We performed a comparison between AWS Security Hub and Elastic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"The main benefit is the ease of integration."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."
"The solution shows us our compliance score."
"Cloudposse is a valuable feature as it guarantees my security."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"Very good at detection and providing real-time alerts."
"I find all of the features to be highly valuable."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."
"ELK documentation is very good, so never needed to contact technical support."
"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
"We've found the initial setup to be quite straightforward."
"Enables monitoring of application performance and the ability to predict behaviors."
"The most valuable feature is the scalability. We are in Indonesia, more engineers understand Elastic Security here. So it is easier to scale and also develop. In features, the discovery to query all the logs is very important to us. It is very easy, especially with the query function and the feature to generate alerts and create tools. Sometimes we use the alert security dashboard to monitor our clients."
"The most valuable feature of Elastic Security is that you can install agents, and they are not separately licensed."
"The scalability is good. It can be scaled easily in the production environment."
"Elastic Security is a highly flexible platform that can be implemented anywhere."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"The only thing is sometimes you can have a false positive."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The solution lacks self-sufficiency."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."
"It is not flexible for multi-cloud environments."
"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."
"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"There is an area of improvement in the Logs list. The load list may need to be paginated as there are limits."
"We set up a cron job to delete old logs so that we wouldn't hit a disk space issue. Such a feature should be available in the UI, where old logs can be deleted automatically. (Don’t know if this feature is already there)."
"We'd like better premium support."
"The tool should improve its scalability."
"The interface could be more user friendly because it is sometimes hard to deal with."
"Improvements in Elastic Security could include refining and normalizing queries to make them more user-friendly, enhancing the user experience with better documentation, and addressing any latency issues."
"The Integration module could be improved. It is a pain to build integration with any product. We have to do parking and so on. It's not like other commercial solutions that use profile integration. I would also see more detection features on the SIEM side."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
AWS Security Hub is ranked 9th in Security Information and Event Management (SIEM) with 16 reviews while Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews. AWS Security Hub is rated 7.6, while Elastic Security is rated 7.6. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Splunk Enterprise Security and Google Chronicle Suite, whereas Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon. See our AWS Security Hub vs. Elastic Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.