Try our new research platform with insights from 80,000+ expert users

AWS Security Hub vs Check Point CloudGuard CNAPP comparison

Amazon Web Services (AWS) and Check Point Software Technologies are both solutions in the Cloud Security Posture Management (CSPM) category. Amazon Web Services (AWS) is ranked #14 with an average rating of 7.7, while Check Point Software Technologies is ranked #5 with an average rating of 8.6. Amazon Web Services (AWS) holds a 4.0% mindshare in CSPM, compared to Check Point Software Technologies’s 2.8% mindshare. Additionally, 87% of Amazon Web Services (AWS) users are willing to recommend the solution, compared to 94% of Check Point Software Technologies users who would recommend it.
AWS Security Hub
Read 22 AWS Security Hub reviews
  • 3,624 Views
  • 235 Comparison Views
87% willing to recommend
Check Point CloudGuard CNAPP
Read 71 Check Point CloudGuard CNAPP reviews
  • 4,058 Views
  • 173 Comparison Views
94% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 30, 2025

Check Point CloudGuard CNAPP and AWS Security Hub are both significant players in the cloud security category. Check Point CloudGuard CNAPP has an upper hand in governance capabilities and real-time threat intelligence, while AWS Security Hub is favored for its integrations within the AWS ecosystem.

Features: Check Point CloudGuard CNAPP is known for its compliance engine providing detailed insights into cloud security configurations, a robust IAM role feature for identity protection and task automation, and real-time threat intelligence capabilities. AWS Security Hub excels in its seamless integration with AWS services, offering a centralized dashboard for compliance insights and comprehensive compliance checks within the AWS ecosystem.

Room for Improvement: Check Point CloudGuard CNAPP could benefit from better integration with third-party tools like ServiceNow, enhanced multi-cloud support, and improvements in policy customization and documentation. AWS Security Hub needs to enhance its multi-cloud support, provide advanced customization options for dashboards and alerts, and improve integration with open-source tools.

Ease of Deployment and Customer Service: Check Point CloudGuard CNAPP is supported by dedicated support engineers and project managers, noted for its overall customer service, although response times for technical inquiries could be improved. AWS Security Hub integrates effortlessly within the AWS ecosystem with existing AWS support but may require more effort for customization and integration beyond AWS-native environments.

Pricing and ROI: Check Point CloudGuard CNAPP is perceived as having higher costs, justified by its strong features and ROI, particularly in reducing human resources and improving compliance management. Its pricing often varies with cloud infrastructure size. AWS Security Hub’s pricing is seen as reasonable for current AWS users, offering cost-effectiveness and simplified payment models based on usage, though its ROI benefits may be less outside the AWS ecosystem.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed AWS Security Hub vs. Check Point CloudGuard CNAPP Report (Updated: June 2025).
Buyer's Guide
AWS Security Hub vs. Check Point CloudGuard CNAPP
June 2025
Download the complete report
Helped 860,592 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AWS Security Hub
Ranking in Cloud Security Posture Management (CSPM)
14th
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
22
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (5th)
Check Point CloudGuard CNAPP
Ranking in Cloud Security Posture Management (CSPM)
5th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
71
Ranking in other categories
Vulnerability Management (9th), Cloud and Data Center Security (9th), Container Security (9th), Cloud Workload Protection Platforms (CWPP) (5th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (6th), Compliance Management (6th)
 

Mindshare comparison

As of July 2025, in the Cloud Security Posture Management (CSPM) category, the mindshare of AWS Security Hub is 4.0%, down from 5.5% compared to the previous year. The mindshare of Check Point CloudGuard CNAPP is 2.8%, down from 2.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM)
 

Featured Reviews

MuhammadAzhar Khan - PeerSpot reviewer
Offers best practice recommendations and supports various compliance standards
Security Hub provides insightful information about what is running and where there might be weaknesses. It offers best practice recommendations and supports various compliance standards such as ISO and PCI DSS. Enabling these compliance checks helps identify non-compliant services and suggests steps to achieve compliance. The main advantage is providing information and compliance insights rather than prevention.
Read full review
Bart Coddens - PeerSpot reviewer
Evolved cloud security with active monitoring but needs interface consistency
The user interface needs work. Sometimes, it is a transition from the old tool to the new CNAPP Two that I currently have, and remnants of the old environment can still be detected. I require consistency in the user interface to ensure everything is streamlined into the same look and feel. More work is needed in fine-tuning the threat data towards your CSPM and activity logs, aligning them with business intelligence, which requires a cohesive console interface. My assessment of CloudGuard CDRs in intrusion detection and threat hunting capabilities is that it still needs some work. All the threat data that comes in, you need to fine tune it a bit.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup."
"Finding out if your infrastructure is secure is a valuable feature."
"AWS Security Hub can check your infrastructure against multiple compliance frameworks. You can turn on or off specific frameworks based on your needs."
"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."
"Easily integrates with third-party tools"
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
More AWS Security Hub pros
"The initial setup is easy and not complex at all."
"The most valuable feature is the separate environment."
"It presents a real-time database that is always updated."
"The solution has intelligence that integrates with a range of threat intelligence feeds, including Check Point's ThreatCloud, to provide real-time intelligence on emerging threats."
"The CDR helps detect anomalous behavior and respond to threats before they become an issue."
"The various CNAPP modules have granted more visibility of our cloud applications to our system engineers and developers."
"The tool is also very intuitive; its dashboards are very complete and provide a lot of valuable information for decision-making to improve security."
"The posture management and remediation features are the most valuable. We use GSL Builder to build custom rules in alignment with our organization's policies. CloudGuard has canned rules using multiple standard frameworks, but we also have additional rules."
More Check Point CloudGuard CNAPP pros
 

Cons

"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."
"There is room for improvement in implementing AI capabilities."
"Security Hub is currently not worth investing in, as it requires more configurations and integration with other services to work effectively."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"It's not user-friendly. Too much going on, too many unnecessary findings, not very visual. You can't do much compared to other similar tools that are cheaper and better."
"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve."
More AWS Security Hub cons
"Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."
"Sometimes, the solution provides us with false alerts of vulnerabilities that are not present in our cloud environment."
"The reporting has a lot of opportunities to continuously improve so that we can continue to show value."
"Reporting should have more options."
"The Check Point solution is somewhat expensive."
"I would like to see improvements in the vulnerability assessments in terms of how the solution discovers vulnerabilities or compromised workloads. Also, customizable reports would be nice."
"We want to be able to customize the solution more in order to meet the needs of our company."
"The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be."
More Check Point CloudGuard CNAPP cons
 

Pricing and Cost Advice

"The price of AWS Security Hub is average compared to other solutions."
"Security Hub is not an expensive solution."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"The pricing is fine. It is not an expensive tool."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"AWS Security Hub's pricing is pretty reasonable."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The price of the solution is not very competitive but it is reasonable."
"I suggest that you pay attention to the product pricing because while there are no tricks, and the licensing model is transparent, the final numbers may surprise you."
"The solution’s pricing is a little bit high."
"I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two, to obtain better pricing."
"The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider."
"The price is on the higher end."
"It is difficult to contextualize the pricing because we are used to Indian pricing and licensing."
"The license fee is high."
"CloudGuard is fairly priced."
More Check Point CloudGuard CNAPP pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
See recommendations
860,592 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
Read full review
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
10%
Government
6%
Financial Services Firm
13%
Computer Software Company
13%
Manufacturing Company
8%
Educational Organization
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
See all answers
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.
See all answers
What needs improvement with AWS Security Hub?
There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just sugge...
See all answers
What do you like most about Check Point CloudGuard Posture Management?
The visibility in our cloud environment is the most valuable feature.
See all answers
What is your experience regarding pricing and costs for Check Point CloudGuard Posture Management?
The price is on the higher end.
See all answers
What needs improvement with Check Point CloudGuard Posture Management?
We have concerns regarding the pricing and would appreciate seeing some improvements.
See all answers
 

Comparisons

Microsoft Sentinel vs AWS Security Hub Logo
Microsoft Sentinel vs AWS Security Hub
Compared 37% of the time
Wiz vs AWS Security Hub Logo
Wiz vs AWS Security Hub
Compared 12% of the time
Prisma Cloud by Palo Alto Networks vs AWS Security Hub Logo
Prisma Cloud by Palo Alto Networks vs AWS Security Hub
Compared 8% of the time
Microsoft Defender for Cloud vs AWS Security Hub Logo
Microsoft Defender for Cloud vs AWS Security Hub
Compared 6% of the time
Google Chronicle Suite vs AWS Security Hub Logo
Google Chronicle Suite vs AWS Security Hub
Compared 4% of the time
More AWS Security Hub Competitors
Wiz vs Check Point CloudGuard CNAPP Logo
Wiz vs Check Point CloudGuard CNAPP
Compared 17% of the time
Prisma Cloud by Palo Alto Networks vs Check Point CloudGuard CNAPP Logo
Prisma Cloud by Palo Alto Networks vs Check Point CloudGuard CNAPP
Compared 17% of the time
AWS GuardDuty vs Check Point CloudGuard CNAPP Logo
AWS GuardDuty vs Check Point CloudGuard CNAPP
Compared 7% of the time
SentinelOne Singularity Cloud Security vs Check Point CloudGuard CNAPP Logo
SentinelOne Singularity Cloud Security vs Check Point CloudGuard CNAPP
Compared 6% of the time
CrowdStrike Falcon Cloud Security vs Check Point CloudGuard CNAPP Logo
CrowdStrike Falcon Cloud Security vs Check Point CloudGuard CNAPP
Compared 3% of the time
More Check Point CloudGuard CNAPP Competitors
 

Product Reports

Buyer's Guide
AWS Security Hub
June 2025
AWS Security Hub reportDownload AWS Security Hub product report
Buyer's Guide
Check Point CloudGuard CNAPP
June 2025
Check Point CloudGuard CNAPP reportDownload Check Point CloudGuard CNAPP product report
 

Also Known As

SQRRL
Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence
 

Overview

AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts. 

The service offers a range of features including continuous monitoring, threat intelligence integration, and customizable dashboards. It also provides automated insights and recommendations to help users improve their security posture. Security Hub integrates with other AWS services like Amazon GuardDuty, AWS Config, and AWS Macie to provide a unified security experience. Additionally, it supports integration with third-party security tools through its API, allowing users to leverage their existing security investments. 

With its user-friendly interface and powerful capabilities, AWS Security Hub is a valuable tool for organizations looking to enhance their security and compliance posture in the cloud.

Amazon Web Services (AWS)

Check Point CloudGuard CNAPP is a cloud-native application protection platform designed to secure your cloud environments and applications. By combining CSPM, CWPP, CSNS, and WAF capabilities, it provides a comprehensive solution to protect your cloud environment from a wide range of threats.



CloudGuard CNAPP delivers end-to-end cloud security, including workload protection, vulnerability management, and identity management, all while maintaining continuous compliance. It uses advanced AI to detect and prevent threats, offering protection for containers, serverless applications, and APIs. CloudGuard CNAPP also emphasizes simplifying security management, integrating directly with cloud platforms like AWS, Azure, and GCP.

CloudGuard CNAPP provides customers with more context to drive actionable security and smarter prevention, from code-to-cloud, across the application lifecycle. More Context Means Actionable Security, Smarter Prevention. The primary components are:

  • Unified & Modular Platform - A single platform unifying SAST, CSPM, DSPM, CIEM, CWPP, WAF, and Cloud Detection and Response.
  • Continuous Cloud Security - Automatic enforcement of security requirements and internal policies from development to runtime.
  • Real-time Detection & Protection - Real-time incidents and vulnerability detection with a single-click or automated remediation.

    What are the key features of CloudGuard CNAPP?

    • Workload Protection: Secures cloud-based workloads, including VMs, containers, and serverless functions, from vulnerabilities and attacks.
    • Posture Management: Continuously monitors cloud configurations and assets to ensure compliance with security standards and policies.
    • Threat Prevention: Uses AI-driven threat detection to block malware, ransomware, and zero-day exploits in real-time.
    • Compliance Automation: Automates compliance checks and ensures adherence to industry regulations, such as GDPR, HIPAA, and PCI-DSS.
    • Identity and Access Management (IAM) Protection: Secures identities by managing access policies and detecting misconfigurations in permissions.

    What are the key benefits to consider?

    • Improved Cloud Visibility: Provides clear insights into cloud environments, assets, and workloads, helping teams detect misconfigurations and vulnerabilities early.
    • Risk Reduction: Threat prevention features help reduce the risk of breaches by identifying and blocking potential attacks before they can exploit system weaknesses.
    • Operational Efficiency: Automated compliance and posture management reduce the manual work needed to maintain security standards.
    • Multi-cloud Support: CloudGuard CNAPP integrates across AWS, Azure, and Google Cloud, streamlining security operations for hybrid and multi-cloud deployments.

    Check Point CloudGuard CNAPP simplifies cloud security management with integrated protection and automation.




    Check Point Software Technologies
     

    Sample Customers

    Edmunds, Frame.io, GoDaddy, Realtor.com
    Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners
    Buyer's Guide
    AWS Security Hub vs. Check Point CloudGuard CNAPP
    June 2025
    Free Report: AWS Security Hub vs. Check Point CloudGuard CNAPP
    Find out what your peers are saying about AWS Security Hub vs. Check Point CloudGuard CNAPP and other solutions. Updated: June 2025.
    DOWNLOAD NOW
    860,592 professionals have used our research since 2012.
    See our AWS Security Hub vs. Check Point CloudGuard CNAPP report.
    See our list of best Cloud Security Posture Management (CSPM) vendors.

    We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.