Microsoft Defender for Cloud

Formerly Azure Security Center

Microsoft Defender is very good while we are enhancing our organization's security, and it is very useful in getting threat alerts and vulnerabilities that can harm our system and users. It is recommended to use this to improve overall security and threat protection of our users and organization. With the help of Microsoft Defender, we get fully covered and secured.

It is appropriate but still needs improvement, the recommendations It suggests needs to be fine-tuned more to accumulate the resources. It keeps changing every month which makes it hard to Implement the same. The security review provides great Insights on the number of recommendations to be implemented. Storage account protection should be more customisable.

If you are using Azure as your primary cloud provider, Go for the whole Defender suite for your security and compliance needs without any second thought. Microsoft Defender for Cloud, endpoint, identity, office and purview along with sentinel are the best and most comprehensive security tools you can get for Azure.

Well-Suited Scenarios:

• It's well-suited for organizations that operate in multi-cloud environments, as it provides consistent security and threat detection across various cloud platforms, including Azure, AWS, and GCP.

• Defender for Cloud is an excellent choice for organizations with hybrid cloud environments, as it offers seamless integration with on-premises systems and cloud resources.

• It's highly suitable for organizations deeply integrated with the Microsoft ecosystem, as it seamlessly integrates with other Microsoft security services, providing a unified security environment.

Less Appropriate Scenarios:

• Smaller organizations with limited IT resources may find the extensive feature set overwhelming. The costs associated with Defender for Cloud may not justify the benefits in such cases.

MDC is specifically most useful if a client has an Azure presence either in hybrid or cloud only mode. Being a Microsoft native product, it leverages the unified integration of the agent with the cloud resources providing an excellent depth of details in the logs. MDC also proves to be very economical in this specific scenario when compared to other vendors like Prisma or CrowdStrike.

MDC is less likely to be of use if it the client needs a preventative solution or a HIPS solution. Even the CWPP offering in MDC is more of an auditing feature that notifies the security admin of an unusual activity but will not be able to prevent it from happening.

When using a medium to large Azure platform it can be hard to stay in control of the configuration and security posture of all the workloads. Especially when they are developed and maintained by different teams. Defender for Cloud is a great tool to get back in control by getting a clear view of all deployed assests, what the posture is and what policies are applied to them.
This way you get a better view of the current health of the environment and if any deviations have occurred. Altough it can be used in a multi-cloud scenario it is pretty limited to a CSPM point of view only

With its easy navigation to view vulnerabilities, compared to other cloud providers platforms, this has greatly enhanced our ability to discover and remediate vulnerabilities in a timely manner.

Well Suited : Ideally suited for organizations heavily invested on Microsoft Azure where it will provide security to azure resources. Also it is well suited for identity and access management in Azure. Less Appropriate : Less suitable for organization with Non-Windows environments, Multi-Cloud environments and non-azure workloads.

Cloud apps catalog and discovery, insights and dashboards are a good use. Tool is also good for generating incidents and alerts, rules keep getting updated with latest trends. Activity log is used commonly in investigations by SOC.

For well suited, if the organisation has a large number of cloud resources and and they are using hybrid cloud environments .And the organisation is dealing with the compliances For less appropriate scenarios ,organisation is not concerned with compliances or thay are using very less resources then it could be expensive for them and also if they are not using multi cloud.

Well-Suited Scenarios: Azure-Based Workloads: Microsoft Defender for Cloud is ideal for securing workloads hosted in Azure. It provides real-time threat protection, security recommendations, and compliance checks tailored for Azure services. Hybrid Environments: It works well in hybrid cloud environments where on-premises infrastructure is connected to Azure. This ensures consistent security policies across both environments. Security Monitoring and Analytics: The platform is strong in continuous security monitoring and analytics. It's well-suited for organizations looking to gain insights into their cloud security posture and detect emerging threats. For Less appropriate scenarios: Small Organizations: Small organizations with limited cloud resources may find the extensive features of Microsoft Defender for Cloud unnecessary and complex.

Defender for Cloud is well suited for organizations that have SaaS-based applications and cloud architecture. Since all the architecture is within the same environment, it is very easy for the security guardians to detect, prevent, and mitigate the underlying security risks. The customer impact with such developed focused solutions is very minimal and that makes this product great.

I use this on a daily basis on my work computer and love that I don't have to do anything special or extra to protect from malware. It's such a relief knowing that my information and network are protected without the hassle.

Threat detect automation made addressing threats very efficient.
Anti-Phishing, Anti-Spam, Anti-Spoofing provide great functionality & capabilities.

Can be an issue when embedding with third party apps.

In my opinion, if you have a cloud or hybrid environment Microsoft Defender for Cloud or a similar product is very necessary to protect the environment.

It seems like it's pretty well suited for small to medium-sized businesses, but less so for large enterprises. Something like a Google or Amazon or something. But for under a 10,000-person company or whatever it might be.

You have to have it for any company with a cloud environment. I think this is a necessity and I think for smaller companies it could become challenging with the budgets for security, but I do think it's kind of a necessary product if we're going to defend a cloud environment.

Kind of parroting what I said before for the logging, it's really great and it's great when we want to observe what kind of communication is hitting that cloud endpoint. Again, from a configuration standpoint, it's just a bit of a pain still to get it set up to work with all of the resources that we're trying to interact with, but that might just be needing to practice more.

I guess for our use cases, I feel like it's well suited for what we're using it for. I don't know if I would give any gripes about how it's not well suited for us. I think we have a lot of success with it.

It is needed when you are using plenty of compute resources and you needed them to be monitored in terms of security. It is well known for its recommendations provided by the resource assessment. Also it makes it more easier to know the current security posture of your environment which contains N number of resources.
It is less appropriate if you want to manage the onpremises servers. The whole onboarding process is bit of lengthy.

The use of other Microsoft services (DCU, MSRC), the detailed and secure monitoring, the customization features, the ability to improve integration, advanced behavioral analysis, robust analytics, all this is a wide group of features that generate me a great satisfaction, it is important to mention that we have Azure Security Center for all our business security system and I think we are on the right track.

When it comes to monitoring Microsoft Security products, Azure Security Center excels. Defender for Endpoints, Defender for Office, Defender for Identity, and Defender for Cloud are all simple to set up and operate. Adding a log server to the mix for additional services may need transforming logs/events from other sources.

As your company expands from small-medium business and if you have available people/hour resources this product is a great complement to the Microsoft suite and not just for security, but for implementing compliance across a multi-cloud tenant. If you don't have people's time or experience it may be better to invest time into it. It's also really a good product to give a bird's-eye view of security and compliance in your environment.

We use Azure AD throughout our org and the Azure Security Center is an invaluable tool for helping point out where we can improve our security posture - before we started using Azure for our day-to-day operations we relied on the security centre guiding us on improvements we can make. However, as we are a hosted 365 customer - we thought most of the security features would be enabled/configured yet when we first got to the Security Center we had lots of work to do. Which was fine as it allowed us to see what was configured and what wasn't. All in all - a great tool and I don't know why someone wouldn't want to use it.

In the scenario where you have limited resources in the area of staffing, it is a big help. I wouldn't recommend it for a high-security environment unless there are trained personnel that focuses on security and are VERY familiar with ASC.