AWS Security Hub Reviews

The major use case for identifying misconfigurations within the AWS environment focuses on determining whether the administrators have configured everything correctly, giving a better picture of AWS misconfigurations across all the resources.

Within AWS Security Hub, there is a feature for aggregating and prioritizing security findings which allows for better risk prioritization based on misconfiguration, as they know AWS thoroughly. The attack path analysis is unfortunately not available in AWS Security Hub, which is a negative point; having attack path analysis would give more visibility to identify how an attack can come into the AWS environment, but risk prioritization based on specific misconfiguration is available and can be utilized.

I utilize the aggregating and prioritization features across GuardDuty, EKS, EC2, S3, and all, but that feature currently works only for AWS, specifically for S3 and EC2, although it can be expanded to other resources.

AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter.

Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment.

The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS.

Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well.

The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.

The solution's stability is strong; there is no issue with stability whatsoever.

For technical support related to AWS Security Hub, I would rate it an eight out of ten.

Positive

Regarding installation, there are no installation issues with AWS Security Hub; it's just a matter of clicking on check marks to integrate it with AWS itself. Other products are easy as well; for example, we integrate them with AWS, such as CyScale, SecPod, Wiz, and Prisma Cloud, which I find to be a very good CSPM tool.

In comparison with other vendors, we also use a tool called CyScale, which is a CSPM tool, and we are partnered with them, utilizing it for most customers, along with SecPod.

From a technical perspective, I see much difference between AWS Security Hub and other products such as CyScale and SecPod, as both support multi-cloud environment integration, and they offer attack path analysis and prioritization, providing more features than AWS can give.

The multi-account management feature in AWS Security Hub is good, as it allows you to handle multi-account within AWS organizations, and I think that's beneficial for any AWS resources as well. I would rate it as an eight or nine.

AWS Security Hub can be expensive at times.

Overall, I rate my experience with AWS Security Hub as a seven out of ten.

AWS Security Hub is something I have used daily as it is a part of my job for cloud security purposes. If you are dealing with sensitive data and have compliance regulations for your organization or if you have many security vulnerabilities, then it is better to use AWS Security Hub. It will give you a consolidated dashboard of your AWS configurations and help you provide your compliance requirements, ensuring your infrastructure is compliant with regulations like PCI DSS or whatever compliance you are looking for.

It is a very handy tool for cloud architects, cloud security professionals, and security teams. Nowadays, most organizations enable this service as it is a need from a business and investment perspective. It provides a lot of detailed information about how compliant your application and infrastructure are.

If someone asks your team how vulnerable or compliant you are with your infrastructure, you can show findings from AWS Security Hub that demonstrate a ninety-plus percentage compliance rate. In that regard, it is a trusted service and most people in organizations rely on it, although some smaller organizations might use multiple tools.

AWS Security Hub is something which I basically use to see how much your infrastructure is compliant. It is basically what we call a CSPM, which is a cloud security posture management tool.

You can automate the best practices and continue with security best practices; it will give you your misconfigurations and aggregate all your tickets in one place.

The best thing about AWS Security Hub is that it is a single point of place where you can get all your misconfigurations without having to go to each service and check.

For example, if your business deals with any compliance like PCI DSS or FSBP and ISD, you can check how much your infrastructure is compliant with these standards. Each standard has several security controls, and AWS Security Hub checks these security controls and tells us what percentage your application and infrastructure is compliant with these standards. It also has integration with GuardDuty, Inspector, and other AWS services. In that aspect, it provides a lot of findings. It also supports some third-party product sources. I believe it will reduce your effort to correct those findings and can automate the security tests, consolidate the view of findings across accounts and providers.

You can also apply remediation for these findings and automate that; for example, if somebody opens the security group, you can use tools such as Amazon Inspector to close this port when this finding comes. So I would say it is a good tool for cloud security, cloud security posture management, compliance management, and all these things. If you are dealing with sensitive data, it is very critical.

A lot of people are using AWS Security Hub today in our company, maybe in every account we have. It is a must for cloud security. I believe bigger organizations use that, so it is a need for our security strategy.

I do not see any areas for improvement in AWS Security Hub itself, but the cost factor is something that is the main concern.

I have been using AWS Security Hub for around four years.

I am happy with the support when it comes to AWS Security Hub.

AWS Security Hub does not need to be installed as it is automatically done by a review.

It is quite easy for someone new to learn how to use AWS Security Hub for the first time. Whoever has basic knowledge of AWS can understand it and they can get a lot of information out of it. I would rate this review a 10 out of 10.

In my work with AWS Security Hub, the usual use cases involve understanding the critical alerts and high alerts. I have utilized AWS Security Hub's feature for aggregating and prioritizing security findings across various AWS services in my environment.

AWS Security Hub has valuable features such as the config setup, which gives in-depth account access. It provides information on security findings, and we have GuardDuty also set up, so GuardDuty finds incidents too.

Most of the time, the cloud posture is secure because of AWS Security Hub. The integration of AWS Security Hub has not helped much in maintaining my organization's security posture. The emails we are sending are not getting any response or not having too much benefit for us.

The multi-account management feature of AWS Security Hub is important for me; it gives all the security violations in an account. Although the security violations might matter or might not matter, that is another story. It gives all the violations, some of them are important while some don't cause any problems.

AWS Security Hub's unified dashboard does help streamline my process of identifying vulnerabilities, but we don't use Inspector. It gives us a security posture of all the accounts, but it is not just the vulnerabilities or the dashboard; it is also about people doing the work to remediate the vulnerabilities, making it more secure. The dashboard is just a dashboard, but you have to understand it is a continuous piece of work.

I assess the value of AWS Security Hub's automated and continuously updated compliance checks in ensuring security standards as pretty good.

The solution needs to be interfaced with some other tool so that we have continuous assessments for the application teams regarding their accounts and the security issues. Since we do not have auto remediation, it is for the account owners to remediate the security errors. It has to work in conjunction with other tools to send the emails and handle the tracking part.

I would expand integration options and pay special attention to auto remediation, but auto remediation is not an option that we are looking at because if something goes wrong, then the application goes off. We don't want to be doing that, so we want the account owners to handle it.

In terms of areas for improvement, if comparing AWS Security Hub with other CSPM tools, it lacks a vulnerability story. Other tools can check traffic incoming and identify vulnerabilities effectively, explaining which issues are critical or not.

Regarding the tracker, AWS Security Hub just gives the output of vulnerabilities but does not provide the overall security posture or see the whole path. I would have more details regarding the threat vector as it emerges, identifying where issues arise. AWS Security Hub just gives you the violations but is not comprehensive in its nature.

AWS Security Hub is stable. If you want new features, you just have to pay for them. We have some features enabled, but some we did not enable because it is a pay-as-you-go feature. We also have our custom solutions in the organization, so integration with those is difficult.

I find customer service and technical support for AWS Security Hub to be pretty good. We open a ticket, and AWS responds promptly.

Regarding the technical support, I would rate it an eight or nine; they give support, which is not an issue. We have enterprise support, and that is good.

Positive

I would have to check for examples or specific metrics that demonstrate improvement in my compliance status.

In my organization, we are using ServiceNow now for integration capabilities with third-party security tools.

This integration is an ongoing job, enhancing our incident response workflow. It's not complete. Sometimes what happens is we have the accounts created sometime back without the right account owner information, so all that has to be redone for the flow to go properly.

On a scale of one to ten, I rate AWS Security Hub a seven out of ten.

I use AWS Security Hub. It is fine to discuss my experience with AWS Security Hub. It's a native solution that we currently use by default, though we had tried other tools.

We only enable CSPM and pull the logs to our A-SOC tool, and from A-SOC we are trying to view the exposure.

We tried Prisma Cloud, Qualys, and Skyhigh, which is another product we are looking at for CNAPP production. We use other tools to do cloud network security production and application production.

AWS Security Hub helps with automated and continuous updated compliance checks, but with continuous monitoring, it becomes costly.

The solution is not very affordable and is really a pricey product.

Currently, that's the only solution available now. We are using it because we are supposed to use it. It's not finding great vulnerabilities first, there are some configuration and other issues that it is bringing out. We want to explore more.

We are getting definite benefits because many of the app teams which we have worked with generally set it up the first time and after that don't look at it from the configuration point of view. AWS Security Hub brings many features into one table that is quite useful, and the app team finds it easier to see what is missing.

It is able to find vulnerabilities, but we are seeing another tool has greater strength in getting the entire assets count from each AWS account and master account, allowing us to look at all vulnerability issues. Other tools have multi-cloud connectivity, enabling connection to multiple clouds.

We are getting feedback from the team that it's costly for 24/7 watching. We want to enable it only on demand. The cost is higher.

We are not using a unified dashboard, we are only pulling the report.

Feature-wise, we are not able to do multi-cloud. We are doing individual cloud monitoring, and we see other tools are better than AWS Security Hub.

We have only few tools integrated at the moment, but there are many integration options, though some are license-based.

It's actually a one-click solution that we can easily enable. However, the app team should take care on a regular basis as it might generate too many issues once enabled. Someone has to work on these issues for actual ROI. It runs on a regular basis, and in the next cycle, it shows what is fixed and what is not fixed.

We are just using AWS Security Hub now. Since this is native to AWS, we are only using it for native AWS accounts. We are not able to use it for other clouds Azure.

Initially during the setup of CSPM, we had a couple of calls to understand the system because some teams wanted to know how exactly it works. They arranged a training session in the beginning with three sessions.

It's actually very stable. We haven't faced any latency.

Currently, we are managing multiple BUs and BUs have multiple accounts subscription with AWS. We are implementing one by one, but it would be beneficial if we could do multi-account implementation.

Some of the repositories are private mostly. We don't see much hybrid deployment. Most deployments are private, and some are for external deployment applications. It depends on the application team in general.

Positive

So far we have seen it's easier to use and scale. We have very limited exposure at the moment. It was not challenging from a developer's point of view, according to feedback from the application team.

During the initial setup of CSPM, we had several calls to understand the system because some teams wanted to know how exactly it works. They arranged a training session in the beginning with three sessions.

The implementation included several calls to understand the system, and they arranged training sessions in the beginning with three sessions.

We experienced several attacks on our infrastructure for this webpage, and AWS Security Hub has excellent features that enable all the infrastructure autoscaling to contain attacks. The complete solution allows all the infrastructure to work independently, defending the webpage.

When we tried to contain the problem, the infrastructure managed almost everything automatically. The autoscaling was highly effective as the servers increased to defend against DDoS attacks and related threats. In the end, it became a matter of cost rather than infrastructure limitations. Our system remained online throughout, which was incredible.

I am familiar with AWS Security Hub. The integration of AWS Security Hub with other AWS security products, such as WAF and firewall, is excellent. Though I cannot recall all services, the integration with our application and between services is exceptional.

AWS Security Hub can integrate with third-party tools as needed. We have other applications for interoperability with different entities and companies around Colombia. The integration between Amazon and everything else functions seamlessly.

Regarding the multi-account management feature with AWS Security Hub, the responsibility is shared between multiple companies and teams, and this aspect functions effectively.

Regarding how Amazon can improve AWS Security Hub, they have numerous services that are discriminated individually and grouped into packages. However, the sheer number of services can be overwhelming when implementing something new. When faced with a new requirement, consultation with experts or consultants becomes necessary because finding the specific solution for a task or requirement isn't straightforward. This aspect could be improved.

Regarding customer service and technical support with AWS or Amazon in general, we typically work through partner companies. These companies provide resources and consultants who are experts in specific areas. We primarily communicate with these partner companies rather than directly with AWS to resolve issues.

The experience with our local Colombian partner and their support has been excellent.

Positive

AWS Security Hub saves significant time and resources. While every service has associated costs, each implemented service saves considerable time and administration effort. I estimate AWS Security Hub saves approximately 30% of time through automated tasks and simplified management.

The multi-account management feature was crucial for our operations as we needed to control and monitor all activities. It was essential to track which company and individual made specific configurations, accessed logs, or monitored systems. This capability was vital for project management and infrastructure administration.

On a scale of 1-10, I would rate this solution an 8.

I use Security Hub primarily for security purposes. It is meant to secure the infrastructure, check compliance, and ensure there are no security gaps. By enabling Security Hub, the system provides a security score and areas for improvement.

Security Hub provides insightful information about what is running and where there might be weaknesses. It offers best practice recommendations and supports various compliance standards such as ISO and PCI DSS. Enabling these compliance checks helps identify non-compliant services and suggests steps to achieve compliance. The main advantage is providing information and compliance insights rather than prevention.

There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just suggesting them.

I have been working with Security Hub for almost five years.

I rate Security Hub ten out of ten for stability. It automatically adds new features and services, thus embodying stability.

I rate the scalability of Security Hub as ten out of ten. 

It continuously updates and integrates new services, ensuring scalability.

I have never communicated with technical support for Security Hub, as it is easy to enable and use.

Positive

The initial setup of Security Hub is extremely easy and can be completed by enabling it with just one click.

I consider the pricing for Security Hub ten out of two because it is really affordable. The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar.

I rate Security Hub ten out of ten. 

It is a very useful tool that should be enabled across all accounts. Even those unfamiliar with it can easily read the straightforward documentation and implement it.

We utilize most of the services from AWS, including our compute storage, as well as mapping and the messaging queue. We use somewhere around 70 to 80 services that AWS offers.

The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings. We made improvements to the Security Hub scoring, which has helped enhance the security posture of our accounts. 

An additional advantage is that the native AWS scoring is trusted by most auditors to determine the organization's security posture.

Security Hub is currently not worth investing in, as it requires more configurations and integration with other services to work effectively. There is room for improvement in threat detection, and it should provide more streamlined integration with other tools. It might be helpful to integrate features like GuardDuty and Detective Inspector within Security Hub or detect real-time threats.

We have been using the solution for probably about five years.

Tech support is not very specific to Security Hub, however, overall, AWS tech support is good. However, Security Hub lacks comprehensive features that are specifically tailored to its services.

The choice depends on cost and what I am ready to accept. For mandatory compliance and a security dashboard, I recommend Security Hub. However, with a higher budget, CSPM could be considered, as it offers easier threat investigation in a single tool. CSPM provides findings on a single dashboard, unlike Security Hub, which requires navigating through multiple services.

I would rate the product a five out of ten. Existing features could be streamlined.

Security Hub is used to analyze the configuration of our infrastructure. After analyzing, it provides security findings based on best practices and other industry standards. It is used to combine with GuardDuty to notify us of any security issues flagged in our infrastructure configuration. It is convenient for use in a multi-account security management setup by managing security findings and aggregating them from a single management account.

Measurable benefits include a streamlined process without needing to manage multiple solutions. AWS Security Hub provides seamless integration, eliminating the need to configure additional infrastructure. It is proactive in monitoring and provides early notifications for security issues, allowing us to automate responses based on identified findings.

The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate. AWS provides out-of-the-box best practices and industry standards, offering solutions categorized by criticality for threats detected. Its integration and simplicity make management easy, with no endpoints or additional configurations necessary.

I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier.

I have been working with Security Hub for more than a year.

I have experienced no challenges with stability. The setup is simple, and integrations with other AWS services are seamless.

Security Hub, as an independent service, does not face scaling challenges. It operates independently and scans infrastructure regularly without scalability issues.

AWS ProLogitech Support is very helpful and timely, especially at the enterprise level. They respond promptly based on issue severity, allowing direct assistance if necessary.

Positive

Before Security Hub, we used Microsoft Defender. We switched since our infrastructure is on AWS, making it more sensible to manage security findings within the same cloud platform

The initial setup was simple. With only a few clicks, it provides significant control. It can also be automated with Infrastructure-as-Code like Terraform, making the configuration quick and easy.

I recommend enabling Security Hub along with GuardDuty. Furthermore, automating responses and remediations can take it a step further by addressing infrastructure issues without manual intervention. 

Overall, I would rate Security Hub a solid eight out of ten.

We use AWS Security Hub to monitor resources and check compliance scores regarding configuring our solutions on the platform. Security Hub helps us establish a compliance baseline to evaluate if our resources meet AWS standards. It can also integrate with other AWS services, such as AWS Config and AWS Detective, to set up rules and scan our infrastructure to determine if we comply.

AWS Security Hub can check your infrastructure against multiple compliance frameworks. You can turn on or off specific frameworks based on your needs. For example, if you're working in a PCI environment, you can activate the PCI framework, and Security Hub will evaluate your configuration and provide a score based on that framework. You can assess compliance with various standards, such as PCI, AWS CIS, and other frameworks. 

Many findings are too generic or irrelevant to the environment, which can lead to false positives. It can be challenging to suppress or turn off these findings. Turning specific findings on or off would be useful so they don’t negatively impact your compliance score. This way, the dashboard would better reflect the actual state of your compliance, reducing confusion when presenting or reporting to management and stakeholders. If there were an option to filter out irrelevant findings, it would help streamline the results and provide a more accurate picture of your compliance status.

I have been using AWS Security Hub for three years.

AWS is generally stable. It periodically runs scans and updates the results on the dashboard. While it’s not in real-time, you can rely on it to provide an accurate view of your environment's state within a six-hour window.

When it comes to the cloud solution kit, scalability is one of the features. Scalability in cloud solutions means you can adjust the system based on your needs. If you want to cover more infrastructure, you can configure it to handle that. It depends on your specific use case and objectives. The system can handle more or less workload depending on how you set it up and what you aim to achieve.

Ten people use this solution. The security teams use Security Hub daily; it’s one of our go-to tools for AWS. DevOps teams and other members use it less frequently—usually once or twice a week or as needed, depending on specific requirements or issues.

I rate the solution’s scalability a seven out of ten.

You can always reach out to support and they will assist you.

The initial setup of Security Hub is not straightforward for a new user. It requires some configuration with AWS Config to check compliance, and it’s not entirely out of the box. To get it up and running effectively, you’d need at least a medium level of AWS experience and familiarity with AWS tools and infrastructure. This knowledge is essential to configuring Security Hub to meet your needs. For experienced users like myself, working with AWS Security Hub is more manageable and straightforward.

Deployment took a few days to complete. It requires fine-tuning to get everything set up correctly. The data was not deleted during this process; it was still accessible while I was working on it. While Security Hub isn't perfect out of the box, it does take a couple of days of adjustment to ensure everything is in the right place.

Pricing is fair.

Integrating AWS Security Hub with other AWS tools enhances its functionality for event detection. For instance, GuardDuty detects potential threats and reports them to the Security Hub, while the Inspector performs vulnerability scans and sends the results to the Security Hub. AWS Config monitors compliance based on preconfigured rules, and Detective examines workloads to ensure configurations align with benchmarks. Security Hub is a centralized dashboard that aggregates data from these various security tools. It pulls in information from each tool, measures your environment against different frameworks, and provides an overview of your current security posture. Security Hub doesn't perform the detection or scanning. It consolidates and presents the findings from these other tools.

I recommend Security Hub and explain the pros and cons if they need it. If it fits their use case, it’s a good option. Security Hub is cloud-native and integrates well with AWS, providing comprehensive insights into your AWS environment. It offers integration and information that might be hard to match with other tools.

Overall, I rate the solution a seven out of ten.

We use it to get a comprehensive view of all the processes within the company. It provides us with centralized security insight, available on a dashboard for all of the users while running continuous and automated compliance checks.

I find all of the features to be highly valuable. 

Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub. 

I have used the solution for ten years. 

The stability is relatively good but can be improved.

It shows a good level of scalability. 

The initial setup was easy and done promptly. The whole process was completed within one year.

The deployment of the solution was done seamlessly. There are few options on how to do it. You may follow the commands and steps, or do it directly by the console.

I am satisfied with the licensing structure as it is within reasonable cost limits. The use of different solutions outside the cloud would be more expensive.

It is a good choice for anyone who already uses AWS services, as it integrates seamlessly with them, enabling users to centralize security findings from multiple sources. Its functionality heavily relies on other AWS products. I would rate it eight out of ten.