When comparing Microsoft and Palo Alto Networks in the context of Cloud Security Posture Management (CSPM), it's important to consider the strengths and focus areas of each vendor's offerings. Microsoft Defender for Cloud and Palo Alto's Prisma Cloud designed for managing cloud security risks, ensuring compliance, and automating governance across cloud environments.
Defender provides a unified security management system that strengthens the security posture of your data centers, and it is particularly well-integrated with Azure services, although it also supports multi-cloud environments to an extent. Defender receives positive feedback for its threat protection, seamless integration with Microsoft tools, and reasonable pricing options. Prisma Cloud is a comprehensive cloud-native security platform that integrates security across the full development lifecycle and cloud environments, including AWS, Google Cloud, and Azure. The solution is commended for its robust security features, and comprehensive compliance capabilities.
The summary above is based on 134 interviews we conducted recently with Palo Alto Networks and Microsoft Defender users. To access the review's full transcripts, download our report.
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"The solution is very user-friendly."
"The security baseline and vulnerability assessments is the valuable feature."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"Good compliance policies."
"Microsoft Defender has a lot of features including regulatory compliance and attaching workbooks but the most valuable is the recommendations it provides for each and every resource when we open Microsoft Defender."
"The solution is very easy to deploy."
"The most valuable feature is that it's intuitive. It's very intuitive."
"The dashboard is very good. It gives our clients a lot of information and allows them to have a complete overview of the system. Everything is visible in one glance."
"The first valuable feature was the fact that it gave us a list of everything that users were surfing on the web. Having the list, we could make decisions about those sites."
"The most valuable features of this solution are the vulnerability assessments and the glossary of compliance."
"Most importantly, it's an integrated solution. We not only have Defender for Cloud, but we also have Defender for Endpoint, Defender for Office 365, and Defender for Identity. It's an integrated, holistic solution."
"I find the CSPM area to be a more valuable and flexible feature."
"Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them."
"The first aspect that is important is the fact that Prisma Cloud is cloud-agnostic. It's actually available for the five top cloud providers: AWS, GCP, Azure, Oracle, and Alibaba Cloud. The second aspect is the fact that we can write our own rules to try to detect misconfigurations in those environments."
"The client wasn't using all of the features, but the one that stood out was infrastructure-as-code (IaC). I built IaC use cases and was trying to get them to use it. I also liked cloud workload protection. I worked with the vulnerability management team to develop a process. It's a manual process, so it can be challenging to remediate many image or container issues. It was nice that we could build out a reporting process and download the reports. The reports are solid."
"The most valuable feature is its cloud security posture management."
"It has helped us understand the dynamic topology of our containers, and manage security through the application of policies that our pipelines apply straight from Git."
"Prisma Cloud has enabled us to take a very strong preventive approach to cloud security. One of the hardest things with cloud is getting visibility into workloads. With Prisma Cloud, you can go in and get that visibility, then set up policies to alert on risky behavior, e.g., if there are security groups or firewall ports open up. So, it is very helpful in preventing configuration errors in the cloud by having visibility. If there are issues, then you can find them and fix them."
"I was looking for a vulnerability scanner and I was looking for one place in which I could find everything. This tool not only does vulnerability scanning, but it also gives me an asset management tool."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"The solution's container security could be improved."
"We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"The remediation workflow within the Wiz could be improved."
"The only thing that needs to be improved is the number of scans per day."
"Defender is occasionally unreliable. It isn't 100% efficient in terms of antivirus detection, but it isn't an issue most of the time. It's also somewhat difficult to train new security analysts to use Defender."
"The product was a bit complex to set up earlier, however, it is a bit streamlined now."
"Customizing some of the compliance requirements based on individual needs seems like the biggest area of improvement. There should be an option to turn specific controls on and off based on how your solution is configured."
"Another thing that could be improved was that they could recommend processes on how to react to alerts, or recommend best practices based on how other organizations do things if they receive an alert about XYZ."
"The solution could improve by being more intuitive and easier to use requiring less technical knowledge."
"Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board."
"Microsoft can improve the pricing by offering a plan that is more cost-effective for small and medium organizations."
"We would like to have better transparency as to how the security score is calculated because as it is now, it is difficult to understand."
"This solution is more AWS and Azure-centric. It needs to be more specific on the GCP side, which they are working on."
"The regional cost of Prisma Cloud in South Africa is high and could be improved."
"We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert."
"When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in flushing out each of those feature sets."
"For some custom policies, we need more features."
"The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories."
"The innovation side of the solution could be more efficient and more detailed."
"The UI could be improved."
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Microsoft Defender for Cloud is ranked 3rd in Container Security with 46 reviews while Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 83 reviews. Microsoft Defender for Cloud is rated 8.0, while Prisma Cloud by Palo Alto Networks is rated 8.4. The top reviewer of Microsoft Defender for Cloud writes "Provides multi-cloud capability, is plug-and-play, and improves our security posture". On the other hand, the top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". Microsoft Defender for Cloud is most compared with AWS GuardDuty, Microsoft Defender XDR, Microsoft Defender for Endpoint, Microsoft Sentinel and Azure Firewall, whereas Prisma Cloud by Palo Alto Networks is most compared with Aqua Cloud Security Platform, AWS Security Hub, CrowdStrike Falcon Cloud Security, AWS GuardDuty and Check Point CloudGuard CNAPP. See our Microsoft Defender for Cloud vs. Prisma Cloud by Palo Alto Networks report.
See our list of best Container Security vendors, best Cloud Workload Protection Platforms (CWPP) vendors, and best Cloud-Native Application Protection Platforms (CNAPP) vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.