We performed a comparison between Microsoft Defender for Cloud and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Cloud Workload Protection Platforms (CWPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Most importantly, it's an integrated solution. We not only have Defender for Cloud, but we also have Defender for Endpoint, Defender for Office 365, and Defender for Identity. It's an integrated, holistic solution."
"This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot."
"Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription."
"The product has given us more insight into potential avenues for attack paths."
"It has seamless integration with any of the services I mentioned, on Azure, such as IaaS platforms, virtual machines, applications, or databases, because it's an in-house product from Microsoft within the Azure ecosystem."
"DSPM is the most valuable feature."
"We saw improvement from a regulatory compliance perspective due to having a single dashboard."
"The solution is very easy to deploy."
"It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"The tool is stable."
"I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors."
"It's stable."
"I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform."
"No possibility to write or edit any capability."
"Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board."
"If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented."
"Another thing is that Defender for Cloud uses more resources than CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do."
"One of the main challenges that we have been facing with Azure Security Center is the cost. The costs are really a complex calculation, e.g., to calculate the monthly costs. Azure is calculating on an hourly basis for use of the resource. Because of this, we found it really complex to promote what will be our costs for the next couple of months. I think if Azure could reduce the complex calculation and come up with straightforward cost mapping that would be very useful from a product point of view."
"Sometimes it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or a special kind of product."
"Agent features need to be improved. They support agents through Azure Arc or Workbench. Sometimes, we are not able to get correct signals from the machines on which we have installed these agents. We are not able to see how many are currently reporting to Azure Security Center, and how many are currently not reporting. For example, we have 1,000 machines, and we have enrolled 1,000 OMS agents on these machines to collect the log. When I look at the status, even though at some places, it shows that it is connected, but when I actually go and check, I'm not getting any alerts from those. There are some discrepancies on the agent, and the agent features are not up to the mark."
"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."
"The deployment is a bit complex."
"Since it's an open-source tool, scalability is the main issue."
"The only challenge we faced with Wazuh was the lack of direct support."
"The computing resources are consuming and do not make sense."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"The technical support can be improved. Wazuh has some bugs that need to be fixed. It would be good if we can have automation with respect to incidence responses."
"One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs."
Microsoft Defender for Cloud is ranked 3rd in Cloud Workload Protection Platforms (CWPP) with 46 reviews while Wazuh is ranked 2nd in Log Management with 38 reviews. Microsoft Defender for Cloud is rated 8.0, while Wazuh is rated 7.4. The top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and Trend Vision One - Cloud Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and SentinelOne Singularity Complete. See our Microsoft Defender for Cloud vs. Wazuh report.
We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.