Microsoft Defender for Cloud Apps is well suited when working with other Microsoft Applications. For example, if you are working with Microsoft Office 365 it works very well when implementing CASB features. It works when implementing monitoring or blocks on Sanctioned applications however customizing the message to users is not that great.
The Synology DiskStation is well suited as a NAS solution, easy enough to mirror a Windows file server shares setup. Access to the Hyperbackup utility eliminates the need to purchase a tape backup solution. A portable USB drive can be used as the initial backup target. For air gap purposes can connect Hyperbackup to the various cloud providers such as AWS, Azure, GCP to copy backup data there. Utilizing it as a backup solution has also been great, instead of purchasing a tape solution, tapes and an offsite tape repository. Active Backup for Business is another excellent backup utility for physical servers, VMWare virtual machines, etc. Restoring files is fairly intuitive. Until Synology introduced the dual controller setup, using it as a SAN was less appropriate as there was occasional downtime when the controller had an issue but this was less important for the scenarios we were using it for. It would be more of a concern if we had used it for things that require more robust uptime requirements. Overall we are happy with the features of the Synology DiskStation.
The integration to Microsoft Entra ID is seamless, which allows Conditional Access to redirect the session to Microsoft Defender for Cloud App for it to take actions (Block or Monitor).
Tracker users' activity is very good when troubleshooting or running an investigate.
Detecting risky users through tight integration with Microsoft Entra ID is a very good feature.
Detecting mass downloads and blocking the download of files from non-manage company devices is a very good feature as well.
Synology DiskStation offers lots of options for creating links to share files or request that some uploads files. It makes it really easy to just share a link that can have an expiration or a set number of times it is accessed.
We always had enough storage on our Synology DiskStation, we never had to worry about something being too big to upload or share.
Love how you can create folders that are shared and also have some that are private. This makes it so easy to have shared collaborations with coworkers or clients, but also allows you to have a private place to save things that only you need.
It takes some time to scan and apply the policies when there is some sensitive information.
After it applies the policies, it works, but there is a delay.
It doesn't provide any way to scan Microsoft Teams when an external exchange of images is happening. You can always do the filtering on the documents during the chat, but if there is an image, then some kind of OCR capability is required to detect it. At present, there is no way [Microsoft Cloud App Security] can go and detect those kinds of images and alert us
While BTRFS is a more advanced file system than ext4, it also is in a perpetual state of development, with many features not fully functional and a plethora of bugs. Synology has managed to overcome many of these limitations by placing BTRFS on top of a LVM, but there are much better file systems that Synology could have used, such as OpenZFS.
DSM's built-in backup software, HyperBackup, while robust, oftentimes runs into issues. Specifically, backups can be working fine for months or years, and then suddenly the backups will fail. Sometimes these failures can be resolved, but oftentimes the backups need to be completely restarted. Fortunately, even when the backup fails, the existing backups are still accessible, it is just that new backups can not be performed.
The underlying Linux OS provides significant benefits, but also adds a fair amount of complexity. Most of that complexity is wonderfully hidden by the DSM interface, but when certain problems arise, delving into the Linux command line is not out of the question.
Perhaps the biggest issue with Synology DiskStation is Synology's support. The issue isn't that the support is bad, but it can be frustratingly slow when dealing with a major issue. Synology does have a very active community that is always willing to help, but nothing beats first-party support.
As long as Synology give us support for our hard drivers we will not change. I know Synology has now forced their hands to buy their own hard drivers and their new line of products. But if we still have support for old hard drivers from other manufacturers then we will still use Synology Nas. Otherwise we change manufacturers
The interface is pretty simple and easy to use; however, you will need to do a lot of investigative research on your own to get comfortable with it. Originally, many of the Microsoft security tools had their own seperate consoles. Overtime, they have blended into one interface which is the ideal state. In some cases it is clear Microsoft had to pick which console a certain feature or setting was going to reside in and this leads to some confusion. For example, DLP is managed through Defender for Cloud Apps but you will also need to jump into Purview. For things like reverse proxy on your M365 tenant, you will need to go into Azure and setup conditional access rules. Not a big problem and I can understand why the settings are located where they are but for someone just starting out with Defender for Cloud Apps, it will take some time to figure out.
The Synology DiskStation is easy to set up and manage. The interface is clean and features are well documented. These units are reliable and can be set up to do scheduled integrity checks so failures can be mitigated before they halt business operations. The available packages for expanded roles makes these devices versatile.
I have not utilized actual support but the Sales and Product teams have been super helpful in moving our implementation forward and showing us the best practices.
Unfortunately, the one time I've had to reach out to DiskStation support, it did not go well. My NAS appliance wasn't appearing on the network, and no matter what the support team tried, they could not get it back online. Instead of offering to send me a new unit, they told me to go buy a new one - obviously, this was a disappointing response and not very eco-friendly either! Fortunately, through some internet research of my own, and some ingenuity, I figured out I could restore my NAS to factory settings by removing all the drives and resetting. Only then did I realize I had a bad disk. I had to experiment for a while to figure out which one it was. Once I had done that, though, I was able to get the latest DiskStation loaded back on, no thanks to the DiskStation support crew. If notifications were rock solid, I suspect I would have caught the bad disk before it because an OS problem, but I never received a bad-disk notification.
More flexible and more features with easy integration with cloud services like Microsoft Azure and other cloud services. Overall both gives similar features but we prefer Microsoft cloud app security due to its high threat detection rate. mostly we have been able to stop the threat in very very less time.
Synology DiskStation packs a punch with the latest and greatest feature set which goes above and beyond many other vendors. It allows for a turn-key solution to cover almost every use case in the SMB market leaving other vendors behind.
Cloud App Security saves us thousands of dollars finding and rectifying apps security issues
Identity Security Posture helps the organization identity stay in shape, saving thousands of dollars on security consultations
The cost of suffering a breach cannot be quantified, CAS helps minimize the chances of the attackers succeeding, with excellent historical logging for most operations
