AWS Security Hub Reviews

My primary use case involves implementing AWS Security Hub as part of my role. We use AWS Security Hub for integrating daily security operations, as all our workloads run on AWS. 

We utilize AWS Security Hub to track security scores, check critical checks, and identify high-impact checks so that corrective actions can be taken.

AWS provides various recommendations for cost-cutting measures and optimal utilization of services. These recommendations aid in managing costs and improving efficiency across Security Hub usage.

One of the most effective features of AWS Security Hub is the easy access to a dashboard with a ready-to-use security score. 

This includes details of failed checks, critical checks, and high-impact checks, allowing for a focus on areas needing corrective actions.

AWS Security Hub could improve its guidance links to resolve findings related to multiple resources. The implementation of more guidance links could enhance issue resolution. 

Additionally, shortening the response time for support tickets, particularly in production issues, could make the service more efficient.

I have been using AWS Security Hub for almost two years.

The stability of AWS Security Hub is commendable. I haven't faced any difficulties with stability.

The scalability of AWS Security Hub is good. I would rate it an eight out of ten.

Customer service from AWS is a seven out of ten. There is room for improvement, especially with email responses, as they can sometimes take time.

Neutral

The initial setup of AWS Security Hub was straightforward, and I felt comfortable operating it.

AWS provides recommendations for reducing costs and the optimal utilization of resources, which leads to cost savings.

To comment on the pricing mechanism, I would require a comparison with multiple products. Currently, I'm not in the position to provide a comparative analysis.

I would recommend AWS Security Hub to others because it is easy to integrate and proceed with operations.

I'd rate the solution eight out of ten.

We use AWS Security Hub for cloud security posture management and automated remediation.

The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud. We can integrate the findings of different services into AWS Security Hub and analyze our cloud infrastructure based on that. We inform the owners if we find anything that is non-compliant or does not adhere to the security best practices.

We are facing some cost-related issues with the solution. We integrated a couple of services into AWS Security Hub, and some rules are not required for our environment. However, the assessment happens based on those rules, and we have to pay some additional costs.

We need some customization into the compliances whenever we enable specific compliances. We need more granular-level customizations to enable or disable the rules in AWS Security Hub.

Suppose we enabled one of the compliances and have more than 100 rules for that compliance. If one of the customers is not using all the services, those services are not really used in the environment. We are looking for some customizations to disable that rule so that the scanning will not happen based on that rule, and we can save some cost.

I have been using AWS Security Hub for four years.

I rate the solution a nine out of ten for stability.

Not all users in my organization have access to AWS Security Hub. Our security and cloud engineering teams actively use the solution in our organization.

I rate the solution an eight out of ten for scalability.

The technical support is good from a security perspective because AWS provides 24/7 support for all the services.

Positive

I have worked with different solutions, but not for the same organization. I have worked with different third-party tools like Prisma for cloud security posture management.

The initial setup of the solution is easy. We did some automation within the Lambda functions. If we onboard a new account, Lambda functions will help us enable AWS Security Hub into that account and send the findings to the administrator account.

The solution can be implemented in less than five minutes.

We integrated AWS Security Hub with Jira. If we find new findings in AWS Security Hub, the tickets get automatically created in Jira. If the automated remediation solution is available for a specific rule, it gets automatically remediated, and the ticket is closed by adding some comments. We have integrated AWS and GuardDuty into AWS Security Hub. Scanning, findings, and alerting are the most effective features of AWS Security Hub.

Integrating AWS Security Hub with other AWS services lets you see all the findings within your account from a single dashboard. I would recommend AWS Security Hub to users who don't have a multi-cloud environment.

Overall, I rate the solution a seven out of ten.

I use it for security posture management.

I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features.

And there's a single pane of glass for the entire account.

There is room for improvement in a couple of things. One is that the dashboard isn't very customizable. Another is that the alerting level is the same across the entire account. Every organization has different needs, like sandbox accounts. Even though they have the same alert level, it might not be critical for them.

Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. 

So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement.

I've been using it personally for the past five years.

I never had any problems with stability. 

It's scalable in the sense that it's good for posture management, but only within AWS. If you have a multi-cloud environment, you can't use Security Hub for anything else. That's a limitation. There are other tools available that are cross-cloud platforms.

AWS support is normally good. Depends on your contract agreement with them. But normally, it's good.

Positive

I've used Splunk and Sentinel. They're considered SIEM tools, more advanced than Security Hub.

Splunk and Sentinel are industry-standard SIEM tools, while Security Hub doesn't easily categorize as one. It's not fully functional as a SIEM tool and lacks some features. It offers some posture management but isn't a full SIEM. 

The SIEM tools have more process integration, organization-wide integration, log correlation, and customizable dashboards. They also allow easy alert configuration from the tool itself. 

Security Hub can do this, but it requires AWS Lambda and server activity, not an out-of-the-box configuration. 

On the other hand, Security Hub has low cost and good performance. SIEM tools sometimes struggle with high log volumes, but Security Hub doesn't.

The initial setup was easy. It's basically just enabling a few things. And there's good documentation available.

It was actually enabled as part of the LandingZone, so it didn't take long to deploy. Maybe a day or two.

We had mainly one dedicated architect and maybe two or three engineers. But they weren't just working on Security Hub; it was part of deploying the LandingZone. Security was enabled as part of the overall setup.

It's a managed service by AWS. We don't have to do much beyond looking at the dashboards and working on it. We did spend some time creating the auto-remediation part, which is an extension of the security app. But otherwise, it's a well-managed service.

Security Hub is not an expensive solution. Security Hub is a free AWS product included in the subscription.

Overall, I would rate the solution a six out of ten. Security Hub is a good starting point for security monitoring and management but not the end solution. Unless AWS adds major features, becoming more like a SIEM tool, organizations can't fully rely on it. It lacks the full capabilities of a SIEM, forcing reliance on other paid solutions. That's the biggest drawback right now.

It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale.

There are a lot of good rules, but the problem is it's very cluttered. Honestly, I wouldn't recommend it. It is too expensive for what it offers, too cluttered, and not user-friendly. It is not worth the money. There are much better options out there for the price.

It's not user-friendly. Too much going on, too many unnecessary findings, not very visual. You can't do much compared to other similar tools that are cheaper and better.

There's this company called PingSafe, just acquired by SentinelOne, that has a great cloud security offering. Prisma Cloud is also a better alternative.

I have been using it for one and a half years. It is one of AWS's features. 

Maybe five or six people are responsible for Security Hub specifically.

At the time, we didn't have another option. Once we found better solutions, we migrated everything away from Security Hub.

It's a one-click deployment; it's technically easy.

If you are looking for an overall security posture management tool, I'd recommend something like PingSafe, Palo Alto, or something else entirely.

Overall, I would rate the solution a five out of ten. 

The use case of AWS Security Hub is to manage the compliance part. It is a CSPM tool that helps you understand the compliance level of your infrastructure in the cloud. The tool gives you a score considering the levels of compliance you follow.

The most valuable feature of the solution stems from the fact that it is easy to manage, and a user of AWS does not have to log in to different consoles. If you have an AWS infrastructure, then it works fine. If you have multiple cloud infrastructures in your organization that may consist of cloud services from AWS, Azure, or GCP, then the tool may not be that effective since it can be described as a native tool for AWS.

From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool. It should be made possible to integrate some of the other tools with AWS Security Hub so that it can give you complete visibility of the product.

AWS Security Hub needs a lot of improvement since it is a native tool meant for AWS products only. For providing compliance, a number of tools are available in the market to take care of the protection part.

In the future, AWS needs to implement a single dashboard and make different kinds of modules available. To use it as a CSPM tool, you must go with AWS Security Hub, Amazon Inspector, and AWS Config. AWS Security Hub needs to introduce a single dashboard that allows a security person to go and log in, see the status, and take action if necessary.

I have been using AWS Security Hub for three to four years. I work as an integrator, and my company has partnerships with many companies involved in OEM tools.

Stability-wise, I rate the solution a seven out of ten.

It is a scalable solution.

I have implemented AWS Security Hub for five to six customers of our company.

AWS office has two types of support, namely business and standard. If you have opted for standard support, then it will be very complex to connect with the technical staff of AWS. If you have opted for business support, then the technical staff of AWS will connect with you within a minute. Business support is paid support.

The initial setup of AWS Security Hub was straightforward.

The product's deployment process is very easy and can be completed within an hour. As soon as you enable the product, it works. The product doesn't require the user to undergo any other implementation phases since it is a tool that you just have to enable in your environment to make it work across your environment.

The product's deployment process is very easy since you just need to log in to the control before going to Security Hub to enable it. You may enable AWS Security Hub in which account you want to enable.

The solution is deployed on the cloud.

One or two staff members are enough to manage the solution's deployment and maintenance. If you have a bigger environment with thousands of machines, then one or two people are enough to take care of the visibility part of the solution, but the maintenance will require a large number of staff members.

AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use.

If a person only wants a CSPM tool, then they can go with AWS Security Hub. If a person wants the product to be more than just a CSPM tool, then they need to evaluate the solutions available in the market.

I rate the overall tool a seven out of ten.

The solution provides first-hand integration into tools like Amazon Inspector and Amazon Detective. The tool can also integrate with Cisco, Splunk and Microsoft AD and allows an organization to have a stronger posture and clarity against account creation, VPCs, and instance development. An organization can also automatically synchronize all logs within the security data lake using AWS Security Hub. Our company works across multiple continents like Asia and Africa with the product. 

People have a perception that synchronizing logs is quite expensive, but it's not if you understand AWS Security Hub and you don't have multiple streams of your cloud trail and guard duty and similar things. You don't need to pay for the transfer of data in your logs, which gives you absolute analytics and this is one of the most vital features of the solution. The AWS Security Hub also allows to have just one dashboard to manage security.  

The solution should be easier to learn and use, and data exportation should be more user-friendly. If a user doesn't know how to export data or how to link at the back-end of tools like Amazon Athena, using AWS Security Hub can be difficult. 

I have been using the AWS Security Hub since the first version. 

Our company evaluates multiple products consistently, yet as part of our company, we prefer to use AWS Security Hub wherever possible. 

AWS Security Hub has advanced quite a bit over the last couple of years. The features are quite rich now. Before purchasing, one should develop an understanding of the product. I believe AWS Security Hub is one of the most friendly solutions for integration with third-party tools. I find the integration of AWS Security Hub to be the easiest with tools from Microsoft and a bit difficult with Google solutions. 

AWS Security Hub is compliant in many different ways. The development business I am part of is SOC compliant for AWS Security Hub, while the banks our organization works with have been PCI compliant for AWS Security Hub for three years. 

I would definitely recommend AWS Security Hub to others, yet I would also inquire about their purpose and knowledge of cloud solutions. If you know how to use AWS Security Hub, it can be a great solution to work with. The solution is more suitable for people working in the cloud instead of on-premises. I would rate AWS Security Hub a nine out of ten. 

AWS Security Hub is a CSPM (cloud security posture management) solution where you can get your current configuration posture or the security posture of your cloud. You can scan it through multiple compliance checks like CIS Benchmark, AWS Security Best Practices, or PCI DSS.

The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture. We are currently using CIS benchmark and AWS Security Best Practices. So you'll get the score and all the findings.

Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time.

Real-time scanning should be included in the solution’s next release.

I have been using AWS Security Hub for around four years.

AWS Security Hub is a stable solution.

AWS Security Hub is a scalable solution. You can add multiple accounts to one place and monitor it from there. Around 20 people from the cloud security and DevOps teams are using the solution in our organization. We are not planning to increase the solution's usage in the future.

AWS Security Hub's technical support is excellent because we always get a quick response from them. I rate AWS Security Hub's technical support an eight or nine out of ten.

Positive

Before AWS Security Hub, we used third-party tools like CloudGuard from Check Point. We decided to switch to AWS Security Hub because third-party tools provide the same capability as AWS Security Hub, and they are quite expensive.

AWS Security Hub is easy to implement and can be done in just a few clicks.

AWS Security Hub's pricing is pretty reasonable.

AWS Security Hub has an updated version from AWS. So there is no version control from the customer side. It's a managed service provided by AWS.

It's easy to integrate AWS Security Hub with products by other vendors.

AWS Security Hub is the best service I could find in AWS native security service, and anyone can leverage it to get an overall view of their infrastructure posture. You can find out what is the current score of their infrastructure according to security.

Multiple findings or multiple loopholes can be fixed directly from the solution. AWS Security Hub will help improve any new organization or a new AWS account to get to an optimal security posture.

Overall, I rate AWS Security Hub a nine out of ten.

We use Security Hub to collect telemetry information about misconfigurations in the cloud environment. It helps us identify any misconfigurations in the AWS Cloud stack. 

AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS.

The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results. 

I have used AWS Security Hub for about four months.

Security Hub is native to AWS, so it's stable. 

AWS Security Hub is pretty scalable. 

Security Hub is enabled on AWS by default. You don't need to deploy anything, but you have to configure your policies.

We are evaluating several other CSPM solutions, including Tenable. 

I rate AWS Security Hub seven out of 10. I recommend Security Hub if all of your workloads are on AWS and you don't have deployments on any other cloud platforms. It's the best option when you don't want to spend money.