We performed a comparison between Microsoft Defender for Cloud and Threat Stack Cloud Security Platform based on real PeerSpot user reviews.
Find out in this report how the two Cloud Workload Protection Platforms (CWPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."PingSafe offers comprehensive security posture management."
"The most valuable feature is the ability to gain deep visibility into the workloads inside containers."
"It is fairly simple. Anybody can use it."
"It's helped free up staff time so that they can work on other projects."
"We liked the search bar in PingSafe. It is a global search. We were able to get some insights from there."
"Cloud Native Security has helped us with our risk posture and securing our agenda. It has been tremendous in terms of supporting growth."
"The mean time to detect has been reduced."
"Cloud Native Security is a tool that has good monitoring features."
"With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates."
"Defender lets you orchestrate the roll-out from a single pane. Using the Azure portal, you can roll it out over all the servers covered by the entire subscription."
"It works seamlessly on the Azure platform because it's a Microsoft app. Its setup is similar, so if you already have a Microsoft account, it just flows into it."
"The most valuable features of the solution are the insights, meaning the remediation suggestions, as well as the incident alerts."
"This is a platform as a service provided by Azure. We don't need to install or maintain Azure Security Center. It is a ready-made service available in Azure. This is one of the main things that we like. If you look at similar tools, we have to install, maintain, and update services. Whereas, Azure Security Center manages what we are using. This is a good feature that has helped us a lot."
"The vulnerability reporting is helpful. When we initially deployed Defender, it reported many more threats than we currently see. It gave us insight into areas we had not previously considered, so we knew where we needed to act."
"The entire Defender Suite is tightly coupled, integrated, and collaborative."
"It's quite a good product. It helps to understand the infections and issues you are facing."
"Every other security tool we've looked is good at containers, or at Kubernetes, is good at AWS, or at instance monitoring. But nobody is good at tying all of those things together, and that's really where Threat Stack shines."
"The most valuable feature is the SecOps because they have our back and they help us with the reports... It's like having an extension of your team. And then, it grows with you."
"We like the ability of the host security module to monitor the processes running on our servers to help us monitor activity."
"We're using it on container to see when activity involving executables happens, and that's great."
"Technical support is very helpful."
"It has been quite helpful to have the daily alerts coming to my email, as well as the Sev 1 Alerts... We just went through a SOX audit and those were pivotal."
"The rules are really great. They give us more visibility and control over what's being triggered. There's a large set of rules that come out-of-the-box. We can customize them and we can create our own rules based on the traffic patterns that we see."
"It is scalable. It deploys easily with curl and yum."
"I want PingSafe to integrate additional third-party resources. For example, PingSafe is compatible with Azure and AWS, but Azure AD isn't integrated with AWS. If PingSafe had that ability, it would enrich the data because how users interact with our AWS environment is crucial. All the identity-related features require improvement."
"One area for improvement could be the internal analysis process, specifically the guidance provided for remediation."
"There is room for improvement in the current active licensing model for PingSafe."
"We'd like to have better notifications. We'd like them to happen faster."
"With Cloud Native Security, we can't selectively enable or disable alerts based on our specific use case."
"The reporting works well, but sometimes the severity classifications are inaccurate. Sometimes, it flags an issue as high-impact, but it should be a lower severity."
"Maybe container runtime security could be improved."
"It took us a while to configure the software to work well in this type of environment, as the support documents were not always clear."
"The initial setup is not actually so complex but it feels complex because there are many add-ons. There are many options and my team needs to be aware of all of these changes happening on the backend which is a distraction."
"When you work with it, the only problem that we're struggling with is that we have 21 different subscriptions we're trying to apply security to. It's impossible to keep everything organized."
"I would suggest building a single product that addresses endpoint server protection, attack surface, and everything else in one solution. That is the main disadvantage with the product. If we are incorporating some features, we end up in a situation where this solution is for the server, and that one is for the client, or this is for identity, and that is for our application. They're not bundling it. Commercially, we can charge for different licenses, but on the implementation side, it's tough to help our end-customer understand which product they're getting."
"The solution is quite complex. A lot of the different policies that actually get applied don't pertain to every client. If you need to have something open for a client application to work, then you get dinged for having a port open or having an older version of TLS available."
"No possibility to write or edit any capability."
"Defender is occasionally unreliable. It isn't 100% efficient in terms of antivirus detection, but it isn't an issue most of the time. It's also somewhat difficult to train new security analysts to use Defender."
"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."
"It needs to be simplified and made more user-friendly for a non-technical person."
"Some features do not work as expected."
"The user interface can be a little bit clunky at times... There's a lot of information that needs to be waded through, and the UI just isn't great."
"It shoots back a lot of alerts."
"The one thing that we know they're working on, but we don't have through the tool, is the application layer. As we move to a serverless environment, with AWS Fargate or direct Lambda, that's where Threat Stack does not have the capacity to provide feed. Those are areas that it's blind to now..."
"The compliance and governance need improvement."
"The solution’s ability to consume alerts and data in third-party tools (via APIs and export into S3 buckets) is moderate. They have some work to do in that area... The API does not mimic the features of the UI as far as reporting and pulling data out go. There's a big discrepancy there."
"The reports aren't very good. We've automated the report generation via the API and replaced almost all the reports that they generate for us using API calls instead."
"The API - which has grown quite a bit, so we're still learning it and I can't say whether it still needs improvement - was an area that had been needing it."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
More Threat Stack Cloud Security Platform Pricing and Cost Advice →
Microsoft Defender for Cloud is ranked 3rd in Cloud Workload Protection Platforms (CWPP) with 46 reviews while Threat Stack Cloud Security Platform is ranked 28th in Cloud Workload Protection Platforms (CWPP). Microsoft Defender for Cloud is rated 8.0, while Threat Stack Cloud Security Platform is rated 8.2. The top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". On the other hand, the top reviewer of Threat Stack Cloud Security Platform writes "SecOps program for us, as a smaller company, is amazing; they know what to look for". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Prisma Cloud by Palo Alto Networks, Microsoft Defender XDR, Wiz and Microsoft Defender for Endpoint, whereas Threat Stack Cloud Security Platform is most compared with Darktrace, AWS GuardDuty, Palo Alto Networks URL Filtering with PAN-DB, Qualys VMDR and Check Point CloudGuard CNAPP. See our Microsoft Defender for Cloud vs. Threat Stack Cloud Security Platform report.
See our list of best Cloud Workload Protection Platforms (CWPP) vendors, best Container Security vendors, and best Cloud Security Posture Management (CSPM) vendors.
We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
