One of the primary reasons I cannot bring myself to switch to Defender from iThemes Security Pro or Wordfence is that they include some default protection that Defender doesn't, and I think it'd be cool if Defender did.
For example, iThemes gives you the option of adding the blacklist developed by Jim Walker (HackRepair.com), which installs an awesome list of known malicious user agents in the .htaccess (among other things - http://pastebin.com/u/hackrepair).
Both also connect to their "action networks," where IPs that are blocked for suspicious activity on a certain number of sites are automatically blocked for the entire network, to help pre-protect everyone from those agents.
Lastly, neither of them add the normal security headers, such as XSS protection, etc. I assume there's a reason (likely that they aren't appropriate for every setup) but it seems like if there was an option to turn them on or off, then we could adjust if necessary.
I'd love to see these things worked into the Defender roadmap.