When comparing Microsoft and Palo Alto Networks in the context of Cloud Security Posture Management (CSPM), it's important to consider the strengths and focus areas of each vendor's offerings. Microsoft Defender for Cloud and Palo Alto's Prisma Cloud designed for managing cloud security risks, ensuring compliance, and automating governance across cloud environments.
Defender provides a unified security management system that strengthens the security posture of your data centers, and it is particularly well-integrated with Azure services, although it also supports multi-cloud environments to an extent. Defender receives positive feedback for its threat protection, seamless integration with Microsoft tools, and reasonable pricing options. Prisma Cloud is a comprehensive cloud-native security platform that integrates security across the full development lifecycle and cloud environments, including AWS, Google Cloud, and Azure. The solution is commended for its robust security features, and comprehensive compliance capabilities.
The summary above is based on 134 interviews we conducted recently with Palo Alto Networks and Microsoft Defender users. To access the review's full transcripts, download our report.
"Cloud Native Security is a tool that has good monitoring features."
"PingSafe offers three key features: vulnerability management notifications, cloud configuration assistance, and security scanning."
"The solution is a good alerting tool."
"The most valuable features of PingSafe are the asset inventory and issue indexing."
"My favorite feature is Storyline."
"We really appreciate the Slack integration. When we have an incident, we get an instant notification. We also use Joe Sandbox, which Singularity can integrate with, so we can verify if a threat is legitimate."
"The offensive security feature is valuable because it publicly detects the offensive and vulnerable things present in our domain or applications. It checks any applications with public access. Some of the applications give public access to certain files or are present over a particular domain. It detects and lets us know with evidence. That is quite good. It is protecting our infrastructure quite well."
"We like PingSafe's vulnerability assessment and management features, and its vulnerability databases."
"It takes very little effort to integrate it. It also gives very good visibility into what exactly is happening."
"Good compliance policies."
"The solution is very easy to deploy."
"The product has given us more insight into potential avenues for attack paths."
"The most valuable features are ransomware protection and access controls. The solution has helped us secure some folders on our systems from unauthorized modifications."
"The dashboard is very good. It gives our clients a lot of information and allows them to have a complete overview of the system. Everything is visible in one glance."
"It has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem."
"The entire Defender Suite is tightly coupled, integrated, and collaborative."
"The CSPM and CWPP functionalities are pretty good."
"I've been really pleasantly surprised with how Prisma Cloud is, over time, covering more and more of the topics I care about, and listening to customer feedback and growing the product in the right directions."
"Visibility is a key feature. Integration with other technologies across the board, whether they are Palo Alto technologies, Windows technologies, or cloud technologies, is probably the biggest thing."
"Prisma Cloud's inventory reporting is pretty good."
"The visibility on alerts helps you investigate more easily and see details faster."
"The two most valuable features are container security and the capability to discover workloads."
"As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having."
"This solution helped us by allowing us to schedule and fix things. This is not an easy thing if you're managing 1,000 plus resources."
"The cost has the potential for improvement."
"With Cloud Native Security, we can't selectively enable or disable alerts based on our specific use case."
"The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint."
"We'd like to have better notifications. We'd like them to happen faster."
"We recently adopted a new ticket management solution, so we've asked them to include a connector to integrate that tool with Cloud Native Security directly. We'd also like to see Cloud Native Security add a scan for personally identifying information. We're looking at other tools for this capability, but having that functionality built into Cloud Native Security would be nice. Monitoring PII data is critical to us as an organization."
"One of the issues with the product stems from the fact that it clubs different resources under one ticket."
"PingSafe can be improved by developing a comprehensive set of features that allow for automated workflows."
"I would like PingSafe's detections to be openly available online instead of only accessible through their portal. Other tools have detections that are openly available without going through the tool."
"The solution could extend its capabilities to other cloud providers. Right now, if you want to monitor a virtual machine on another cloud, you can do that. However, this cannot be done with other cloud platform services. I hope once that is available then Defender for Cloud will be a unified solution for all cloud platform services."
"The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions."
"I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting."
"The documentation and implementation guides could be improved."
"Pricing could be improved. There are limited options based on pricing for the government."
"Sometimes, it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or certain kinds of products. That's not an issue directly with the product, though."
"I would like to see better automation when it comes to pushing out security features to the recommendations, and better documentation on the step-by-step procedures for enabling certain features."
"Azure is a complex solution. You have so many moving parts."
"The UI could use some improvement; we usually find the information we're looking for, but what fields can be clicked on and what workflow to follow to get the required information is not always evident. Sometimes we're all over the place, clicking around to drill in and uncover the alert and investigation details we're looking for."
"The integration of the Compute function into the cloud monitoring function—because those are two different tools that are being combined together—could use some more work. It still feels a little bit disjointed."
"It's not really on par with, or catering to, what other products are looking at in terms of SAST and DAST capabilities. For those, you'd probably go to the market and look at something like Veracode or WhiteHat."
"We face some GUI issues related to new permissions for AWS. So far, we don't have any automation to complete them through the GUI. We have to manually update the permissions. Our customers have faced some issues with that."
"The challenge that Palo Alto and Prisma have is that, at times, the instructions in an event are a little bit dated and they're not usable. That doesn't apply to all the instructions, but there are times where, for example, the Microsoft or the Amazon side has made some changes and Palo Alto or Prisma was not aware of them. So as we try to remediate an alert in such a case, the instructions absolutely do not work. Then we open up a ticket and they'll reply, "Oh yeah, the API for so-and-so vendor changed and we'll have to work with them on that." That area could be done a little better."
"Prisma Cloud lags behind in terms of security automation capabilities."
"The user interface should be improved and made easier."
"Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Microsoft Defender for Cloud is ranked 3rd in Cloud Security Posture Management (CSPM) with 46 reviews while Prisma Cloud by Palo Alto Networks is ranked 1st in Cloud Security Posture Management (CSPM) with 82 reviews. Microsoft Defender for Cloud is rated 8.0, while Prisma Cloud by Palo Alto Networks is rated 8.4. The top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". On the other hand, the top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Microsoft Defender XDR, Wiz, Microsoft Defender for Endpoint and Azure Firewall, whereas Prisma Cloud by Palo Alto Networks is most compared with Wiz, Aqua Cloud Security Platform, AWS Security Hub, CrowdStrike Falcon Cloud Security and AWS GuardDuty. See our Microsoft Defender for Cloud vs. Prisma Cloud by Palo Alto Networks report.
See our list of best Cloud Security Posture Management (CSPM) vendors, best Container Security vendors, and best Cloud Workload Protection Platforms (CWPP) vendors.
We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
