Microsoft Defender for Cloud vs Sysdig Falco comparison

"The features of Microsoft Defender for Cloud that I like the most are the regulatory compliance capabilities; these features have benefited my organization by improving our overall security posture."

"When we started out, our secure score was pretty low. We adopted some of the recommendations that Security Center set out and we were able to make good progress on improving it. It had been in the low thirties and is now in the upper eighties."

"Defender for Cloud is an improvement over Trend Micro, our previous solution. We like integrating our endpoints and visualizing everything in one place. It provides comprehensive coverage for endpoints, servers, and overall environmental security."

"The main feature is the security posture assessment through the security score. I find that to be very helpful because it gives us guidance on what needs to be secured and recommendations on how to secure the workloads that have been onboarded."

"The technical support is very good."

"The most valuable feature is that it's intuitive. It's very intuitive."

"I've seen benefits since implementing Microsoft Defender for Cloud. It's easy to manage for our large organization as an endpoint security solution. It integrates well with Office 365 and Windows 11, which is better than before. Patching, updates, and threat protection are all handled together now. Its AI features help predict threats."

"Microsoft Defender for Cloud is a valuable tool that integrates seamlessly with Azure Policy and our Security SIEM, simplifying implementation and enhancing security posture."

"We've had incidents with clients where high-impact CVEs were published, and I know comparisons where one client said if they didn't have Sysdig Falco in place, what took them about a day would have probably taken one or two months to resolve."

"The process of deploying Microsoft Defender for Cloud was not smooth. It was always a challenge migrating, as a lot of it involved application dependencies and what was required before being able to use Azure for those services."

"For Kubernetes, I was using Azure Kubernetes Service (AKS). To see that whatever is getting deployed into AKS goes through the correct checks and balances in terms of affinities and other similar aspects and follows all the policies, we had to use a product called Stackrox. At a granular level, the built-in policies were good for Kubernetes, but to protect our containers from a coding point of view, we had to use a few other products. For example, from a programming point of view, we were using Checkmarx for static code analysis. For CIS compliance, there are no CIS benchmarks for AKS. So, we had to use other plugins to see that the CIS benchmarks are compliant. There are CIS benchmarks for Kubernetes on AWS and GCP, but there are no CIS benchmarks for AKS. So, Azure Security Center fell short from the regulatory compliance point of view, and we had to use one more product. We ended up with two different dashboards. We had Azure Security Center, and we had Stackrox that had its own dashboard. The operations team and the security team had to look at two dashboards, and they couldn't get an integrated piece. That's a drawback of Azure Security Center. Azure Security Center should provide APIs so that we can integrate its dashboard within other enterprise dashboards, such as the PowerBI dashboard. We couldn't get through these aspects, and we ended up giving Reader security permission to too many people, which was okay to some extent, but when we had to administer the users for the Stackrox portal and Azure Security Center, it became painful."

"For improvements, I'd like to see more use cases integrated with Microsoft Sentinel and support for multi-cloud environments beyond just Azure."

"With the new Copilot functionality available everywhere, it is challenging to pinpoint areas for improvement. If I put in a lot of thought, I might identify things, but right now, nothing significant pops into my mind, but there is always room for more transparency, especially in pricing."

"However, some Copilot features aren't available in the GCP environment. This is something we hope will be addressed in the future."

"Consistency is the area where the most improvement is needed. For example, there are some areas where the UI is not uniform across the board."

"Defender could improve how data is represented. It can be unstructured or slow to load. The recent update allowing policy grouping into control groups is beneficial, but further enhancements for speed and clarity are needed."

"Microsoft Defender for Cloud can be improved because many of the functions involve multiple places to accomplish the same task, which can make it convoluted."

"One area for improvement would be having predefined security standards for measuring compliance reports."

"The licensing is straightforward but can become expensive if you cover everything. You must balance the cost against the importance of what needs covering."

"While we pay for any additional features, the pricing seems competitive, though I am not involved in the specific cost details."

"Microsoft Defender for Cloud is pricey, especially for Kubernetes clusters."

"Pricing is difficult because each license has its own metrics and cost."

"It is bundled with our enterprise subscription, which makes it easy to go for it. It is available by default, and there is no extra cost for using the standard features."

"The licensing cost per server is $15 per month."

"The product's pricing policy is generally favorable."

"Although I am outside of the discussion on budget and costing, I can say that the importance of security provided by this solution is of such importance that whatever the cost is, it is not a factor."