AWS Config vs. AWS Security Hub

It's really good if your infrastructure services is all in AWS, that means everything could be audited and monitored using AWS config. You also can create alarms to notify you or your team about any changes on your AWS resources which is very useful to prevent abuse if you have a fairly large team. It's also very useful whenever some third party wants to audit your AWS resources, if you have a fairly comprehensive AWS config configured, the auditing process will be easy since they only need to look at your AWS config setup.

Incentivized

I don't think there's yet a perfect tool in this category of security and incident aggregators, but AWS Security Hub is an excellent tool for having visibility into our overall security posture. It is a great aggregator for many AWS services but also for third party security tools with which it integrates really well.

Incentivized

• The ability to track changes in AWS is paramount, AWS config allows you to do this
• Allows the auditing of an AWS account
• Can view history of an account that has AWS config enabled

Incentivized

• Brings together the security related AWS tools in one dashboard
• Allows to pick and chose which AWS security tools to use
• Clean UI

Incentivized

• It's only AWS, no third party.
• Not the most intuitive interface, but with a little getting used to it is OK.

Incentivized

• Not easy to read past data, especially once it moves into Glacier deep storage
• performance is somewhat sluggish ... other systems are much faster to analyze data
• Doesn't always provide a remediation solution or suggested fix like other 3rd party tools like Qualys.
• It's hard to get the initial configuration and enrollment completed as there's a lot of manual intervention for every configured rule that needs to be enabled
• alerts are often times delayed

Incentivized

AWS always good with usability and same here for AWS Security Hub. A lot of good documentation is available to read and configure your own. We also started with looking at the videos and documentation to configure automation for our compliance checks. And to configure there are very less steps to be followed which is a very good thing for faster configuration.

Incentivized

Would rate lower for other workloads but for AWS workloads its simple to set up, cost effective and customisable. Primary use case is compliance from a governance perspective.

Incentivized

I do not know or have used any other product in AWS cloud space that matches what AWS Config provides. We have some custom built monitoring and governance, however that is there because AWS Config does not provide it currently.

Incentivized

AWS Security Hub is it's own unique program that I have used. I haven't used anything similar to it and it was worth it to try out. However, for those that want to keep for long, it will be very heavy in term of budget and resource that they have to provide.

Incentivized

• Enforcing audit requirements
• Easy to set up alerting when there are rule breaches
• Auto remediation reduces the manual policing of such breaches

Incentivized

• The automated compliance test helped us a lot to get PCIDSS certified so it was a very good return for our investments.
• Some third party tools we were using were not available for AWS Security Hub automated testing.
• Easy to configure for faster security automations but if we need detailed reports we should add more tools.

Incentivized