We performed a comparison between AWS Security Hub and i-SIEM based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."It's pretty powerful and its performance is pretty good."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The product can integrate with any device."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The pricing of the product is excellent."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Easily integrates with third-party tools"
"I find all of the features to be highly valuable."
"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"Very good at detection and providing real-time alerts."
"Finding out if your infrastructure is secure is a valuable feature."
"The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture."
"As a result of the automation, we are able to manage SIEM with a small security team. I'm in a unique position where we have been growing the security organization quite rapidly over the last three and a half years. But, as a direct result of the empow transition and legacy collection of tools towards the empow platform, we've been able to keep that head count flat. We've been able to redirect a lot of the security team's time away from the wash, rinse, repeat activities of responding to alarms where we have a high degree of confidence that they will be false positives, adjusting the rules accordingly. This can be a bit frustrating for the analyst when they have to spend hours a day dealing with these types of probable false positives. So, it has helped not only us keep our headcount flat relative to the resources necessary to provide the assurances that our executives expect of us for monitoring, but allows our analyst team to spend the majority of their time doing what they love. They are spending their time meaningfully with a higher degree of confidence and enjoying getting into the incident response type activity."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"One key area that can be improved is by building a strong integration with our XDR platform."
"I think the number one area of improvement for Sentinel would be the cost."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"The support must be quicker."
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update."
"The solution lacks self-sufficiency."
"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"Relative to keeping up with the sheer pace of cloud-native technologies, it should provide more options for clients to deploy their technologies in unique ways. This is an area that I recommend that they maintain focus."
Earn 20 points
AWS Security Hub is ranked 8th in Security Information and Event Management (SIEM) with 17 reviews while i-SIEM is ranked 44th in Security Information and Event Management (SIEM). AWS Security Hub is rated 7.6, while i-SIEM is rated 9.0. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of i-SIEM writes "The alert fatigue and false positive rates have just plummeted, which is really exciting". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Google Chronicle Suite and Oracle Security Monitoring and Analytics Cloud Service, whereas i-SIEM is most compared with Splunk Enterprise Security, AlienVault OSSIM and IBM Watson for Cyber Security.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
