We performed a comparison between AWS Security Hub and Prisma Cloud by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Ease of Deployment: Prisma Cloud by Palo Alto Networks' initial setup was straightforward and aided by helpful engineers and clear instructions. Deployment time differed but was uncomplicated. On the other hand, AWS Security Hub's setup is simple and straightforward, though policies must be set up. It necessitates minimal upkeep.
Features: Prisma Cloud provides a management console, continuous compliance monitoring, auto-remediation, and identity-based micro-segmentation. On the other hand, AWS Security Hub is commended for its integration capabilities, real-time alerts, and compliance monitoring. Prisma Cloud could benefit from more personalized dashboard options, enhanced automation capabilities, and better integration with ticketing systems. On the other hand, AWS Security Hub might benefit from greater integration possibilities with open-source solutions and upgrades to its user interface and dashboards.
Pricing: Prisma Cloud is perceived as having a complex credit-based pricing system, leading to a general perception of being expensive. However, it provides good value for securing multi-cloud environments. In contrast, AWS Security Hub is considered to have reasonable pricing, but there is some uncertainty surrounding it for those outside of the central team.
Service and Support: Prisma Cloud's customer service has been a bit inconsistent, with some customers appreciating the technical assistance and account managers, while others have encountered slow response times and unhelpful solutions. On the other hand, AWS Security Hub's technical support has been commended by contented customers for being prompt and efficient.
ROI: Prisma Cloud by Palo Alto Networks offers benefits such as risk transparency, enhanced compliance and security, and quicker issue resolution, resulting in improved productivity and cost savings. Although the exact ROI is hard to quantify, it reduces risks and enhances resource utilization. On the other hand, AWS Security Hub has been well-received with a positive outcome.
Comparison Results: Prisma Cloud by Palo Alto Networks is the better option when compared to AWS Security Hub. Its features are more comprehensive and effective in protecting the entire cloud-native stack, including cloud compliance monitoring and alerting, network security, and micro-segmentation. While AWS Security Hub is praised for its integration capabilities, it falls short in terms of comprehensive features and auto-remediation capabilities.
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"The automation roles are essential because we ultimately want to do less work and automate more. The dashboards are easy to read and visually pleasing. You can understand things quickly, which makes it easy for our other teams. The network and infrastructure teams don't know as much about security as we do, so it helps to have a tool that's accessible and nice to look at."
"The solution is very user-friendly."
"Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk."
"Our most important features are those around entitlement, external exposure, vulnerabilities, and container security."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"The security baseline and vulnerability assessments is the valuable feature."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"I find all of the features to be highly valuable."
"The solution shows us our compliance score."
"Very good at detection and providing real-time alerts."
"The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture."
"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS. They have partners, such as Amazon Preferred Network Partners (APN). If you have different security tools around APN, we can integrate those findings with AWS Security Hub reducing the need to refer to different portals or different UIs. You can have AWS Security Hub act as a single common go-to dashboard."
"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."
"The platform has valuable features for security."
"The dynamic workload identity creation, attestation, and assignment is the best feature. In addition, the application dependency map across heterogeneous environments for compliance is a striking feature."
"We found it to be easy and flexible. We could easily configure it for our needs, and we could spread the Prisma Cloud platform to 16 countries without encountering any kind of problem."
"CSPM is the most valuable feature."
"As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having."
"It helps to identify the misconfigurations by monitoring regularly which helps to secure the organization's cloud environment."
"The CSPM and CWPP functionalities are pretty good."
"In addition to that, I can get a snapshot of what I deemed were the priority vulnerabilities, whether it was identity access management, key rotation, or secrets management. Whatever you deem to be a priority for mitigating threats for your environment, you can get that as a snapshot."
"The most valuable feature is the continuous cloud compliance monitoring and alerting."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"The solution's container security could be improved."
"Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes."
"We would like to see improvements to executive-level reporting and data reporting in general, which we understand is being rolled out to the platform."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"The remediation workflow within the Wiz could be improved."
"Given the level of visibility into all the cloud environments Wiz provides, it would be nice if they could integrate some kind of mechanism to better manage tenants on multiple platforms. For example, let's say that some servers don't have an application they need, such as an antivirus. Wiz could include an API or something to push those applications out to the servers. It would be great if you could remedy these issues directly from the Wiz platform."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."
"It is not flexible for multi-cloud environments."
"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"The solution lacks self-sufficiency."
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"The area for improvement is less about the product and more about the upsell. If we've already agreed that we'd like your product x, y, or z, don't try to add fries to my burger. I don't need it."
"It's not really on par with, or catering to, what other products are looking at in terms of SAST and DAST capabilities. For those, you'd probably go to the market and look at something like Veracode or WhiteHat."
"The solution does not currently support servers for GCP."
"While the code security feature has undergone recent enhancements, there is room for improvement in terms of its cost module."
"The regional cost of Prisma Cloud in South Africa is high and could be improved."
"The licensing is a bit confusing."
"I would like Prisma Cloud to improve its mapping feature to increase usability."
"They could improve more features for the enterprise version of the solution."
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
AWS Security Hub is ranked 13th in Cloud Security Posture Management (CSPM) with 17 reviews while Prisma Cloud by Palo Alto Networks is ranked 1st in Cloud Security Posture Management (CSPM) with 82 reviews. AWS Security Hub is rated 7.6, while Prisma Cloud by Palo Alto Networks is rated 8.4. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". AWS Security Hub is most compared with Microsoft Sentinel, Microsoft Defender for Cloud, Google Chronicle Suite, Oracle Security Monitoring and Analytics Cloud Service and Splunk Enterprise Security, whereas Prisma Cloud by Palo Alto Networks is most compared with Microsoft Defender for Cloud, Aqua Cloud Security Platform, CrowdStrike Falcon Cloud Security, AWS GuardDuty and Snyk. See our AWS Security Hub vs. Prisma Cloud by Palo Alto Networks report.
See our list of best Cloud Security Posture Management (CSPM) vendors.
We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
