Try our new research platform with insights from 80,000+ expert users

AWS Security Hub vs IBM Security QRadar comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 25, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
8th
Average Rating
8.8
Reviews Sentiment
5.6
Number of Reviews
4
Ranking in other categories
AI-SOC (13th), AI-Powered Security Automation (2nd)
AWS Security Hub
Ranking in Security Orchestration Automation and Response (SOAR)
6th
Average Rating
7.6
Reviews Sentiment
6.5
Number of Reviews
26
Ranking in other categories
Cloud Security Posture Management (CSPM) (16th)
IBM Security QRadar
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.0
Reviews Sentiment
6.6
Number of Reviews
219
Ranking in other categories
Log Management (7th), Security Information and Event Management (SIEM) (3rd), User Entity Behavior Analytics (UEBA) (1st), Endpoint Detection and Response (EDR) (17th), Managed Detection and Response (MDR) (7th), Extended Detection and Response (XDR) (11th)
 

Mindshare comparison

As of January 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 4.9%, up from 4.5% compared to the previous year. The mindshare of AWS Security Hub is 6.8%, down from 10.0% compared to the previous year. The mindshare of IBM Security QRadar is 6.3%, down from 8.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Market Share Distribution
ProductMarket Share (%)
IBM Security QRadar6.3%
AWS Security Hub6.8%
Torq4.9%
Other82.0%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

Nimrod Vardi - PeerSpot reviewer
Global IT Director at OpenWeb
Automation workflows have transformed our IT, enabling secure just-in-time access control
We work with them quite often, so we have a direct line regarding areas in Torq that have room for improvement. If we have a feature request, we can request it. I do not have anything in mind at the moment. We were a design partner for a short while, so we feel that they listen and that users of the system have an impact on the way the system is designed for the better. They have a new community, which is something that I personally suggested years ago. There are many people like me in different places and they might have already built the workflow that I need. Having the option to share workflows or to jump on a thread and say I have this need, did anyone ever build a workflow for it, is amazing. Someone would jump in and say yes, sure, here, take this workflow. I think this is an amazing thing and I really hope that the community will come alive because I think this is really powerful. This is something that I already suggested and it did happen eventually, and I am quite happy with it. I do not have any specific feature in mind that I have a need for at the moment.
Karthik Ekambaram - PeerSpot reviewer
Director at Scybers
Has helped identify misconfigurations and prioritize risks but lacks multi-cloud support and deeper integration features
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
HarshBhardiya - PeerSpot reviewer
SOC Engineer at a outsourcing company with 10,001+ employees
Have managed daily asset and alert monitoring effectively but have encountered limitations with manual processes and interface usability
It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system. The accuracy is not there. The UI could be better when compared to Sentinels where we can use flags and tagging. It could be much more user-friendly. IBM Security QRadar has all features and is fully competitive with other SIEM tools, but when it comes to user-friendliness, a new user takes time to get used to it. More intuitive, user-friendly interfaces and more helpful documentation would be beneficial. The query searching and data fetching could be faster. In large to very large organizations with around 5,000 or 6,000 assets or beyond, even with proper configurations and RAM and hardware backing up, the query is fairly slow.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities."
"Once I started to use the system and I saw the potential, it changed all of our work in IT."
"What I appreciate most about Torq is that it is an essential part of our system."
"Using that one piece of AI, we auto-closed 511 cases in quarter four alone."
"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"Within AWS Security Hub, there is a feature for aggregating and prioritizing security findings which allows for better risk prioritization based on misconfiguration, as they know AWS thoroughly."
"Finding out if your infrastructure is secure is a valuable feature."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"The support is very good. We get support whenever we need it. Sometimes they respond immediately and sometimes it will be within 24 hours. We can ask them to please do it right away and they can get a request done within an hour or two."
"On the back-end, Watson helps me figure out an exact problem, sometimes giving me the result."
"The most valuable feature is the QRadar Vulnerability Manager which provides vulnerability scans. In addition, I like the way QRadar generates alerts."
"Providing real-time visibility for threat detection and prioritization - QRadar SIEM provides contextual and actionable surveillance across the entire IT infrastructure."
"There are a lot of features in QRadar. App Exchange is the most valuable feature. User behavior analytics (UBA) is also a very good feature. Watson is also there, but we are not currently using Watson. It is versatile and quite easy. It also has an all-in-one-box feature and good integration with AWS."
"It is the core of our entire SOX."
"What I like the most about it is that you can very easily install and configure it. As compared to other SIEM solutions, for which you need to know and do a lot more to prepare your SIEM environment, QRadar is much simpler to install and configure. There are various options in the Admin console. In the Admin tab, you can design dashboards and view various graphs. It has a lot of attractive features, and you don't need to configure everything on your own."
"The playbook engine is flexible and allows for the graphical visualization of processes, enabling the implementation of dynamic playbooks for incident response or testing."
 

Cons

"The initial deployment of Torq was not easy."
"Regarding stability, I have noticed some lagging, crashing, and downtime, which is one of my largest gripes."
"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"It is not flexible for multi-cloud environments."
"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just suggesting them."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."
"The solution lacks self-sufficiency."
"I don't look at only the features and benefits; I also look at the price. It is a bit expensive when compared with other solutions. It is expensive for specific deployment topologies, and the decision-makers go for alternatives like ArcSight. It should also have more AI features or capabilities for better threat intelligence. The more it uses machine learning, the better would be the dashboard, analytics, and other things."
"The solution lacks vendor support."
"It's still very manual and doesn't work on its own. It's still in an early stage and not on par where we can consider it a really successful detection system."
"The AQL queries could be better."
"I would like for them to develop a detection management solution. It does not have a detecting management solution in it, you have to buy it as it is, on top of the extended solution."
"The implementation of the solution's technology needs to be simplified."
"Pricing model could be more cost-effective."
"I think the support for IBM Security QRadar needs improvement as it is a big product and needs more support engineers to help customers."
 

Pricing and Cost Advice

Information not available
"The pricing is fine. It is not an expensive tool."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The price of the solution is not very competitive but it is reasonable."
"The price of AWS Security Hub is average compared to other solutions."
"Security Hub is not an expensive solution."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"AWS Security Hub's pricing is pretty reasonable."
"The tool is priced in a competitive manner. The tool's price is dependent on the installation and the product size, but it is competitive in the marketplace."
"As for licensing costs, I haven't seen the exact figures, but it is considered somewhat costly. On a scale from one to ten, where one is very expensive and ten is very cheap, I would rate it a six—it’s costly but worth the money."
"I feel that the price is reasonable but compared to other products that are on the market, such as an offering by Microsoft, it is more expensive."
"The product is expensive. We have purchased the perpetual license, but we pay for the support."
"think the pricing is quite flexible."
"The price could be better. I bought a subscription for three years."
"The solution is priced fairly, there is a license for the solution, and we pay annually."
"When it comes to the initial pricing there can be a huge discount from there side and also I think they are open to competing with other products."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
881,082 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
8%
Manufacturing Company
8%
Healthcare Company
7%
Financial Services Firm
12%
Computer Software Company
12%
Manufacturing Company
11%
Government
7%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise5
Large Enterprise12
By reviewers
Company SizeCount
Small Business91
Midsize Enterprise39
Large Enterprise105
 

Questions from the Community

What needs improvement with Torq?
From our research and testing with the tool, we determined there need to be modifications and changes to train the LL...
What is your primary use case for Torq?
I used Torq for conducting one of the proof of evaluations for a vendor we are connected with. I am currently working...
What advice do you have for others considering Torq?
One of our members uses AWS, and we receive their feed. This involves triaging AWS-related logs. While I do not have ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances...
What needs improvement with AWS Security Hub?
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other pro...
What are the biggest differences between Securonix UEBA, Exabeam, and IBM QRadar?
It mostly depends on your use-cases and environment. Exabeam and Securonix have a stronger UEBA feature set, friendli...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What is your experience regarding pricing and costs for IBM Security QRadar?
My experience with pricing, setup cost, and licensing is great compared to the other vendor.
 

Also Known As

No data available
SQRRL
IBM QRadar, QRadar SIEM, QRadar UBA, QRadar on Cloud, IBM QRadar Advisor with Watson
 

Overview

 

Sample Customers

Information Not Available
Edmunds, Frame.io, GoDaddy, Realtor.com
Clients across multiple industries, such as energy, financial, retail, healthcare, government, communications, and education use QRadar.
Find out what your peers are saying about AWS Security Hub vs. IBM Security QRadar and other solutions. Updated: December 2025.
881,082 professionals have used our research since 2012.