Item: AWS Security Hub
Rating: 9
Author: Verified User

Use Cases and Deployment Scope

We use AWS security hub to gain visibility into our high priority security events. We configure it for alerting on certain high risk activity from services like IAM, AWS Firewall Manager and AWS GuarDuty and also use it to check our existing AWS footprint against industry security standards like PCI, GLBA and others in or der to ensure we are compliant.

Pros and Cons

Alerting
Aggregation, organization and prioritization of security alerts and events
Third party integration

Not easy to read past data, especially once it moves into Glacier deep storage
performance is somewhat sluggish ... other systems are much faster to analyze data
Doesn't always provide a remediation solution or suggested fix like other 3rd party tools like Qualys.
It's hard to get the initial configuration and enrollment completed as there's a lot of manual intervention for every configured rule that needs to be enabled
alerts are often times delayed

Most Important Features

Accuracy ! Once rules are properly defined there are very few false positives
Ease of identifying trends
Technical support is excellent

Return on Investment

It helps to keep us compliant, which is a requirement in the financial industry
We have maintained a high security posture with the help of AWS Security Hub, without any security incidents.
I wouldn't say this is necessarily ROI but we have prevented potential data losses, brand damage and the financial cost of the aforementioned with the help of AWS Security Hub.

Alternatives Considered

Splunk Enterprise, Splunk Enterprise Security (ES), Splunk Log Observer and Dynatrace

AWS stacks up very similarly to Splunk but being that it's an AWS tool it is better able to natively monitor our AWS footprint, unlike splunk which requires an appliance and / or forwarding agent for it to work properly. The same can be said about some other tools like Dynatrace. Dynatrace has a much more pleasant user interface that the senior management seems to like more, but AWS Security Hub has better options, a more straightforward rules engine and is less expensive than both Splunk and Dynatrace.

Key Insights

Do you think AWS Security Hub delivers good value for the price?

Yes

Are you happy with AWS Security Hub's feature set?

Yes

Did AWS Security Hub live up to sales and marketing promises?

Yes

Did implementation of AWS Security Hub go as expected?

Yes

Would you buy AWS Security Hub again?

Yes

Other Software Used

Splunk Enterprise, Dynatrace, Splunk Enterprise Security (ES), Sectigo Certificate Manager, ManageEngine Endpoint Central, Palo Alto Panorama, Cisco Secure Workload (Tetration)

Likelihood to Recommend

I don't think there's yet a perfect tool in this category of security and incident aggregators, but AWS Security Hub is an excellent tool for having visibility into our overall security posture. It is a great aggregator for many AWS services but also for third party security tools with which it integrates really well.

AWS Security Hub is an excellent security event aggregator not only for AWS services but also third party tools.

Overall Satisfaction with AWS Security Hub