AWS CloudTrail vs. Datadog vs. Microsoft Defender for Cloud

It is necessary to enable [AWS] Cloudtrail when using AWS in a production environment, otherwise you will not have any idea what is happening within your accounts. Third party monitoring applications will all require [AWS] CloudTrail to be enabled as well. I would not recommend it solely as a monitoring tool, to get the most out of it you must send the logs elsewhere. Either to Cloudwatch logs or a third party product.

Incentivized

Datadog may be better suited for teams that have a more out-of-the-box infrastructure, on the primary platforms Datadog supports. You may also have better results if you have a bigger team dedicated to devops and/or a bigger budget. We found that trying to adapt it to our use case (small team, .NET on AWS Fargate) wasn't feasible. We continually ran into roadblocks that required us to dig through documentation (and at times, having to figure out some documentation was wrong), go back and forth with support, and in my opinion, waste money on excessive and unintended usages due to opaque pricing models and inaccurate usage reports, as well as broken/non-functional rate sampling controls.

Incentivized

Microsoft is well-suited with its definitive cloud, and I also like its Microsoft Intune ID. The conditional policies are great with that, and they're really good and well situated, so you can't beat them at that conditional policy level. Less appropriate, as I said, some of these low-hanging fruit features, like being good in phishing campaigns, and then I feel like maybe doing better at their seam products. So we'll see how that goes.

Incentivized

• API Log
• User activity tracking
• Real-time alerts

Incentivized

• The thing which Datadog does really well, one of them are its broad range of services integrations and features which makes it one step observability solution for all. We can monitor all types of our application, infrastructure, hosts, databases etc with Datadog.
• Its custom dashboard feature which helps us to visualize the data in a better way . It supports different types of charts through those charts we can create our dashboard more attractive.
• Its AI powered alerting capability though that we can easily identify the root cause and also it has a low noise alerting capability which means it correlated the similar type of issues.

Incentivized

• I like that with Microsoft Defender for Cloud you can track your secure score to see how well you are doing with your security controls.
• There are remediation steps for findings with the platform and some can be fix automatically with a few clicks.
• There are recommendations for exactly what controls to put in place to ensure a more secure environment for Azure.

Incentivized

• [In my experience] Cost can easily get out of control with multiple trails on full logging
• Logs can be difficult to decipher

Incentivized

• Alert windows cause lag in notifications (e.g. if the alert window is X errors in 1 hour, we won't get alerted until the end of the 1 hour range)
• I would appreciate more supportive examples for how to filter and view metrics in the explorer
• I would like a more clear interface for metrics that are missing in a time frame, rather than only showing tags/etc. for metrics that were collected within the currently viewed time frame

Incentivized

• Granular permissions and role-based access management could improve security. This would enable organizations to control who has access to and can set specific features.
• While it offers integration with various Microsoft services, expanding support for third-party cloud platforms and applications would enhance its versatility. Many organizations use multiple cloud providers, and broader compatibility would be advantageous.
• The cost structure could be more transparent, especially for larger organizations with extensive cloud resources. Clearer cost breakdowns and predictions would help organizations budget more effectively.

Incentivized

Definitely will not revisit after our issues and, in my opinion, poor support.

Incentivized

It is a great product that integrates nicely when running an Azure platform and even multi-cloud environment. Not looking for point-solutions but a suite that answers most requirements. It is very comfortable being able to use KQL, workbooks and automation that is native to the azure platform

There are so many features that it can be hard to figure out where you need to go for your own use case. For example, RUM monitoring us buried in a "Digital Experience" sidebar setting when this is one of our key use cases that I sometimes struggle to find in the application. It appears that ECS + Fargate monitoring was recently released which is great because we had to build a lambda reporting solution for ephemeral task monitoring. But this new feature was never on my radar until I starting clicking around the application.

Incentivized

My visibility is limited because I'm only doing very small pieces of what the overall org does. And also, we have limitations on what we're allowed to use. It's not like we get a new product as users or leadership level users, and everything is on, and we can just do whatever we want. We're very restricted in what we can use any tooling within the org because of the different levels of regulatory constraints we have, because of just the nature of who we are inherently. So that's why. I don't think it's necessarily the product. I think it's more or less of what we're able to do with the product.

Incentivized

The support team usually gets it right. We did have a rather complicate issue setting up monitoring on a domain controller. However, they are usually responsive and helpful over chat. The downside would be I don’t think they have any phone support. If that is important to you this might not be a good fit.

Incentivized

Documentation was difficult to work through, rollout was catastrophic (completely outage)

Incentivized

I think in the end, CloudTrail has more features and you can dive deeper inside the logs so it depends on your usage and what you expect in the end to make the right choice, I would say that both tools are really useful and bring a lot of benefits to I.T. companies.

Incentivized

Our logs are very important, and Datadog manages them exceptionally well. We frequently use Datadog services for our investigations. Use case: Monitor your apps, infrastructure, APIs, and user experience.


Key features:


Logs, metrics, and APM (Application Performance Monitoring)


Real-time alerting and dashboards


Supports Kubernetes, AWS, GCP, and other integrations


RUM (Real User Monitoring) and Synthetics





✅ Best for backend, server, and distributed systems monitoring.

Incentivized

Microsoft Defender for Cloud is definitely the choice with the latest market trend and attacks that are currently happening. Microsoft has been able to safe guard a lot after the recent serious attacks happening globally in the digital world. There is a trust in this software and with the latest updates and machine learning capabilities, Microsoft Defender for Cloud should be the choice.

Incentivized

• Allows us to investigate any strange api actions
• Increases security
• Audit trail of changes made in AWS

Incentivized

• Saved us (time & money) from developing our own monitoring utilities that would pale in comparison
• Alerts allow us to remedy issues before our customers even know about them
• Tracking resource usage over time allows us to better plan for future needs, before it becomes a pain-point.

Incentivized

• It simplifies security management and saves time. I'm not sure, but I'm very confident it saved me a couple of paychecks by centralizing the data I need to secure the cloud environment.
• I also utilize the inventory overview to monitor my team's activities and verify they are following internal regulations, as well as cost overruns.
• The recommendations can be utilized as a valuable instructional tool. I have the team explain why they are receiving them, why they are not following them, and what they are doing differently.

Incentivized