A Defender of your cloud environment that rarely lets you down!
Updated June 06, 2024

A Defender of your cloud environment that rarely lets you down!

Yash Mudaliar | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Microsoft Defender for Cloud

The only term that answers all the three questions above is assessing the security posture of a cloud environment. A typical cloud environment can have a wide variety of resources which needs to go through an assessment process to make sure that the configurations of the resources are well tuned to be not vulnerable and weak enough for a cyberattack. Microsoft Defender for Cloud (MDC) makes our job easier by automating this task and generating security recommendations. It excels further by providing the associated remediations and impacts for the security recommendations.

Pros

  • The CSPM functionality and feature of MDC provides thorough recommendations along with their remediation steps. Some recommendations also have a 'Quick Fix' functionality that makes it a one-click fix for the resource.
  • The easy to use and intuitive UI of MDC is another that sets it apart from other CSPMs. It is not only the case for Azure based resources but also for AWS resources as well.
  • The wide array of Cloud Workload Protection Plan features provides a variety of preventative features with an exceptionally detailed logging mechanism.
  • The 'Attack Path Analysis' makes it very easy to find possible attack paths and vulnerable resources within the environment.

Cons

  • 'Regulatory Compliance' is definitely an area of improvement for MDC. The complex and high number of controls within a specific framework should allow a more helpful and detailed guidelines in order to tackle them.
  • The limitation of options in the incident management menu of MDC has proven to be a hassle while managing security alerts. For example, an analyst cannot even provide a comment about the actions taken on an incident.
  • There is a missing functionality of connecting other EDR or XDR solutions to MDC which I think should be there for a CSPM tool.
  • Thye most positive impact is that due to the recurring nature of security recommendations in MDC, organizations are now encouraged to do a more frequent security review of their environment which used to be yearly or quarterly earlier.
  • The detailed categorization of the vulnerabilities and alerts provides organizations with more context and objectives to do a security-based investment.
  • When going for all the MDC plans most organizations have seen a surge on their expenditures which has been a very negative impact.
We do have an on-premises presence with a few servers especially a DC with a firewall appliance in place. When it comes to cloud, we are only on Azure but with a wide variety of IaaS and PaaS resources including but not limited to VMs, API Management instances, WAFs, SQL and non-SQL DBs, Storage accounts etc.
Yes, it has. The number of security alerts are directly proportional to the number of insecure configurations of resources within the environment. By flagging those misconfigurations in great detail along with the required remediation steps, we were able to make our resources more secure and less prone to cyberattacks as before. Wildly speaking, we were able to cut down almost 40% security alerts in the past 6 months.
MDC has helped us in 3 specific category of tools - CSPM, CWPP and incident management platform. If not for MDC, we would have to acquire these products separately from different vendors giving us an economical and operational overhead. Not to forget, we are also utilizing it as an DevOps security tool replacing an IaC tool. If I were to make an assumption, it is nearly saving us about approximately 15000$/year.

Do you think Microsoft Defender for Cloud delivers good value for the price?

Yes

Are you happy with Microsoft Defender for Cloud's feature set?

Yes

Did Microsoft Defender for Cloud live up to sales and marketing promises?

Yes

Did implementation of Microsoft Defender for Cloud go as expected?

Yes

Would you buy Microsoft Defender for Cloud again?

Yes

MDC is specifically most useful if a client has an Azure presence either in hybrid or cloud only mode. Being a Microsoft native product, it leverages the unified integration of the agent with the cloud resources providing an excellent depth of details in the logs. MDC also proves to be very economical in this specific scenario when compared to other vendors like Prisma or CrowdStrike.

MDC is less likely to be of use if it the client needs a preventative solution or a HIPS solution. Even the CWPP offering in MDC is more of an auditing feature that notifies the security admin of an unusual activity but will not be able to prevent it from happening.

Using Microsoft Defender for Cloud

9999 - The people who use the Defender for Cloud portal are usually from the below teams or business units:
Infrastructure and Security
IT Administration
Regulatory Compliance
Customer Service and Support

There are also teams that uses the portal to create proof of concepts for on-boarding, migration or simply consultation projects for various clients.
999 - There will be a dedicated 'Customer Service & Support' (CSS) team to provide support and troubleshooting assistance for any technical or non - technical issues related to Microsoft Defender for Cloud. These people have skills ranging from agent management, vulnerability assessment, incident management, event analysis, and governance management to name a few.
  • Most important use case will be to conduct preliminary compliance audits against a variety of compliance standards in an automated fashion for the various cloud resources.
  • Another one will be to get to know the vulnerabilities across the critical asses across the organization to remediate or at least prevent them from being exploited.
  • Improve the security of servers with the advanced workload protection features like file integrity monitoring, adaptive application control and just in time access.
  • Conduct weekly and monthly security assessments for organizations to assess their cloud security posture over time.
  • We have been able to leverage Defender for Cloud as an effective security reporting tool for the various cloud workloads using Azure Resource Graph queries.
  • We have been able to leverage Defender for Cloud as a reliable security monitoring tool using the governance and recommendations feature.
  • We have been able to leverage Defender for Cloud as a reliable code integrity testing tool for our Infrastructure as Code repositories.
  • A part time vulnerability assessment tool
  • A tool for hardening container security
  • A tool to analyze and implement entitlement management across the cloud infrastructure
Defender for Cloud has been acceptable in terms of producing reliable security recommendations for crucial resources like SQL servers, databases, on-prem servers, containers, storage accounts etc. using which we have been able to maintain a good security hygiene as well as be informed about the vulnerabilities and security misconfigurations across these resources.

Comments

More Reviews of Microsoft Defender for Cloud

  1. Home
  2. Cloud-Native Application Protection Platforms
  3. Microsoft Defender for Cloud Reviews
  4. User Review of Microsoft Defender for Cloud