Network Administrator at Amrita
Real User
Top 5Leaderboard
Easily detects advanced attacks based on user behavior
Pros and Cons
  • "The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud."
  • "There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further."

What is our primary use case?

I work for a university, and we use Defender for Identity for students, faculty members, researchers, etc. It's around 4,000 end-users. We have a completely Azure-based environment, and all of our users have migrated to the cloud. While we still have some on-premise users, we have synced our user base to the Azure Active Directory in the cloud. 

We require identity protection because most cybersecurity cases today involve identity harvesting. Microsoft Defender for Identity proved to be the best solution for providing support for malicious identity-related issues. Our entire cloud setup is protected. 

How has it helped my organization?

Our enterprise usage entirely depends on identity-based users. Any identity issue or attack could lead to massive data leakage in our environment. Defender for Identity is easy to use and provides precise details on the timeline to facilitate quick transfers.

Microsoft creates a database of critical vulnerabilities that they are constantly updating. Whether it's an old-fashioned or novel attack, it promptly notifies us. It may take some time to identify if it is a brand-new threat. Once it is located, it will tell us what the issue is.

We need to analyze the security features monthly and validate them. Microsoft Defender provides the correct solution for this. It will give you the proper security progressions that happen in Microsoft. We can define levels of security and prioritize security concerns, so we take action on the high-priority problems first. Regarding password resets, etc., there are less-complicated issues that don't pose a risk of data leakage, so we assign a lower priority.

It helps us be proactive because it will notify us about the preventive measures we can take. Once it flags a vulnerability, we can investigate the root cause. So that way, we can mitigate the most critical threats with this set of notifications from Defender.

Defender for Identity has affected our on-premise security because we need less identity management. Everything can be handled on the cloud. We require fewer devices for identity management, so it has reduced our hardware shortage.

It has saved us time by providing prompt notifications. We don't need to spend more time on SIEM solutions. Usually, we would require SIEM solutions or advanced log-based analysis solutions to find all the identity compromises or any identity-hijacking issues. We needed a designated person to check all these aspects with advanced threat-detection programs. We can eliminate all these challenges with the help of Microsoft Defender for Identity. It has cut the time spent on these tasks by 50 percent. 

Defender has also saved us money because we don't require traditional identity-based solutions in the firewall. We needed different identity-based solutions for the cloud, virtual machines, etc. Microsoft has this legacy proprietary feature, so we don't need other solutions. It has considerably reduced our budget by around 30 percent. It has sped up our detection and response time by about 10 percent. 

What is most valuable?

The best feature is security monitoring, which detects and investigates suspicious user activities. It can easily detect advanced attacks based on the behavior. The credentials are securely stored, so it reduces the risk of compromise. It will monitor user behavior based on artificial intelligence to protect the identities in your organization. It will even help secure the on-premise Active Directory. It syncs from the cloud to on-premise, and on-premise modifications will be reflected in the cloud.

Identity harvesting is the most common threat. Legacy Microsoft solutions and Amazon face the same issues in the cloud. Users don't implement other security mechanisms in the cloud. In an on-premise environment, we would have multiple security devices like firewalls and several layers of security. Cloud users are less bothered because cloud features are there and only need to be configured.

Microsoft Defender for Cloud is the best solution because all threats are completely visible, and it has a great dashboard. The dashboard displays each threat and score, so we can identify the threat rating and act efficiently to avoid compromising user identities.

We have a  single sign-on feature on the cloud. If we lose a single set of identities, it can compromise the entire organization, including cloud and on-premise. The same identities are being used everywhere. The user activity has to be completely visible on the dashboard, and it has to generate a pattern. It will notify us if there is any security breach.

It is a complete monitoring set. Minor changes in the user identity can lead to data leakage. If a password is changed in the cloud, it will be reflected automatically in the on-premise. This minor change will trigger an alert in Microsoft Defender for Identity. It ensures that each cloud identity is well protected from spoofing. It has a comprehensive database of well-known spoofing techniques, enabling us to provide cloud identity protection completely. 

It has a vast scope because it is completely single sign-on. In the emerging industry, we use single sign-on because users need to authenticate, but it's challenging to remember multiple passwords. Once your user signs in, you can access all the data. An identity compromise would lead to various issues and affect the data on-premises. Defender maintains a constantly updated database with the latest signatures, attack models, and threats. If it detects one threat, it will monitor the suspicious event and give us frequent alerts.

Identity protection is vital because we use an identity mechanism for everything, including firewall-related activities. The exact identity used in the cloud is used in the most complex firewalls. We require an excellent migration technique to regain this user credential if something gets compromised. Blocking this requires a massive set of procedures. Microsoft Defender comprehensively monitors identity and provides frequent alerts regarding any issue, so we don't need to think of anything else.

Defender's bidirectional sync capabilities are helpful because we need to sync data from multiple directions, including tenant-to-tenant, on-premise-to-cloud, and cloud-to-cloud syncing. As a university, we have multiple tenants, so we need to sync or access data across platforms. That way, everything is more secure, and Microsoft Defender for Cloud also provides ample security for cloud transfers.

The bidirectional sync capabilities are flawless—10 out of 10. Our on-premise Active Directory is perfectly synced with the Azure AD. Everything is synced with on-premise, and changes are reflected in minutes. If a problem with identity is addressed on the cloud, the fix will be mirrored on-premise and vice versa.

Microsoft Defender for Cloud and Identity are bundled. If we have these two solutions, we don't need to worry about anything else or third-party antivirus. Microsoft Defender for Identity acts as a link to all the Microsoft security features that require identity-based validation. Microsoft Defender instantly provides identity security for all our applications, and users need not worry about typing their passwords. Even in situations with less complex encryption mechanisms, users don't need to worry about typing in their passwords. Defender will check and monitor if there are any flaws in that, and it will let us know if there are any issues.

We're a Microsoft shop, so everything works together. If one feature isn't working, everything will be affected. If Defender isn't working, half of our Microsoft security features will be dead. Without identity security, user data can easily be compromised, and data can fall into the hands of intruders or other hackers. The solutions have to complement each other. If anything got wrong, the entire setup would have flaws.

Microsoft security has a legacy security mechanism. A while back, we might have gone with Defender for Endpoint, but Microsoft has also grown into the face of the cloud. The same Defender solution is completely maintaining cloud security. We can imagine Microsoft's vast scale and how Defender can protect the cloud environment from vulnerabilities and attacks. We are definitely delighted with Microsoft products.

The dashboard features are fantastic because it provides a comprehensive overview. It has a great alert mechanism and log inspector that tracks when users access various servers. With this kind of identity validation, we can control which servers the users can access. We have total visibility from the dashboard. We can track identity usage even if there are no issues. That is an essential advantage.

What needs improvement?

There is no option to remedy an issue directly from the console. If we see an alert, we can't fix it from the console. Instead, we must depend on other Microsoft products, such as MDE. That is a significant drawback. It simply works as a scanner, which can sometimes put enough load on the sensors. Immediate actions should be possible from the dashboard because. It can prevent issues from spreading further.

For how long have I used the solution?

I have used Defender for Identity for six years.

What do I think about the stability of the solution?

Defender for Identity is extremely stable. We don't experience any bugs because Microsoft has a three-tier system for checking everything. 

What do I think about the scalability of the solution?

Defender for Identity is completely scalable.

How are customer service and support?

I rate Microsoft support 10 out of 10. The technical support is good, but we don't need it for Defender because everything is pretty straightforward.

How would you rate customer service and support?

Positive

How was the initial setup?

Setting up Defender is straightforward and took two days. We require system admins to check for data mismatches. Once we implement the security, the cloud and on-premise data have to be perfectly synced. We need to ensure the on-premise data can be secured from Defender. It doesn't need maintenance after deployment. Everything happens automatically.

What was our ROI?

The return on investment is there because we don't need to add complicated security managers in the cloud where we need security-based virtual machines running Azure or other cloud platforms. It considerably reduces the time system admins spend on management. The subscription cost is cheaper than deploying a complete hardware setup. It is budget-friendly.

What's my experience with pricing, setup cost, and licensing?

Defender for Identity is a little more expensive than other Microsoft products. Identity and Microsoft Defender for Cloud are both a bit costly.

What other advice do I have?

I rate Defender for Identity nine out of 10. I would give it a perfect 10, except for the inability to remedy issues directly from the console. Defender for Identity is a popular product because most endpoint users already use Defender, so they will be familiar.

When dealing with single sign-on, an identity-based cloud solution is essential for all enterprises because most security concerns are related to identity. It's easy for hackers to hack into servers with compromised identities. We need a legacy enterprise product like Microsoft Defender or a close competitor like Kaspersky. If user identities are compromised, your entire infrastructure will be in danger. Even if the cost is high, you need an enterprise product like Microsoft Defender for Identity.

It's challenging to integrate solutions from multiple vendors. If we used several vendors, we would need to spend a lot of time checking to ensure they integrate correctly. We must also establish an adequate surveillance solution to monitor these different products. It's a headache for the system admins. System administrators have fewer security concerns with an all-Microsoft setup because the elements work in sync. It's easy to monitor the data from any instance, so the data is more secure and accessible. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Sr. Technology Architect at Incedo Inc.
Real User
Top 5
Helpful technical support, with a seamless setup and good integration with the public cloud
Pros and Cons
  • "Auto remediation is a very effective feature that helps ensure less manual intervention."
  • "Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required."

What is our primary use case?

The product provides complete visibility of our cloud security posture. It supports servers and Cloud-Native Services. It provides a centralized solution for Cloud Security with risk and compliance management. 

We required it to manage various compliance requirements including live ISO, SOC, PCI and it supports everything. Our Organization is in a hybrid structure and in it, we are using various AWS and Azure accounts. Earlier, we managed everything individually, however, after the implementation of it, we now manage everything from a single solution. The single solution helps with the system, network, and security administration.

How has it helped my organization?

The solution provides the complete visibility of Cloud Security, as well as a number of baseline policies and rules. This helps us to manage cloud posture with less effort. After implementation, it reduced administrative effort in terms of managed security over the cloud. Now, we are not dependent on individual tools for each account as well as cloud service providers. 

After implementation, the team can generate reports from a single console for all compliance needs.

Auto Remediation is a very effective feature and it improves the need for manual intervention from the security and cloud administrator.

What is most valuable?

The baseline policy and the integration with the public cloud are very easy.

The number of compliance rulesets along with the baseline policy, support of cloud-native services, and license management are easy. Support of the CI/CD pipeline security (Code Security), Kubernetes, et cetera, is useful. 

There are very helpful and various types of reports. Reporting features are very good and anyone from the compliance team can view/generate a report according to compliance support.

Auto remediation is a very effective feature that helps ensure less manual intervention.

Support of AWS Lamda and Azure Functions helps for any potential breaches.

What needs improvement?

Almost all features are good, however, they still require improvements to the code security portion on which integration with the major source code repository is required.

Integration with CI/CD is an important aspect as it is needed to secure the environment. Having it will help a lot.

Integration with Docker is also a key feature that needs some improvements.

Integration with other third parties and with SIEM is an important aspect that should be addressed.

Currently, it provides integration with Tenable, but it would be good if it had support other VAPT software as well.

For how long have I used the solution?

We have been using Check Point CloudGuard Posture management for the last 8+ months.

What do I think about the stability of the solution?

The solution is very stable and we have not found any gaps. It provides seamless integration with the public cloud.

What do I think about the scalability of the solution?

It's a highly scalable solution and integration with the public cloud is very good. The way you can centralize the dashboard of entire cloud infra is a very impressive.

How are customer service and support?

Support has been good. We implement it with the help of OEM support and whenever we've required help we've received a good response.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Earlier, we tested other tools as well, however, the features which were available via Check Point are very good and the future roadmap is also very good in regards to cloud security.

How was the initial setup?

The setup is straightforward and seamless.

What about the implementation team?

We implemented it with help of Check Point support. The rest was managed by our internal team as it's easy to handle.

What was our ROI?

Security is very important and gives us ROI from security itself. We also get an ROI as we have less administrative effort. We can see an ROI with the compliance and risk management on offer too.

What's my experience with pricing, setup cost, and licensing?

The setup cost is very affordable and very easy. Integration with the public cloud is very easy. The licensing calculation is also very good and no manual effort is required.

Which other solutions did I evaluate?

We evaluated other tools like Rapid7, Qualys, and AWS native security tools, as well as Azure native security tools.

What other advice do I have?

It's a very strong solution for cloud security posture management and very effective for large and mid-size environments. Any organization moving towards the cloud would benefit from this.  

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Analyst at a consultancy with 10,001+ employees
Real User
Top 20
Easy to maintain with advanced protection and helpful support
Pros and Cons
  • "We can scale the product as needed."
  • "We'd like to see a few more integrations."

What is our primary use case?

We primarily use the solution for the XDR.

We have integrated this with all of our endpoints. Basically, we are using it for incident response. We have a SOC team here, so we are using it in a SOC and the Workload solution. For two or three months, we have been migrating to Workload Security. It is mainly for incident response.

What is most valuable?

We are able to observe attack techniques and targeted attack detection. 

We need to explore more on it since it is still a new product for us. 

It is quite advanced, and it can help us protect our organization against threats. The targeted threat detection is great.

My understanding is the initial setup is pretty straightforward. 

The solution has been stable. 

We can scale the product as needed. 

Technical support is helpful.

It is easy to maintain. 

What needs improvement?

We'd like to see a few more integrations. Specifically, we'd like to see more IOC integration tools. 

We haven't implemented the automation piece just yet; however, we will go through that soon. We just need more time to see how it all works. 

For how long have I used the solution?

I've been using the solution for six or seven months. 

What do I think about the stability of the solution?

This solution seems to be pretty stable so far. I haven't come across any issues. There are no bugs or glitches. It doesn't crash or freeze. 

What do I think about the scalability of the solution?

The product is scalable. When we started, we had a few agents and very few endpoints. At this point, we've integrated with most of them. We haven't seen any issues as we've scaled up.

How are customer service and support?

Support has been quite helpful overall. We've dealt with them multiple times, and they have always been helpful. We tend to get the help we need within two or three hours. They ask many questions and get down to solving the problem at hand. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I also work with Microsoft Defender. 

We were using OfficeScan and ApexOne as well. 

We decided to work with this product as it had a good reputation.

How was the initial setup?

While I wasn't directly involved with the setup, my understanding is it was straightforward. I do not recall hearing about any complexities coming up. The deployment itself took a few months.

In terms of maintenance, we do get hotfixes every once in a while. It's pretty simple to maintain. 

What about the implementation team?

Trend Micros assisted our team with the setup process. However, it was mostly handled in-house. 

What's my experience with pricing, setup cost, and licensing?

I can't speak to the exact cost.

What other advice do I have?

I'm an end-user. We are using the latest version of the solution. 

The support is pretty good. It is really straightforward. It is very easy to understand, and therefore, I highly recommend the solution.

I'd rate the solution nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Sathya Paul - PeerSpot reviewer
Director Of Information Technology at TollPlus LLC.
Real User
Top 10
An AI-driven solution that self-activates to find issues and provide alerts
Pros and Cons
  • "The solution is silent and sits on your system as one single agent."
  • "Technical support could be better than what is currently offered."

What is our primary use case?

Our company's line of business includes financial transactions with an insurance policy that requires EDR protection. Compliance is part of our policy and agreement with customers. 

We currently have 1,100 users of the solution. 

What is most valuable?

The solution is silent and sits on your system as one single agent.

Only one or two MB of memory are consumed which is much less than other products. 

The solution is AI-driven so it self-activates to find issues and provide alerts or notifications rather than running all the time.

The portal is very user-friendly so it is not difficult to manage. 

The solution doesn't require system restarts. That is one disadvantage of Symantec or Kaspersky because they require restarts when you uninstall or reinstall. 

What needs improvement?

Technical support could be better than what is currently offered. 

For how long have I used the solution?

I have been using the solution for three months. 

What do I think about the stability of the solution?

The solution is stable with no issues. 

We have only used the solution for three months so will continue to monitor stability for the next several months. 

I rate stability an eight out of ten. 

What do I think about the scalability of the solution?

The solution is scalable. We do not yet have the requirement to take an in-depth look at scalability. 

I rate scalability an eight out of ten. 

How are customer service and support?

Technical support could be better because there are ownership issues. 

For example, when you raise a support case there is not much communication between the account manager and support. The account manager is supposed to own the case but instead is disconnected from it. 

I rate support a six out of ten. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used Symantec and Kaspersky. 

How was the initial setup?

The setup is pretty easy to walk through without much trouble. 

I rate setup an eight out of ten. 

What about the implementation team?

We utilized a third-party for implementation. They helped us with the admin console, training, and the pilot setup that we eventually took over. Our internal team included two security staff and four support staff.

We were moving from Symantec and Kaspersky. We targeted our servers first because Symantec is difficult to uninstall and there is an interim process for removal. Once completed, we installed the solution. 

It took about two months to complete implementation across all systems. 

What was our ROI?

We did our homework in advance for cost or other things to calculate ROI. The solution met our expectations so ROI is rated a seven out of ten. 

What's my experience with pricing, setup cost, and licensing?

The pricing is competitive and includes all features and support.

I rate pricing an eight out of ten. 

Which other solutions did I evaluate?

We evaluated Microsoft Defender, Sophos, Symantec, and Trend Micro before choosing the solution. 

What other advice do I have?

I recommend using the solution and rate it an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Support at a security firm with 51-200 employees
User
Top 5Leaderboard
Good security and integration but needs better documentation
Pros and Cons
  • "We have managed to have an impressive reduction in phishing that used to enter our system before applying Check Point."
  • "They could improve Check Point support response times. Sometimes it takes days to resolve or even days to get a first response."

What is our primary use case?

Our corporate environment requires business protection for email and our collaboration tools to avoid threats, spam, and ransomware, among other threats coming in through email. This could have great effects on our systems and equipment.

With Check Point, we can protect our data in the cloud with tools such as One Drive, among others.

The tool works with different manufacturers, which provides great reliability.

How has it helped my organization?

Check Point has helped us improve our security layer with this complete cloud solution. We no longer depend on a Gateway as it is a complete solution that helps us prevent any type of threat that travels through email.

We have managed to have an impressive reduction in phishing that used to enter our system before applying Check Point.

We also really like its centralized environment since the Check Point Infinity Portal really centralizes everything.                 

What is most valuable?

The platform offers advanced security measures to protect emails from cyber threats such as phishing attacks, malware, and ransomware.

The platform is cloud-based, which means users can access their emails and collaboration tools from anywhere and on any device.

The security of collaboration tools is great.

The platform integrates with other productivity and collaboration tools like Microsoft Office, Slack, and Zoom.

What needs improvement?

Maybe they could integrate the solution with Avanan. Doing that would really make it a very robust solution.

They could improve Check Point support response times. Sometimes it takes days to resolve or even days to get a first response.

The solution lacks public documentation and some documentation is not so clear, which means that the client does not understand the implementation that must be carried out.

You can only see the costs through a Check Point partner.                           

For how long have I used the solution?

This is a very productive tool. We used it for a few months. It really helped us protect against threats in email and Microsoft collaborative tools.

Which solution did I use previously and why did I switch?

Previously we did not use more than the security provided by Microsoft itself. We have since changed to Check Point.

What's my experience with pricing, setup cost, and licensing?

As for the cost, it is per protected user. It seems good to me in that aspect however, the issue of implementation sometimes costs a bit. That's okay if it can be done correctly. The licenses are easy to acquire.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
CWPP (Cloud Workload Protection Platforms)
March 2023
Get our free report covering Microsoft, Palo Alto Networks, Amazon, and other competitors of Microsoft Defender for Cloud. Updated: March 2023.
687,947 professionals have used our research since 2012.