Defender for Cloud (Formerly Azure Security Center): An Essential Tool for Any Azure Cloud Environment
May 05, 2022
Defender for Cloud (Formerly Azure Security Center): An Essential Tool for Any Azure Cloud Environment
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Azure Security Center
Defender for Cloud (formerly Azure Security Center) is one of my day-to-day "bases of operation". I.e., it's one of the key dashboard-type utilities I use daily to track the health of my infrastructure and network. There is a lot of sprawl now, given that I am a hybrid and am in the process of migrating up to Azure. For example, I have some virtual machines, VPNs, gateways, tunnels, VNets, SQL databases, etc., that all require monitoring but are very difficult to do in a time-conscious manner and in a way that gives a whole picture. By centralizing everything (at the subscription level), Defender for Cloud really simplifies that task by giving me the issues I need to know about in one shot.
- Simplicity. The "Security posture" score and Security Alerts give me the key pieces of information at a glance and are nicely centralized.
- Automation is key for managing the sprawl I had mentioned, and the increased complexity arising from that. The workbooks and workflow automation provide great flexibility in security operations management.
- Thoroughness. The tradeoff for simplicity is often in thoroughness, but this isn't the case with Defender for Cloud (former Azure Security Center). The security alerts and recommendations actually go into a significant amount of depth while keeping them relevant and meaningful.
- UI/UX. It can get a little messy when navigating around with all the flyouts in the Azure portal which can be frustrating, particularly when under time pressure.
- The query languages for the queries and workbooks are another language that needs to be learned - it would be nice to have kept it closer to T-SQL or something like that to minimize the need to learn new syntax.
- Adding cost estimations to the security recommendations would really improve the experience.
- Security alerts are my go-to in the mornings. Those are the most important for me and my team.
- The inventory overview is also something I use heavily to monitor the activity of my team and ensure they are following internal policies and tends to be a leading indicator for cost overruns, etc.
- The recommendations are also very important. Though we don't always follow them, it forces us to understand why we are getting that recommendation which is obviously a key factor in formulating security policies.
- It's proactive and preventative and ensures security is front of mind across the team by providing a very visible focal point.
- It makes security easy to manage and saves considerable time. I can't be certain, but I am relatively sure it has saved at least a couple of salaries by centralizing the information I need to properly manage the cloud environment's security.
- The recommendations form an important educational tool when used as such. I force the team to explain why they are receiving them and, in the cases, they are not followed, why they are not following and what they are doing differently.
- Microsoft Advanced Threat Analytics (discontinued)
Defender for Cloud (formerly Azure Security Center) is more holistic and inclusive. Threat analytics are a small part of it now. It fosters that holistic viewpoint across virtually all endpoints within the cloud environment. For example, firewalls, VM coverage, etc. The vectors of security problems are greatly increased with Defender for Cloud over the old Threat Analytics.
Do you think Microsoft Defender for Cloud delivers good value for the price?
Yes
Are you happy with Microsoft Defender for Cloud's feature set?
Yes
Did Microsoft Defender for Cloud live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender for Cloud go as expected?
Yes
Would you buy Microsoft Defender for Cloud again?
Yes