Microsoft Defender for Cloud vs. Salt Security API Protection Platform

Microsoft Defender is very good while we are enhancing our organization's security, and it is very useful in getting threat alerts and vulnerabilities that can harm our system and users. It is recommended to use this to improve overall security and threat protection of our users and organization. With the help of Microsoft Defender, we get fully covered and secured.

Salt is highly recommended for anyone who wants to discover, monitor and protect their APIs against various types of attacks. Salt should not be used as a SIEM.

• detect and respond to security threats in the cloud environment, reducing the risk of data breaches and unauthorized access.
• The product assists our organization dealing with sensitive data in achieving and maintaining compliance with data protection rules.
• The product provides real-time visibility into the cloud environment, offering insights into ongoing security activities.
• It guarantees that security teams can actively handle possible threats by delivering real-time monitoring and notifications, reducing the impact on business operations.

Incentivized

• PII identification in API traffic.
• Divergence between API traffic and documentation (swagger files).
• Potential attacks with information to take counter measures.

• 'Regulatory Compliance' is definitely an area of improvement for MDC. The complex and high number of controls within a specific framework should allow a more helpful and detailed guidelines in order to tackle them.
• The limitation of options in the incident management menu of MDC has proven to be a hassle while managing security alerts. For example, an analyst cannot even provide a comment about the actions taken on an incident.
• There is a missing functionality of connecting other EDR or XDR solutions to MDC which I think should be there for a CSPM tool.

Incentivized

• The platform could have more options for exporting detailed data from attackers' dashboards.
• The Attackers dashboard could also have more options of filters in order to support the investigations of the attack.
• The OAS analysis could present a more detailed view of the found issues.

Defender for Cloud (previously known as Azure Security Center) is a more comprehensive and extensive security solution. Currently, threat analytics make up only a small portion of the whole picture. It encourages a comprehensive picture of the cloud environment across all of its endpoints. For example, firewalls, virtual machine coverage, etc. When compared to the former Threat Analytics, the attack surface of Defender for Cloud is vastly expanded.

Incentivized

We tried controls offered by the IaaS providers but these were hard to manage and did not provide the visibility we wanted. We also protected APIs with a normal WAF but this was only helpful for assets we knew about and API attacks were not caught by the WAF.

• It creates a great insight in all assets that are available
• The CSPM makes sure that certain risk that might have been missed are addressed
• Being able to query across the data gives great insights in threats and possible vulernabilties for CVEs

• Salt Security API Protection Platform has provided detailed information that is helping us to identify and investigate attacks in our environment