Drata vs Microsoft Defender for Cloud comparison

"Drata offers APIs for every clause so that it can integrate into various platforms."

"Drata helps eliminate evidence gathering and makes assigning different activities to different team members easier, simplifying compliance and audit processes. In Pennsylvania, we're putting in thousands of hours. Drata improves our security posture by reducing extra work, allowing us to focus on other security directives. I like the control editing and task management features the most. It's easy to use, but it's also easy for people to think they don't need security experts if they have it."

"The product is 100 percent friendly to use."

"Drata keeps adding new features, allowing us to build our entire InfoSec program within it. Adding new components and evidence for different audits is easy. Drata also integrates with various software, like ticketing systems, source code control, and cloud platforms, continuously pulling evidence from these integrations. Without a GRC tool with these integrations, we used to gather evidence from different software during audits manually. Drata has a significant impact on our security posture management. Previously, Drata had features for security posture management, primarily through integration with AWS. For example, it would scan AWS for specific security requirements, like ensuring all S3 buckets are private. It will be reported on the Drata platform if it finds a public bucket. Recently, Drata introduced a new feature that uses an infrastructure-as-code approach. This feature detects issues and provides AI-generated suggestions for fixing them. If an organization uses infrastructure-as-code solutions like Terraform, Drata will suggest changes to the Terraform code to address the issues. You can then review and apply these changes to fix the problems. This is particularly useful when dealing with many topics, as it helps automate and speed up the process of implementing fixes. However, this AI-generated code feature is part of Drata’s upsell options. The basic version of Drata offers limited capabilities compared to the advanced features available with a paid upgrade. Even without this new feature, Drata's security posture management is valuable, as it scans cloud environments for deviations from defined security baselines. Many tools offer similar capabilities, but Drata’s new feature that translates issues into actionable fixes is a notable advancement. This benefits teams with the capability and resources to use this tool effectively."

"Drata helped us publish our ISO and SOC reports, which was essential for the acquisition. The challenge now is whether Drata can scale up to meet the needs of a larger company, which already has tools like Intune to enforce laptop encryption. Drata is excellent for startups and small—to medium-sized companies but may face challenges in larger organizations with multiple environments."

"My experience with customer support was good; they were responsive, but they didn't ever get us to a solution that worked."

"The way the tool's controls are linked to the framework, specifically with SAST and HIPAA frameworks or any other frameworks, is really good."

"I would like to see more connectors and plugins with other platforms."

"The tool's most valuable feature is its support for cloud-native services like Kubernetes, containers, managed storage, and databases. Protecting these without Microsoft Defender for Cloud would be extremely challenging. For threat protection specifically, I find the signature-based detection and heuristic detection features very effective."

"The technical support is very good."

"Provides a very good view of the entire security setup of your organization."

"The most valuable features of the solution are the insights, meaning the remediation suggestions, as well as the incident alerts."

"The notification process of Microsoft Defender for Cloud has been the most valuable feature. The notification process is effortless, as it can tell me right there and then locate issues pretty fast, saving us a lot of time by not having to dig through all the warnings."

"I find Microsoft Defender for Cloud's KQL very flexible and powerful. It's really easy to search through with KQL queries to find the security breaches and incidents and to track down the breach itself."

"Defender is user-friendly and provides decent visibility into threats."

"The existing features of Drata are already extensive and costly to integrate."

"Drata has impacted our organization negatively, as it made the whole compliance process more complicated and cost me significant time."

"There is room for improvement in Drata. The core features are solid, but some new features are in a very MVP (Minimum Viable Product) stage. They work, but the user experience isn't always smooth. While the core features are well-developed compared to the market, the new features need more polish. They could benefit from more user feedback and iterations to make them more useful. Some of these new features look promising buthave flaws, so we can’t fully adopt them or justify paying extra for them now. The user interface is clean and intuitive. However, you'll need some specific knowledge if you're a security policy manager or need to set updifferent integrations."

"The thing with Drata is you cannot open multiple tabs on the same interface or the same desktop,"

"In terms of improvements, I'd suggest better marketing since the industry tends to market these tools as security experts, which isn't true."

"One of the challenges with Drata is that if you're paying for a subscription to ISO 27001, you must undergo a risk assessment. You should have access to all necessary modules on the platform to achieve your compliance posture and certification."

"The solution is quite costly."

"The product can improve in its API documentation area."

"No possibility to write or edit any capability."

"The cost is always a concern, but overall, it's not too bad because it is easy to use and pretty friendly."

"The most significant areas for improvement are in the security of our identity and endpoints and the posture of the cloud environment. Better protection for our cloud users and cloud apps is always welcome."

"There needs to be improvement in the security recommendations, particularly in attack path mapping. Sometimes, it misleads users about the real exposure of external-facing assets."

"The documentation and implementation guides could be improved."

"Another thing is that Defender for Cloud uses more resources than CrowdStrike, which my current company uses. Defender for Cloud has two or three processes running simultaneously that consume memory and processor time. I had the chance to compare that with CrowdStrike a few days ago, which was significantly less. It would be nice if Defender were a little lighter. It's a relatively large installation that consumes more resources than competitors do."

"Support needs to be highly responsive, especially in large enterprise environments."

"I've heard there might be issues with scalability for larger enterprises."

"It's one of the more expensive options, but I think it's worth the money if you can afford it."

"Drata's pricing is quite reasonable. Compared to other tools in the market, including its biggest competitor, Vanta, Drata is much cheaper. Even compared to other tools like AuditBoard, which aren’t as good, Drata’s price remains competitive."

"I remember that my company used to pay 25,000 USD to use the product...The product's cost is really high, but it is a powerful tool."

"We are using the free version of the Azure Security Center."

"This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service."

"The price of the solution is good for the features we receive and there is an additional cost for Microsoft premier support. However, some of my potential customers have found it to be expensive and have gone on to choose another solution."

"Currently, Microsoft offers only one plan at the enterprise level which is $15 per machine."

"Its pricing is a little bit high in terms of Azure Security Center, but the good thing is that we don't need to maintain and deploy it. So, while the pricing is high, it is native to Azure which is why we prefer using this tool."

"Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor."

"Azure Defender is definitely pricey, but their competitors cost about the same. For example, a Palo Alto solution is the same price per endpoint, but the ground strikes cost a bit more than Azure Defender. Still, it's pricey for a company like ours. Maybe well-established organizations can afford it, but it might be too costly for a startup."

"I am not involved much with the pricing but the bundle offering is good."