Item: Microsoft Defender for Cloud
Rating: 8
Author: Verified User

Overall Satisfaction with Microsoft Defender for Cloud

Use Cases and Deployment Scope

Defender for Cloud is being used as a tool on one side to give insights in the security posture (CSPM) of all the workloads, have inventory of all resource, be able to query very quickly for specific resources and the specifics of those. On the other hand it is used a protection tool (CWPP) to protect the workloads in the Azure platform. It is capable to detect malicious behavior on the resources that are protected and actively alert on that.

Pros and Cons

Pros

The integration with Azure workloads is very good and easy to configure
It gives good insights in the security posture, compliancy, and active threats on a broad scale
It even integrates as a CSPM in multi-cloud scenarios (GWC/AWS)

Cons

The licensing structure could be better by providing possibilities for partial deployment in a subscription
The information in the dashboards are sometimes scattered, there should be a better overall view
Some parts of Defender for Cloud are expensive, some features should be moved to the standard capabilities of Azure

Return on Investment

It creates a great insight in all assets that are available
The CSPM makes sure that certain risk that might have been missed are addressed
Being able to query across the data gives great insights in threats and possible vulernabilties for CVEs

Environment Setup

At this moment it is a single-cloud , cloud-only platform. Azure is the main platform for all our workloads, we protect this with all the Defender products, including Defender for Cloud. All alerts an incidents are forwarded to Sentinel for security monitoring. The environment consists of multiple subscriptions, ranging from dev/test to acceptance, production and customer facing subscriptions

Threat Reduction

The CSPM feature really lowers the number of alerts and incidents in Sentinel. Often misconfigurations make that certain incidents will happen and have to looked in to. Now we look at the posture beforehand and try to mitigate a risk before an incident will happne. We do not have exact numbers, but a bad configured azure portal can create quite some noise in the SOC, we can easily lower the number of incidents by 10%

Infrastructure Savings

Yes, Defender for Cloud does do this for us. We now have a vulnerability scanner for example that would otherwise be a 3rd party solution. Things like asset management and attack surface management can now be done from one tool. I do not know what exactly the licensing costs will save us .. but we incorpate 4-5 tools in a single solution now (cloud asset management, vulnerability scanner, security posture, workload protection and ci/cd protection)

Alternatives Considered

Defender has the benefit of all the integration, included licensing for defender for server and being able to start small and grow.

Wiz licensing was too expensive, lacking features like an EDR making it a less favorable solution

Key Insights

Do you think Microsoft Defender for Cloud delivers good value for the price?

Yes

Are you happy with Microsoft Defender for Cloud's feature set?

Yes

Did Microsoft Defender for Cloud live up to sales and marketing promises?

Yes

Did implementation of Microsoft Defender for Cloud go as expected?

Yes

Would you buy Microsoft Defender for Cloud again?

Yes

Other Software Used

Microsoft Defender for Cloud Apps, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Azure

Likelihood to Recommend

When using a medium to large Azure platform it can be hard to stay in control of the configuration and security posture of all the workloads. Especially when they are developed and maintained by different teams. Defender for Cloud is a great tool to get back in control by getting a clear view of all deployed assests, what the posture is and what policies are applied to them. This way you get a better view of the current health of the environment and if any deviations have occurred. Altough it can be used in a multi-cloud scenario it is pretty limited to a CSPM point of view only

Using Microsoft Defender for Cloud

Users and Roles

10 - security staff that will monitor and act upon incidents
platform management that will perform the configuration and installation task
compliancy staff who will monitor and configure the compliancy related items. Often the tasks will blend a little between the three defined roles

Support Headcount Required

2 - the security consultant / architect will mostly oversee the functionality and capabilities of the defender for cloud solution.

They are security focussed, but know what the platform does, how it works and what de desired configuration should be. They have and understanding of the Azure platform, both from an infrastructural as a security perspective

Business Processes Supported

Security posture monitoring
Cloud workload protection
EDR deployment

Innovative Uses

cloud asset management > cmdb
Darktrace enrichment

Future Planned Uses

DevSecOps > Github
Integration with EASM

Likelihood to Renew

It is a great product that integrates nicely when running an Azure platform and even multi-cloud environment. Not looking for point-solutions but a suite that answers most requirements.

It is very comfortable being able to use KQL, workbooks and automation that is native to the azure platform

Comments

Please log in to join the conversation

Microsoft Defender for Cloud review