AWS Security Hub is an excellent security event aggregator not only for AWS services but also third party tools.
December 16, 2022

AWS Security Hub is an excellent security event aggregator not only for AWS services but also third party tools.

Anonymous | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User

Overall Satisfaction with AWS Security Hub

We use AWS security hub to gain visibility into our high priority security events. We configure it for alerting on certain high risk activity from services like IAM, AWS Firewall Manager and AWS GuarDuty and also use it to check our existing AWS footprint against industry security standards like PCI, GLBA and others in or der to ensure we are compliant.

Pros

  • Alerting
  • Aggregation, organization and prioritization of security alerts and events
  • Third party integration

Cons

  • Not easy to read past data, especially once it moves into Glacier deep storage
  • performance is somewhat sluggish ... other systems are much faster to analyze data
  • Doesn't always provide a remediation solution or suggested fix like other 3rd party tools like Qualys.
  • It's hard to get the initial configuration and enrollment completed as there's a lot of manual intervention for every configured rule that needs to be enabled
  • alerts are often times delayed
  • Accuracy ! Once rules are properly defined there are very few false positives
  • Ease of identifying trends
  • Technical support is excellent
  • It helps to keep us compliant, which is a requirement in the financial industry
  • We have maintained a high security posture with the help of AWS Security Hub, without any security incidents.
  • I wouldn't say this is necessarily ROI but we have prevented potential data losses, brand damage and the financial cost of the aforementioned with the help of AWS Security Hub.
AWS stacks up very similarly to Splunk but being that it's an AWS tool it is better able to natively monitor our AWS footprint, unlike splunk which requires an appliance and / or forwarding agent for it to work properly. The same can be said about some other tools like Dynatrace. Dynatrace has a much more pleasant user interface that the senior management seems to like more, but AWS Security Hub has better options, a more straightforward rules engine and is less expensive than both Splunk and Dynatrace.

Do you think AWS Security Hub delivers good value for the price?

Yes

Are you happy with AWS Security Hub's feature set?

Yes

Did AWS Security Hub live up to sales and marketing promises?

Yes

Did implementation of AWS Security Hub go as expected?

Yes

Would you buy AWS Security Hub again?

Yes

I don't think there's yet a perfect tool in this category of security and incident aggregators, but AWS Security Hub is an excellent tool for having visibility into our overall security posture. It is a great aggregator for many AWS services but also for third party security tools with which it integrates really well.

Comments

More Reviews of AWS Security Hub