We performed a comparison between AWS (AWS GuardDuty) and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender for Cloud comes out ahead of AWS GuardDuty. AWS GuardDuty’s initial setup and integrations are more complex. It as well has less comprehensive features and a less straightforward pricing model.
"The most valuable features of PingSafe are the asset inventory and issue indexing."
"The mean time to detect has been reduced."
"Cloud Native Security offers a valuable tool called an offensive search engine."
"Cloud Native Security has helped us with our risk posture and securing our agenda. It has been tremendous in terms of supporting growth."
"PingSafe offers three key features: vulnerability management notifications, cloud configuration assistance, and security scanning."
"PingSafe can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub."
"The management console is the most valuable feature."
"PingSafe's graph explorer is a valuable tool that lets us visualize all connected services."
"The way it monitors accounts is definitely a very important feature."
"The solution provides AWS GuardDuty S3 protection, EKS runtime protection, and malware protection."
"One of the advantages of cloud services is the ability to use them on demand. There's minimal installation involved; you can check the latest offerings and make new deployments while dismantling the previous ones. This approach keeps you ahead of potential services, showcasing the agility of AWS."
"What I like most about Amazon GuardDuty is that you can monitor your AWS accounts across, but you don't have to pay the additional cost. You can get all your CloudTrail VPC flow logs and DNS logs all in one, and then you get the monitoring with that. A lot of times, if you had a separate tool on-premise, you would have to set up your DNS logs, so usually, Amazon GuardDuty helps with all your additional networking requirements, so I utilize it for continuous monitoring because you can't detect anything if you're not monitoring, and the solution fills that gap. If you don't do anything else first, you can deploy your firewall, and then you've got your Route 53 DNS and DNSSEC, but then Amazon GuardDuty fills that, and then you have audit requirements in AU that says, "Hey, what are your additional logs?", so you can just say, "Hey, we utilize Amazon GuardDuty." You're getting your CloudTrail, your VPC flow logs, and all your DNS logs, and those are your additional logs right there, so the solution meets a lot of requirements. Now, everything comes with a cost, but I also like that the solution also provides threat response and remediation. It's a pretty good product. I've just used it more for log analysis and that's where the value is at, the niche value. Once you do threat detection, it goes into a lot of other integrations you need to implement, so threat detection is only good as the integration, as the user that knows the tools itself, and the architecture and how it's all set up and the rules that you set within that."
"We use the tool for threat detection. AWS includes AI features as well. AWS GuardDuty gives us reports."
"Deployment is great, and we didn't face any big challenges."
"With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavior or traffic patterns right away, which is great for staying on top of potential security risks."
"It is a highly scalable solution since it is a service by AWS. Scalability-wise, I rate the solution a ten out of ten."
"It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it."
"The solution's robust security posture is the most valuable feature."
"The technical support is very good."
"This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot."
"Defender is user-friendly and provides decent visibility into threats."
"Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription."
"The dashboard is very good. It gives our clients a lot of information and allows them to have a complete overview of the system. Everything is visible in one glance."
"Threat protection is comprehensive and simple."
"We can customize security policies but lack auditing capabilities."
"The main area for improvement I want to see is for the platform to become less resource-intensive. Right now, it can slow down processes on the machine, and it would be a massive improvement if it were more lightweight than it currently is."
"There's room for improvement in the graphic explorer."
"Their search feature could be better."
"The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint."
"I would like PingSafe's detections to be openly available online instead of only accessible through their portal. Other tools have detections that are openly available without going through the tool."
"PingSafe takes four to five hours to detect and highlight an issue, and that time should be reduced."
"They need more experienced support personnel."
"I work in a bank, and it would be good if AWS GuardDuty could be integrated with other monitoring and detection tools we use."
"Amazon GuardDuty could be better enriched in threat intelligence data."
"AWS GuardDuty needs to be more customer-oriented."
"It is evolving, and at the moment, I will just need it on a larger scale. Then, it will satisfy my demand, initially."
"The product needs to improve its cost-efficiency since it is expensive."
"For the next release, they could provide IPS features as well."
"Because it's a threat detection service, they need to keep up with the various threat factors because new threat factors and attack factors come up all the time."
"An improvement would be to have a mobile version where remote workers can log in and monitor and fix issues."
"Azure's system could be more on point like AWS support. For example, if I have an issue with AWS, I create a support ticket, then I get a call or a message. With Azure support, you raise a ticket, and somebody calls back depending on their availability and the priority, which might not align with your business priority."
"There is no perfect product in the world and there are always features that can be added."
"I felt that there was disconnection in terms of understanding the UI. The communication for moving from the old UI to the new UI could be improved. It was a bit awkward."
"As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains."
"Azure is a complex solution. You have so many moving parts."
"The product must improve its UI."
"The solution's portal is very easy to use, but there's one key component that is missing when it comes to managing policies. For example, if I've onboarded my server and I need to specify antivirus policies, there's no option to do that on the portal. I will have to go to Intune to deploy them. That is one main aspect that is missing and it's worrisome."
"One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
AWS GuardDuty is ranked 4th in Cloud Workload Protection Platforms (CWPP) with 20 reviews while Microsoft Defender for Cloud is ranked 3rd in Cloud Workload Protection Platforms (CWPP) with 46 reviews. AWS GuardDuty is rated 8.2, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of AWS GuardDuty writes "A stellar threat-detection service that has helped bolster security against malicious threats". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". AWS GuardDuty is most compared with Prisma Cloud by Palo Alto Networks, CrowdStrike Falcon Cloud Security, Wiz, Check Point CloudGuard CNAPP and Akamai Guardicore Segmentation, whereas Microsoft Defender for Cloud is most compared with Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz, Microsoft Defender for Endpoint and Azure Firewall. See our AWS GuardDuty vs. Microsoft Defender for Cloud report.
See our list of best Cloud Workload Protection Platforms (CWPP) vendors.
We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
