| ON-PREMISES | AWS | AZURE | GOOGLE | ORACLE | IBM | ALIBABA |
| Firewall & ACLs | Security Groups
—
AWS Network ACLs | Network Security Groups
—
Azure Firewall | Cloud Armor
—
VPC Firewall | VCN Security Lists | Cloud Security Groups | NAT Gateway |
| IPS/IDS | 3rd Party Only | Azure Firewall | 3rd Party Only | 3rd Party Only | 3rd Party Only | Anti-Bot Service
—
Website Threat Inspector |
Web Application Firewall
(WAF) | AWS WAF
—
AWS Firewall Manager | Application Gateway | Cloud Armor | Oracle Dyn WAF | Cloud Internet Services | Web Application Firewall |
SIEM &
Log Analytics | AWS Security Hub
—
Amazon GuardDuty | Azure Sentinel
—
Azure Monitor | Chronicle Backstory
—
Event Threat Detection | Oracle Security Monitoring and Analytics | IBM Log Analysis
—
Cloud Activity Tracker | ActionTrail |
| Antimalware | 3rd Party Only | Microsoft Antimalware
—
Azure Security Center | 3rd Party Only | 3rd Party Only | 3rd Party Only | Server Guard |
Data Loss Prevention
(DLP) | Amazon Macie | Information Protection
(AIP) | Cloud Data Loss Prevention API | 3rd Party Only | 3rd Party Only | Web Application Firewall |
File Integrity Monitoring
(FIM) | 3rd Party Only | Azure Security Center | 3rd Party Only | 3rd Party Only | 3rd Party Only | 3rd Party Only |
| Key Management | Key Management Service KMS) | Key Vault | Cloud Key Management Service | Cloud Infrastructure Key Management | Key Protect
—
Cloud Security | Key Management Service |
| Encryption At Rest | EBS/EFS Volume Encryption
—
S3 SSE | Storage Encryption for Data at Rest | Part of Google Cloud Platform | Cloud Infrastructure Block Volume | Hyper Protect Crypto Services | Object Storage Service |
| DDoS Protection | AWS Shield | Built-in DDoS defense | Cloud Armor | Built-in DDoS defense | Cloud Internet Services | Anti-DDoS |
| Email Protection | 3rd Party Only | Office Advanced Threat Protection | Various controls embeded in G-Suite | 3rd Party Only | 3rd Party Only | 3rd Party Only |
SSL Decryption
Reverse Proxy | Application Load Balancer | Application Gateway | HTTPS Load Balancing | 3rd Party Only | Cloud Load Balancer | Server Load Balancer (SLB) |
| Endpoint Protection | 3rd Party Only | Microsoft Defender ATP | 3rd Party Only | 3rd Party Only | 3rd Party Only | Server Guard |
| Certificate Management | AWS Certificate Manager | Key Vault | 3rd Party Only | 3rd Party Only | Certificate Manager | Cloud SSL Certificates Service |
| Container Security | Amazon EC2 Container Service (ECS) | Azure Container Service (ACS) | Kubernetes Engine | Oracle Container Services | Containers – Trusted Compute | Container Registry |
| Identity and Access Management | Identity and Access Management (IAM) | Azure Active Directory | Cloud Identity
—
Cloud IAM | Oracle Cloud Infrastructure IAM | Cloud IAM
—
App ID | Resource Access Management |
| Privileged Access Management (PAM) | 3rd Party Only | Azure AD Privileged Identity Management | 3rd Party Only | 3rd Party Only | 3rd Party Only | 3rd Party Only |
| Multi-Factor Authentication | AWS MFA (part of AWS IAM) | Azure Active Directory | Security Key Enforcement | Oracle Cloud Infrastructure IAM | App ID | Resource Access Management |
Centralized Logging
—
Auditing | CloudWatch
—
S3 Bucket Logging | Azure Audit Logs | Stackdriver Logging
—
Access Transparency | Oracle Cloud Infrastructure Audit | Log Analysis with LogDNA | Log Service |
| Load Balancer | Application Load Balancer
—
Classic Load Balancer | Azure Load Balancer | Cloud Load Balancing
—
HTTPS Load Balancing | Cloud Infrastructure Load Balancing | Cloud Load Balancer | Server Load Balancer |
| LAN | Virtual Private Cloud (VPC) | Virtual Network | Virtual Private Cloud Network | Virtual Cloud Network (VCN) | VLANs | Virtual Private Cloud (VPC) |
| WAN | Direct Connect | ExpressRoute | Dedicated Interconnect | FastConnect | Direct Link | VPN Gateway
—
Express Connect |
| VPN | VPC Customer Gateway
—
AWS Transit Gateway | Virtual Network
—
SSTP | Google VPN | Dynamic Routing
—
Gateway (DRG) | IPSec VPN
—
Secure Gateway | VPN Gateway |
| Governance Risk and Compliance Monitoring | AWS Security Hub
—
AWS Compliance Center | Azure Security Center
—
Azure Policy | Cloud Security Command Center | 3rd Party Only | 3rd Party Only | ActionTrail |
| Backup and Recovery | AWS Backup
—
Amazon S3 Glacier | Azure Backup
—
Azure Site Recovery | Object Versioning
—
Cloud Storage Nearline | Archive Storage | IBM Cloud Backup | Hybrid Backup Recovery |
| Vulnerability Assessment | Amazon Inspector
—
AWS Trusted Advisor | Azure Security Center | Cloud Security Scanner | Security Vulnerability Assessment Service | Cloud Security Advisor
—
Vulnerability Advisor | Server Guard
—
Website Threat Inspector |
| Patch Management | AWS Systems Manager | Azure Security Center
—
Update Management | 3rd Party Only | IBM Cloud Orchestrator | 3rd Party Only | 3rd Party Only |
| Change Management | AWS Config | Azure Automation (Change Tracking) | 3rd Party Only | 3rd Party Only | 3rd Party Only | Application Configuration Management (ACM) |
