We performed a comparison between AWS (AWS GuardDuty) and Microsoft Defender for Cloud based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, Microsoft Defender for Cloud comes out ahead of AWS GuardDuty. AWS GuardDuty’s initial setup and integrations are more complex. It as well has less comprehensive features and a less straightforward pricing model.
"It helps us detect brute-force attacks based on machine learning."
"The way it monitors accounts is definitely a very important feature."
"The solution will detect abnormalities in the AWS workload and alert us so that we can monitor and take action."
"The most valuable features are the single system for data collection and the alert mechanisms."
"With anomaly detection, active threat monitoring, and set correlation, GuardDuty alerts me to any unusual user behavior or traffic patterns right away, which is great for staying on top of potential security risks."
"One of the advantages of cloud services is the ability to use them on demand. There's minimal installation involved; you can check the latest offerings and make new deployments while dismantling the previous ones. This approach keeps you ahead of potential services, showcasing the agility of AWS."
"The solution is easy to use."
"It is a highly scalable solution since it is a service by AWS. Scalability-wise, I rate the solution a ten out of ten."
"The most valuable features of this solution are the remote workforce capabilities and the general experience of the remote workforce."
"The main feature is the security posture assessment through the security score. I find that to be very helpful because it gives us guidance on what needs to be secured and recommendations on how to secure the workloads that have been onboarded."
"Defender is user-friendly and provides decent visibility into threats."
"We saw improvement from a regulatory compliance perspective due to having a single dashboard."
"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."
"It is very intuitive when it comes to policy administration, alerts and notifications, and ease of setting up roles at different hierarchies. It has also been good in terms of the network technology maps. It provides a good overview, but it also depends on the complexity of your network."
"The security alerts and correlated alerts are most valuable. It correlates the logs and gives us correlated alerts, which can be fed into any security information and event management (SIEM) tool. It is an analyzed correlation tool for monitoring security. It gives us alerts when there is any kind of unauthorized access, or when there is any malfunctioning in multifactor authentication (MFA). If our Azure is connected with Azure Security Center, we get to know what types of authentication are happening in our infra."
"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."
"Cost changes. It's very expensive. If you turn on every feature, it's more than most commercial vendors. For smaller orgs, that doesn't make sense."
"For me, I would say just the presentation of findings, like the dashboards and other stuff, could be improved a bit."
"The solution's user interface could be improved because it will help users to understand multiple options."
"AWS GuardDuty sometimes shows false positives and should have better detection accuracy."
"AWS GuardDuty needs to be more customer-oriented."
"It would be great if the solution had some automation capabilities."
"Some of the pain points in Amazon GuardDuty was the cost. When compared to some of the other services, depending on how many we had to monitor, if we had a huge range of accounts, as our accounts increased, we had a cost factor that came into play. Sometimes there were issues, for example, with findings that came up, we wanted to add notes and there were issues back then where notes couldn't be entered properly. If we wanted to leave a note such as "Okay, we have assessed this and this is how we feel", or "This is a false positive", Amazon GuardDuty wasn't allowing us to do that. Even with the suppression of certain findings, there was some issue that we had faced at one time. Those were some of the pain points of the solution."
"An improvement would be to have a mobile version where remote workers can log in and monitor and fix issues."
"Agent features need to be improved. They support agents through Azure Arc or Workbench. Sometimes, we are not able to get correct signals from the machines on which we have installed these agents. We are not able to see how many are currently reporting to Azure Security Center, and how many are currently not reporting. For example, we have 1,000 machines, and we have enrolled 1,000 OMS agents on these machines to collect the log. When I look at the status, even though at some places, it shows that it is connected, but when I actually go and check, I'm not getting any alerts from those. There are some discrepancies on the agent, and the agent features are not up to the mark."
"I would like to have the ability to customize executive reporting."
"The documentation and implementation guides could be improved."
"Sometimes, it's very difficult to determine when I need Microsoft Defender for Cloud for a special resource group or certain kinds of products. That's not an issue directly with the product, though."
"The most significant areas for improvement are in the security of our identity and endpoints and the posture of the cloud environment. Better protection for our cloud users and cloud apps is always welcome."
"As an analyst, there is no way to configure or create a playbook to automate the process of flagging suspicious domains."
"From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR."
"It needs to be simplified and made more user-friendly for a non-technical person."
AWS GuardDuty is ranked 4th in Cloud Workload Protection Platforms (CWPP) with 19 reviews while Microsoft Defender for Cloud is ranked 3rd in Cloud Workload Protection Platforms (CWPP) with 46 reviews. AWS GuardDuty is rated 8.2, while Microsoft Defender for Cloud is rated 8.0. The top reviewer of AWS GuardDuty writes "A stellar threat-detection service that has helped bolster security against malicious threats". On the other hand, the top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". AWS GuardDuty is most compared with Prisma Cloud by Palo Alto Networks, CrowdStrike Falcon Cloud Security, Wiz, Check Point CloudGuard CNAPP and Lacework, whereas Microsoft Defender for Cloud is most compared with Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz, Microsoft Defender for Endpoint and Microsoft Sentinel. See our AWS GuardDuty vs. Microsoft Defender for Cloud report.
See our list of best Cloud Workload Protection Platforms (CWPP) vendors.
We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.