Microsoft Defender for Cloud review
October 23, 2023
Microsoft Defender for Cloud review
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Defender for Cloud
Defender for Cloud is being used as a tool on one side to give insights in the security posture (CSPM) of all the workloads, have inventory of all resource, be able to query very quickly for specific resources and the specifics of those. On the other hand it is used a protection tool (CWPP) to protect the workloads in the Azure platform. It is capable to detect malicious behavior on the resources that are protected and actively alert on that.
- The integration with Azure workloads is very good and easy to configure
- It gives good insights in the security posture, compliancy, and active threats on a broad scale
- It even integrates as a CSPM in multi-cloud scenarios (GWC/AWS)
- The licensing structure could be better by providing possibilities for partial deployment in a subscription
- The information in the dashboards are sometimes scattered, there should be a better overall view
- Some parts of Defender for Cloud are expensive, some features should be moved to the standard capabilities of Azure
- It creates a great insight in all assets that are available
- The CSPM makes sure that certain risk that might have been missed are addressed
- Being able to query across the data gives great insights in threats and possible vulernabilties for CVEs
At this moment it is a single-cloud , cloud-only platform. Azure is the main platform for all our workloads, we protect this with all the Defender products, including Defender for Cloud. All alerts an incidents are forwarded to Sentinel for security monitoring.
The environment consists of multiple subscriptions, ranging from dev/test to acceptance, production and customer facing subscriptions
The environment consists of multiple subscriptions, ranging from dev/test to acceptance, production and customer facing subscriptions
The CSPM feature really lowers the number of alerts and incidents in Sentinel. Often misconfigurations make that certain incidents will happen and have to looked in to. Now we look at the posture beforehand and try to mitigate a risk before an incident will happne. We do not have exact numbers, but a bad configured azure portal can create quite some noise in the SOC, we can easily lower the number of incidents by 10%
Yes, Defender for Cloud does do this for us. We now have a vulnerability scanner for example that would otherwise be a 3rd party solution. Things like asset management and attack surface management can now be done from one tool. I do not know what exactly the licensing costs will save us .. but we incorpate 4-5 tools in a single solution now (cloud asset management, vulnerability scanner, security posture, workload protection and ci/cd protection)
Do you think Microsoft Defender for Cloud delivers good value for the price?
Yes
Are you happy with Microsoft Defender for Cloud's feature set?
Yes
Did Microsoft Defender for Cloud live up to sales and marketing promises?
Yes
Did implementation of Microsoft Defender for Cloud go as expected?
Yes
Would you buy Microsoft Defender for Cloud again?
Yes