| ON-PREMISES |
AWS |
AZURE |
GOOGLE |
ORACLE |
IBM |
ALIBABA |
| Firewall & ACLs |
Security Groups
—
AWS Network ACLs |
Network Security Groups
(NSG) |
Cloud Armor
—
VPC Firewall
|
VCN Security Lists |
Cloud Security Groups |
NAT Gateway |
| IPS/IDS |
3rd Party Only |
3rd Party Only |
3rd Party Only |
3rd Party Only |
3rd Party Only |
Anti-Bot Service
—
Website Threat Inspector |
Web Application Firewall
(WAF) |
AWS WAF
—
AWS Firewall Manager
|
Application Gateway |
Cloud Armor |
Oracle Dyn WAF |
Cloud Internet Services |
Web Application Firewall |
SIEM &
Log Analytics |
AWS Security Hub
—
Amazon GuardDuty
|
Azure Sentinel
—
Azure Monitor
|
Stackdriver Monitoring
—
Stackdriver Logging
|
Oracle Security Monitoring and Analytics |
IBM Log Analysis
—
Cloud Activity Tracker
|
ActionTrail |
| Antimalware |
3rd Party Only |
Microsoft Antimalware
—
Azure Security Center
|
3rd Party Only |
3rd Party Only |
3rd Party Only |
Server Guard |
Data Loss Prevention
(DLP) |
Amazon Macie |
Information Protection
(AIP) |
Cloud Data Loss Prevention API |
3rd Party Only |
3rd Party Only |
Web Application Firewall |
| Key Management |
Key Management Service KMS) |
Key Vault |
Cloud Key Management Service |
Cloud Infrastructure Key Management |
Key Protect
—
Cloud Security |
Key Management Service |
| Encryption At Rest |
EBS/EFS Volume Encryption
—
S3 SSE
|
Storage Encryption for Data at Rest |
Part of Google Cloud Platform |
Cloud Infrastructure Block Volume |
Hyper Protect Crypto Services |
Object Storage Service |
| DDoS Protection |
AWS Shield |
Built-in DDoS defense |
Cloud Armor |
Built-in DDoS defense |
Cloud Internet Services |
Anti-DDoS |
| Email Protection |
3rd Party Only |
Office Advanced Threat Protection |
Various controls embeded in G-Suite |
3rd Party Only |
3rd Party Only |
3rd Party Only |
SSL Decryption
Reverse Proxy |
Application Load Balancer |
Application Gateway |
HTTPS Load Balancing |
3rd Party Only |
Cloud Load Balancer |
Server Load Balancer (SLB) |
| Endpoint Protection |
3rd Party Only |
Microsoft Defender ATP |
3rd Party Only |
3rd Party Only |
3rd Party Only |
Server Guard |
| Certificate Management |
AWS Certificate Manager |
Key Vault |
3rd Party Only |
3rd Party Only |
Certificate Manager |
Cloud SSL Certificates Service |
| Container Security |
Amazon EC2 Container Service (ECS) |
Azure Container Service (ACS) |
Kubernetes Engine |
Oracle Container Services |
Containers – Trusted Compute |
Container Registry |
| Identity and Access Management |
Identity and Access Management (IAM) |
Azure Active Directory |
Cloud Identity
—
Cloud IAM
|
Oracle Cloud Infrastructure IAM |
Cloud IAM
—
App ID
|
Resource Access Management |
| Privileged Access Management (PAM) |
3rd Party Only |
Azure AD Privileged Identity Management |
3rd Party Only |
3rd Party Only |
3rd Party Only |
3rd Party Only |
| Multi-Factor Authentication |
AWS MFA (part of AWS IAM) |
Azure Active Directory |
Security Key Enforcement |
Oracle Cloud Infrastructure IAM |
App ID |
Resource Access Management |
Centralized Logging
—
Auditing |
CloudWatch
—
S3 Bucket Logging
|
Azure Audit Logs |
VPC Flow Logs
—
Access Transparency
|
Oracle Cloud Infrastructure Audit |
Log Analysis with LogDNA |
Log Service |
| Load Balancer |
Application Load Balancer
—
Classic Load Balancer
|
Azure Load Balancer |
Cloud Load Balancing
—
HTTPS Load Balancing
|
Cloud Infrastructure Load Balancing |
Cloud Load Balancer |
Server Load Balancer |
| LAN |
Virtual Private Cloud (VPC) |
Virtual Network |
Virtual Private Cloud Network |
Virtual Cloud Network (VCN) |
VLANs |
Virtual Private Cloud (VPC) |
| WAN |
Direct Connect |
ExpressRoute |
Dedicated Interconnect |
FastConnect |
Direct Link |
VPN Gateway
—
Express Connect
|
| VPN |
VPC Customer Gateway
—
AWS Transit Gateway
|
Virtual Network
—
SSTP
|
Google VPN |
Dynamic Routing
—
Gateway (DRG) |
IPSec VPN
—
Secure Gateway
|
VPN Gateway |
| Governance Risk and Compliance Monitoring |
AWS CloudTrail
—
AWS Compliance Center
|
Azure Policy |
Cloud Security Command Center |
3rd Party Only |
3rd Party Only |
ActionTrail |
| Backup and Recovery |
AWS Backup
—
Amazon S3 Glacier
|
Azure Backup
—
Azure Site Recovery
|
Object Versioning
—
Cloud Storage Nearline
|
Archive Storage |
IBM Cloud Backup |
Hybrid Backup Recovery |
| Vulnerability Assessment |
Amazon Inspector
—
AWS Trusted Advisor
|
Azure Security Center |
Cloud Security Scanner |
Security Vulnerability Assessment Service |
Cloud Security Advisor
—
Vulnerability Advisor
|
Server Guard
—
Website Threat Inspector
|
| Patch Management |
AWS Systems Manager |
Update Management |
3rd Party Only |
IBM Cloud Orchestrator |
3rd Party Only |
3rd Party Only |
| Change Management |
AWS Config |
Azure Automation (Change Tracking) |
3rd Party Only |
3rd Party Only |
3rd Party Only |
Application Configuration Management (ACM) |
