AWS Security Hub vs. Splunk Enterprise

AWS Security Hub

Splunk Enterprise

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
AWS Security Hub	Score 8.4 out of 10	N/A	AWS Security Hub gives users a comprehensive view of your high-priority security alerts and security posture across AWS accounts. With Security Hub, users have a single place that aggregates, organizes, and prioritizes security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Firewall Manager, as well as from AWS Partner solutions.	N/A
Splunk Enterprise	Score 8.4 out of 10	N/A	Splunk is software for searching, monitoring, and analyzing machine-generated big data, via a web-style interface. It captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.	N/A

Pricing

AWS Security Hub

Splunk Enterprise

Editions & Modules

No answers on this topic

Offerings

Pricing Offerings
AWS Security Hub	Splunk Enterprise
Free Trial
No	Yes
Free/Freemium Version
No	Yes
Premium Consulting/Integration Services
No	No

Entry-level Setup Fee

No setup fee

Additional Details

—

More Pricing Information

Community Pulse
	AWS Security Hub	Splunk Enterprise
Considered Both Products	AWS Security Hub Verified User Program Manager Chose AWS Security Hub AWS stacks up very similarly to Splunk but being that it's an AWS tool it is better able to natively monitor our AWS footprint, unlike splunk which requires an appliance and / or forwarding agent for it to work properly. The same can be said about some other tools like Dynatrace… Incentivized Helpful?	Splunk Enterprise No answer on this topic
Top Pros	Pro Cost effective Pro Support team Pro Saves time	Pro Real time Pro Easy to use Pro Set up
Top Cons	Minus Negative experience Minus Not clear Minus Setting up	Minus Learning curve Minus Steep learning curve Minus Ability to create

Features

AWS Security Hub

Splunk Enterprise

Security Information and Event Management (SIEM)

Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
	AWS Security Hub - Ratings	Splunk Enterprise 7.4 54 Ratings 6% below category average
Centralized event and log data collection	00 Ratings	6.553 Ratings
Correlation	00 Ratings	6.052 Ratings
Event and log normalization/management	00 Ratings	6.053 Ratings
Deployment flexibility	00 Ratings	7.549 Ratings
Integration with Identity and Access Management Tools	00 Ratings	7.549 Ratings
Custom dashboards and workspaces	00 Ratings	8.554 Ratings
Host and network-based intrusion detection	00 Ratings	7.037 Ratings
Data integration/API management	00 Ratings	8.35 Ratings
Behavioral analytics and baselining	00 Ratings	7.84 Ratings
Rules-based and algorithmic detection thresholds	00 Ratings	7.84 Ratings
Response orchestration and automation	00 Ratings	6.94 Ratings
Reporting and compliance management	00 Ratings	7.94 Ratings
Incident indexing/searching	00 Ratings	8.95 Ratings

Best Alternatives
	AWS Security Hub	Splunk Enterprise
Small Businesses	No answers on this topic	AlienVault USM Score 8.0 out of 10
Medium-sized Companies	Freshservice Score 8.7 out of 10	InsightIDR Score 8.6 out of 10
Enterprises	Freshservice Score 8.7 out of 10	Microsoft Sentinel Score 8.4 out of 10
All Alternatives	View all alternatives	View all alternatives

User Ratings
	AWS Security Hub	Splunk Enterprise
Likelihood to Recommend	9.0 (4 ratings)	7.0 (70 ratings)
Likelihood to Renew	- (0 ratings)	10.0 (17 ratings)
Usability	- (0 ratings)	9.0 (3 ratings)
Availability	- (0 ratings)	10.0 (1 ratings)
Support Rating	- (0 ratings)	8.4 (17 ratings)
Online Training	- (0 ratings)	8.0 (1 ratings)
Implementation Rating	- (0 ratings)	9.0 (2 ratings)
Product Scalability	- (0 ratings)	9.1 (1 ratings)

User Testimonials
	AWS Security Hub	Splunk Enterprise
Likelihood to Recommend	Amazon AWS I don't think there's yet a perfect tool in this category of security and incident aggregators, but AWS Security Hub is an excellent tool for having visibility into our overall security posture. It is a great aggregator for many AWS services but also for third party security tools with which it integrates really well. Incentivized Verified User Anonymous Read full review	Splunk Pros: Splunk is very well suited if you have multiple log sources of related data. All of them can be correlated and tasks can be automated based on the requirement. Other than alerts, Splunk can also run a specific script of your choice, based on some defined conditions. Cons: If you have a few logs but a large number of log sources, Splunk can be very expensive. Incentivized Kuntal Das Security Analyst Read full review
Pros	Amazon AWS Alerting Aggregation, organization and prioritization of security alerts and events Third party integration Incentivized Verified User Anonymous Read full review	Splunk Real-time + Scheduled alerts - i-e you can set up alerts which are actively monitoring your logs Pretty good response time for search results. With our key/value logging, Splunk makes it blazing fast to query the data. Dashboards provide insights into historical data Love how Splunk indexes all of the data and provides keys to search on Incentivized Pooja Gada Engineering Tech Lead Read full review
Cons	Amazon AWS Not easy to read past data, especially once it moves into Glacier deep storage performance is somewhat sluggish ... other systems are much faster to analyze data Doesn't always provide a remediation solution or suggested fix like other 3rd party tools like Qualys. It's hard to get the initial configuration and enrollment completed as there's a lot of manual intervention for every configured rule that needs to be enabled alerts are often times delayed Incentivized Verified User Anonymous Read full review	Splunk At times some queries can run slowly if indices are not on a portion of the query you use. Setup time initially can be difficult if your logs aren't stored in common locations or in a common way to write the log. Ability to ingest logs from different locations without having to change code to put logs in a certain place (pro and con). Searches can be a bit more difficult to look through if your log isn't pulled in a manner that is easy to read through splunk. Incentivized Verified User Anonymous Read full review
Likelihood to Renew	Amazon AWS No answers on this topic	Splunk We are using Splunk extensively in our projects and we have recently upgraded to Splunk version 6.0 which is quite efficient and giving expected results. We keep track of updates and new features Splunk introduces periodically and try to introduce those features in our day to day activities for improvement in our reporting system and other tasks. Verified User Anonymous Read full review
Usability	Amazon AWS No answers on this topic	Splunk You can literally throw in a single word into Splunk and it will pull back all instances of that word across all of your logs for the time span you select (provided you have permission to see that data). We have several users who have taken a few of the free courses from Splunk that are able to pull data out of it everyday with little help at all. Incentivized Kenneth Taitingfong Splunk Architect / Engineer Read full review
Reliability and Availability	Amazon AWS No answers on this topic	Splunk When properly setup and configured, Splunk is extremely reliable. Incentivized Verified User Anonymous Read full review
Support Rating	Amazon AWS No answers on this topic	Splunk Splunk maintains a well resourced support system that has been consistent since we purchased the product. They help out in a timely manner and provide expert level information as needed. We typically open cases online and communicate when possible via e-mail and are able to resolve most issues with that method. Incentivized Verified User Anonymous Read full review
Online Training	Amazon AWS No answers on this topic	Splunk The online course was simple clear and described the main capabilities of the solution. There is also an initial module that can be done for free so anyone can familiarize themselves with the functionality of this solution. On the other hand, however, there could be more free online courses. Maybe even with a certificate, this would broaden the group of people who are familiar with the platform while increasing familiarity with the solution itself. Verified User Anonymous Read full review
Implementation Rating	Amazon AWS No answers on this topic	Splunk Smooth without too many major issues. Incentivized Verified User Anonymous Read full review
Alternatives Considered	Amazon AWS AWS Security Hub is it's own unique program that I have used. I haven't used anything similar to it and it was worth it to try out. However, for those that want to keep for long, it will be very heavy in term of budget and resource that they have to provide. Incentivized Duc Minh Nguyen President Read full review	Splunk I wanted to learn a new language that I can quickly master and implement. Splunk is easy, fun to use and best of all, it can be developed in hours not days or weeks. Splunk is fundamentally a programming language that is minimal but yet powerful enough to collect, analyze and visualize data. Incentivized Verified User Anonymous Read full review
Scalability	Amazon AWS No answers on this topic	Splunk Splunk can scale in to the petabyte per day range which of course is awesome Rick Yetter Regional Director Read full review
Return on Investment	Amazon AWS Since we have started using this, we could notice a drop of security issues Incentivized Verified User Anonymous Read full review	Splunk Overall very positive. It has provided visibility to what is going on within our network. One drawback is the time it takes to get up to speed with the application, but this is up to the user, and Splunk education is excellent. In my field, IT Security, there are few other friends to have in your back pocket better than Splunk. They are just that good. Incentivized Verified User Anonymous Read full review
ScreenShots