CloudSOC CASB is a cloud access security broker developed by Elastica and now owned and supported by Broadcom, since Broadcom acquired Symantec, who acquired Elastica as part of Blue Coat in 2015.
N/A
Microsoft Defender for Cloud Apps
Score 7.7 out of 10
N/A
Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security) is a multimode cloud access security broker.
N/A
Arcsight by OpenText
Score 6.8 out of 10
N/A
A combined SIEM and SOAR, used to accelerate threat detection and response with holistic security analytics, native SOAR, and intelligent automation.
N/A
Pricing
Symantec CloudSOC CASB
Microsoft Defender for Cloud Apps
Arcsight by OpenText
Editions & Modules
No answers on this topic
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Symantec CloudSOC CASB
Microsoft Defender for Cloud Apps
Arcsight by OpenText
Free Trial
No
No
No
Free/Freemium Version
No
No
No
Premium Consulting/Integration Services
No
No
No
Entry-level Setup Fee
No setup fee
No setup fee
No setup fee
Additional Details
—
—
—
More Pricing Information
Community Pulse
Symantec CloudSOC CASB
Microsoft Defender for Cloud Apps
Arcsight by OpenText
Considered Multiple Products
Symantec CloudSOC CASB
No answer on this topic
Microsoft Defender for Cloud Apps
Verified User
Project Manager
Chose Microsoft Defender for Cloud Apps
I would go for MS because we leverage Azure in our organization and that helps.
If you want to extend your Endpoint DLP to cloud: Apps, Web & Email, Then CloudSOC DLP detection Services help you to control with clouds apps & DLP detection Services with WSS help you to control all web. Also, cloud DLP detection services for Email will help you to control visibility & control over Office 365 Exchange, On prem-exchange & Gmail. In the case of other email services- we need to consider other solutions like Forcepoint One.
Microsoft Defender for Cloud Apps is well suited when working with other Microsoft Applications. For example, if you are working with Microsoft Office 365 it works very well when implementing CASB features. It works when implementing monitoring or blocks on Sanctioned applications however customizing the message to users is not that great.
In the current lot of hundreds of SIEM solutions out there in the market, ArcSight ESM is fairly less expensive with strong fundamentals in place. The log ingestion, correlation are very well performing and totally worth ROI. However, the tool has lost its way when it comes to staying abreast with current feature curve of SIEM technology and the evolution has not been done by MicroFocus. Search times are high and there is no major plug-in that has been introduced as part of the product life cycle.
As we know real data protection starts with Data Detection It helps us in the detection of any data like related to GDPR, Source Code, Designs, Financial Plans, SSN, IDs, etc.
All Channel coverage - Cloud , Email Data at rest, in-use, in-motion.
Data Formats- Described data, Structured & Unstructured Data image forms like presentation formats, Text & Markup, word processing, Spreadsheet formats, graphic formats, etc.
Machine Learning - Proximity, Derivative, Partial, Pattern, Large data sets, Distributed, Dynamic embedded.
The integration to Microsoft Entra ID is seamless, which allows Conditional Access to redirect the session to Microsoft Defender for Cloud App for it to take actions (Block or Monitor).
Tracker users' activity is very good when troubleshooting or running an investigate.
Detecting risky users through tight integration with Microsoft Entra ID is a very good feature.
Detecting mass downloads and blocking the download of files from non-manage company devices is a very good feature as well.
Integration with smart logger and ESM to create rules and easy management of the same.
Easy integration with all end point security management tool(IPS/IDS, Firewall, Anti-Virus) and their consolidated output at a single place to effectively rectifying true and false positives.
It takes some time to scan and apply the policies when there is some sensitive information.
After it applies the policies, it works, but there is a delay.
It doesn't provide any way to scan Microsoft Teams when an external exchange of images is happening. You can always do the filtering on the documents during the chat, but if there is an image, then some kind of OCR capability is required to detect it. At present, there is no way [Microsoft Cloud App Security] can go and detect those kinds of images and alert us
The interface is pretty simple and easy to use; however, you will need to do a lot of investigative research on your own to get comfortable with it. Originally, many of the Microsoft security tools had their own seperate consoles. Overtime, they have blended into one interface which is the ideal state. In some cases it is clear Microsoft had to pick which console a certain feature or setting was going to reside in and this leads to some confusion. For example, DLP is managed through Defender for Cloud Apps but you will also need to jump into Purview. For things like reverse proxy on your M365 tenant, you will need to go into Azure and setup conditional access rules. Not a big problem and I can understand why the settings are located where they are but for someone just starting out with Defender for Cloud Apps, it will take some time to figure out.
Overall, it is a good investment in order for an organization to stay compliant and stay secure from all the wild things happening. It is definitely a cost effective tool with some good features including correlation, log storage, reporting and dashboards. If a customer is looking for advanced set of features, then I would highly not recommend this.
I have not utilized actual support but the Sales and Product teams have been super helpful in moving our implementation forward and showing us the best practices.
I personally haven't reached the support team, however, the engineers never complained about the Arcsight support team. We had some issues with the tool in the past but every time we reached the support, all issues were resolved in a timely manner.
We were using Broadcom Symantec Endpoint security Enterprise, Hybrid subscription services & DLP solution at prem, which helped us in CloudSoC CASB Use Case & we have seen PoC of same, which was easy to integrate with existing security architectures. Overall they have offered us the best commercial in comparison with competitors.
More flexible and more features with easy integration with cloud services like Microsoft Azure and other cloud services. Overall both gives similar features but we prefer Microsoft cloud app security due to its high threat detection rate. mostly we have been able to stop the threat in very very less time.
Multiple platforms are already supported by Arcsight. Support is good. Scripts can be used to get data from multiple threat intel sources & the same can be used in correlation rules to detect any suspicious activity. Reporting features are good & you can check any backdated information within new clicks.
Securing the digital transformation. CloudSOC CASB helps the organization's Digital journey by reducing complexities & poor experience of end-users.
Cloud SOC helps us to comply with multiple Compliance like HIPPA, PCI-DSS, GDPR, etc.
Security breaches cause billion-dollar losses to enterprises, CloudSOC will help to assist in the best industry practice by having predefined templates specifically for each industry.
Cloud App Security saves us thousands of dollars finding and rectifying apps security issues
Identity Security Posture helps the organization identity stay in shape, saving thousands of dollars on security consultations
The cost of suffering a breach cannot be quantified, CAS helps minimize the chances of the attackers succeeding, with excellent historical logging for most operations
Logger helps us to decrease incident response times.
It also decreased our project times with the man/day calculations. Before this solution, it may take up to 10 men/days to do something. After this, it becomes nearly half of the time.
