| SIEM & SOAR | Microsoft Sentinel | None native (use 3rd party) | Centralised log ingestion, threat detection, and automated response |
| Threat Detection (Cloud) | Defender for Cloud | Amazon GuardDuty | Detects anomalies, malware, risky logins, misconfigurations |
| EDR/XDR | Defender for Endpoint | Amazon Inspector + external tools | Endpoint protection and response capabilities |
| Identity & Access | Azure AD / Entra ID | IAM | User, group, and role management |
| JIT Privileged Access | PIM (Privileged Identity Mgmt) | IAM with limited customisation | Just-in-time role elevation |
| Secrets Management | Azure Key Vault | AWS KMS + Secrets Manager | Secure storage of keys, secrets, and certs |
| Governance & Compliance | Azure Policy | AWS Config + SCPs | Enforce and audit compliance with rules |
| Network Firewall | Azure Firewall | AWS Network Firewall | Stateful L3–L7 traffic inspection |
| DDoS Protection | Azure DDoS Protection (Standard) | AWS Shield & Shield Advanced | Mitigates network and app layer DDoS attacks |
| Security Posture Mgmt | Defender for Cloud | Security Hub | Security health, scoring, and dashboard |
| Compliance Frameworks | Blueprints + Policy | AWS Config + Security Hub | Enforce and monitor standards like CIS, NIST, PCI |
| Audit Logging | Log Analytics / Activity Logs | CloudTrail + CloudWatch Logs | Track API activity and operational events |
| Forensics / Investigation | Microsoft Sentinel + Azure Monitor | Amazon Detective | Investigate security incidents and context |
| Data Classification & DLP | Microsoft Purview | Macie | Discover and protect sensitive data (e.g., PII, credit card) |
| Access Monitoring | Conditional Access + AAD logs | IAM Access Analyzer + CloudTrail | Monitor access usage and anomalies |
| Security Automation | Logic Apps (SOAR) | EventBridge + Lambda + Security Hub | Automate alerts and remediations |
| Storage Security | Storage Account Firewall + SAS + TLS | S3 Bucket Policies + Encryption + TLS | Control who can access storage and how |