We performed a comparison between Microsoft Defender for Cloud and Sophos Cloud Optix based on real PeerSpot user reviews.
Find out in this report how the two Cloud Security Posture Management (CSPM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"The solution is very user-friendly."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"The first thing that stood out was the ease of installation and the quick value we got out of the solution."
"It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it."
"The security policy is the most valuable feature for us. We can go into the environment settings and attach any globally recognized framework like ISO or any benchmark."
"One important security feature is the incident alerts. Now, with all these cyberattacks, there are a lot of incident alerts that get triggered. It is very difficult to keep monitoring everything automatically, instead our organization is utilizing the automated use case that we get from Microsoft. That has helped bring down the manual work for a lot of things."
"The product has given us more insight into potential avenues for attack paths."
"It helps you to identify the gaps in your solution and remediate them. It produces a compliance checklist against known standards such as ISO 27001, HIPAA, iTrust, etc."
"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."
"It's quite a good product. It helps to understand the infections and issues you are facing."
"The solution's robust security posture is the most valuable feature."
"The most valuable feature for me would be the solution's endpoint protection."
"DLP is a valuable feature that we use a lot for info audits."
"The most valuable feature of Sophos Cloud Optix is the simple way to manage my devices on the network. Additionally, it is easy to navigate and has a user-friendly interface."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately."
"The only thing that needs to be improved is the number of scans per day."
"The remediation workflow within the Wiz could be improved."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"The solution's container security could be improved."
"If a customer is already using Okta as an SSO in its entire environment, they will want to continue with it. But Security Center doesn't understand that and keeps making recommendations. It would help if it let us resolve a recommendation, even if it is not implemented."
"From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR."
"The product was a bit complex to set up earlier, however, it is a bit streamlined now."
"Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured."
"Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board."
"After getting a recommendation, it takes time for the solution to refresh properly to show that the problem has been eliminated."
"The documentation and implementation guides could be improved."
"I would like to see better automation when it comes to pushing out security features to the recommendations, and better documentation on the step-by-step procedures for enabling certain features."
"The dashboard and the process for applying policies could be more intuitive. Cloud Optix isn't that difficult once you get the hang of it, but the IT folks managing this want it to be more user-friendly."
"The setup was a little bit complex."
"There are times when the devices are at maximum capacity, and it takes a while before the device is updated. For example, if the device has a virus, and it's not aligned to connect to the network, even after you've scanned the device, and cleaned out the virus, once the management clears the system to allow it back on the network it takes some time. It can be frustrating when you have your line manager or in management affected trying to access the network."
Microsoft Defender for Cloud is ranked 3rd in Cloud Security Posture Management (CSPM) with 46 reviews while Sophos Cloud Optix is ranked 25th in Cloud Security Posture Management (CSPM) with 3 reviews. Microsoft Defender for Cloud is rated 8.0, while Sophos Cloud Optix is rated 8.0. The top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". On the other hand, the top reviewer of Sophos Cloud Optix writes "DLP is a valuable feature that we use a lot for info audits". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Microsoft Defender for Endpoint and Microsoft Sentinel, whereas Sophos Cloud Optix is most compared with . See our Microsoft Defender for Cloud vs. Sophos Cloud Optix report.
See our list of best Cloud Security Posture Management (CSPM) vendors.
We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.