We performed a comparison between AWS Security Hub and Logz.io based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The main benefit is the ease of integration."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The Log analytics are useful."
"The platform has valuable features for security."
"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"Finding out if your infrastructure is secure is a valuable feature."
"Cloudposse is a valuable feature as it guarantees my security."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS. They have partners, such as Amazon Preferred Network Partners (APN). If you have different security tools around APN, we can integrate those findings with AWS Security Hub reducing the need to refer to different portals or different UIs. You can have AWS Security Hub act as a single common go-to dashboard."
"The query mechanism for response codes and application health is valuable."
"The other nice thing about Logz.io is their team. When it comes to onboarding, their support is incredibly proactive. They bring the brand experience from a customer services perspective because their team is always there to help you refine filters and tweak dashboards. That is really a useful thing to have. Their engagement is really supportive."
"We use the tool to track the dev and production environment."
"The tool is simple to setup where it is just plug and play. The tool is reliable and we never had any performance issues."
"It is massively useful and great for testing. We can just go, find logs, and attach them easily. It has a very quick lookup. Whereas, before we would have to go, dig around, and find the server that the logs were connected to, then go to the server, download the log, and attach it. Now, we can just go straight to this solution, type in the log ID and server ID, and obtain the information that we want."
"We use the product for log collection and monitoring."
"InsightOne is the main reason why we use LogMeIn. This is mostly because of log data that we are pushing tools and logs in general."
"The visualizations in Kibana are the most valuable feature. It's much more convenient to have a visualization of logs. We can see status really clearly and very fast, with just a couple of clicks."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"It is not flexible for multi-cloud environments."
"The solution lacks self-sufficiency."
"The support must be quicker."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"The solution needs to expand its access control and make it accessible through API."
"I would like them to improve how they manage releases. Some of our integrations integrate specifically with set versions. Logz.io occasionally releases an update that might break that integration. On one occasion, we found out a little bit too late, then we had to roll it back."
"I would like granularity on alerting so we can get tentative alerts and major alerts, then break it down between the two."
"When it comes to reducing our troubleshooting time, it depends. When there are no bugs in Logz.io, it reduces troubleshooting by 5 to 10 percent. When there are bugs, it increases our troubleshooting time by 200 percent or more."
"The product needs improvement from a filtering perspective."
"Capacity planning could be a little bit of a struggle."
"The solution needs to improve its data retention. It should be greater than seven days. The product needs to improve its documentation as well."
"The price can be cheaper and they should have better monitoring."
AWS Security Hub is ranked 8th in Security Information and Event Management (SIEM) with 17 reviews while Logz.io is ranked 27th in Security Information and Event Management (SIEM) with 8 reviews. AWS Security Hub is rated 7.6, while Logz.io is rated 8.2. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Logz.io writes "The solution is a consistent logging platform that provides excellent query mechanisms". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Google Chronicle Suite and Oracle Security Monitoring and Analytics Cloud Service, whereas Logz.io is most compared with Datadog, Wazuh, Coralogix, Splunk Enterprise Security and Grafana Loki. See our AWS Security Hub vs. Logz.io report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
