No more typing reviews! Try our Samantha, our new voice AI agent.

AWS Security Hub vs IBM Resilient comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.8
Reviews Sentiment
6.5
Number of Reviews
14
Ranking in other categories
AI-SOC (1st), AI-Powered Security Automation (1st)
AWS Security Hub
Ranking in Security Orchestration Automation and Response (SOAR)
7th
Average Rating
7.6
Reviews Sentiment
6.5
Number of Reviews
27
Ranking in other categories
Cloud Security Posture Management (CSPM) (11th)
IBM Resilient
Ranking in Security Orchestration Automation and Response (SOAR)
18th
Average Rating
7.4
Reviews Sentiment
6.6
Number of Reviews
18
Ranking in other categories
Security Incident Response (7th)
 

Mindshare comparison

As of July 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.8%, down from 5.7% compared to the previous year. The mindshare of AWS Security Hub is 5.8%, down from 8.9% compared to the previous year. The mindshare of IBM Resilient is 2.3%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Torq3.8%
AWS Security Hub5.8%
IBM Resilient2.3%
Other88.1%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

AD
Solutions Architect at ProArch
Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency
Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.
Karthik Ekambaram - PeerSpot reviewer
Director at Scybers
Has helped identify misconfigurations and prioritize risks but lacks multi-cloud support and deeper integration features
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
ZaidHaddad - PeerSpot reviewer
Technical Seller at Alawtad group
Suitable for different industries and ensures effective incident response
IBM Resilient is great in many aspects like its wide range of integrations and customizable playbooks. However, one thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading. Despite this, it stands out for incident response, case management, task organization, and team collaboration, making it a strong choice for organizations compared to competitors like Demisto Palo Alto. When it comes to additional features, I think IBM Resilient is on the right track with its AI capabilities, like linking related incidents and providing recommended actions. It would be nice to see more enhancements in this area, but overall, it looks good.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"What I liked the most about Torq is the actual workflow builder, which is really great because they offer a lot of features and convenience features that are useful for any automation engineer."
"Any request that comes in, regardless of how complex it is, I can accomplish it with Torq."
"What I appreciate most about Torq is that it is an essential part of our system."
"According to positive outcomes, Torq reduced manual work and made incident response more efficient."
"Since we started working with Torq, I am handling much fewer alerts, it is becoming really easy for me to handle an alert, I have all the information that I need, I do not need to connect to different vendors to receive this information, and the main thing I got from Torq is time, which now helps me to build another automated system and learn."
"If I review about 100 vendors that I might work with, Torq is definitely in the top five that gave me personally investment back, just because every bit of effort I put into Torq eventually became a workflow that gave it back to me."
"Under one SOC tool in Torq, analysts get to know everything within the context of an alert or incident they are working on, and this ability to view the whole picture within Torq is one of the major breakthroughs and best offerings of Torq."
"Torq has exceeded expectations by delivering workflows in a timely and lower effort manner than XSOAR, and it meets all my needs while saving a ton of time and targeting $600,000 saved this year, which is a substantial amount of money."
"This solution is for security posture management for the cloud, showing the security posture of your cloud infrastructure and giving you good insight into whether your infrastructure is secure or not."
"The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture."
"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"Cloudposse is a valuable feature as it guarantees my security."
"Within AWS Security Hub, there is a feature for aggregating and prioritizing security findings which allows for better risk prioritization based on misconfiguration, as they know AWS thoroughly."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"The solution is simple to use and to integrate with IBM QRadar."
"Stability-wise, I rate the solution a ten out of ten...Scalability-wise, I rate the solution a ten out of ten."
"It's really simple and has a flexible interface."
"As a whole, the product is stable...Technical support is very good."
"The solution is reliable in our usage."
"What I like most about IBM Resilient is that it has a complete stack, which means you don't need to use different OEM products because you have all you need under the IBM Resilient umbrella. You don't need to worry much about integrations and components because you're working with tested and proven architecture."
"The integration with IBM SIM and the ability to block users during brute force attacks are particularly effective."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
 

Cons

"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"The workflow and execution-based charges seem misleading as this was not discussed initially, and creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers."
"Torq does extensive marketing saying that SOAR is dead and markets itself as an all-in-one solution, but this is not actually true."
"I wish Torq's AI assistant for building templated workflows from scratch worked better; when you start with a blank slate, asking AI to help you build or template the workflow out does not go well."
"Torq can probably use more ML and look at what can be closed and what cannot be closed in terms of data classification."
"Even now, we have workflows that are in production that use AI steps and I get different results, making it unusable to some degree."
"The initial deployment of Torq was not easy."
"Additionally, the documentation for Torq is not very clear. Most of the information is presented in videos, which are not ideal for reading; there are mostly paragraphs and other text-based content."
"The solution should be easier to learn and use"
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"The integration of AWS Security Hub has not helped much in maintaining my organization's security posture."
"The solution is not wholly self-sufficient."
"The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update."
"There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just suggesting them."
"Feature-wise, we are not able to do multi-cloud. We are doing individual cloud monitoring, and we see other tools are better than AWS Security Hub."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"Right now, sometimes it can take up to two to three months to resolve an issue, which is far too long."
"Its price and technical support need improvement."
"The product needs a bit more development."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"IBM Resilient could integrate better with my tools."
"The solution is limited, but it needs lots of development, especially when we talk about making actions with other security solutions."
"What could make IBM Resilient better is if IBM increased the number of built-in integrations with different products from other vendors or third-party products."
 

Pricing and Cost Advice

Information not available
"The pricing is fine. It is not an expensive tool."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The price of the solution is not very competitive but it is reasonable."
"AWS Security Hub's pricing is pretty reasonable."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"Security Hub is not an expensive solution."
"The price of AWS Security Hub is average compared to other solutions."
"I would rate the tool’s pricing a three out of ten. The tool’s pricing is on a yearly basis."
"There is a license you need to pay for in order to use this product."
"It is very expensive."
"I feel it is an expensive product when my company pays annually for renewal, support, and follow-up."
"The cost of the product is quite high."
"The licensing cost for IBM Resilient is not too expensive, but it's not affordable, so it's moderately expensive. Regarding price, I'm rating the solution seven out of ten. The company pays for the license yearly, based on the number of users. Apart from the cost of the license you need to pay for each user, you also need to spend an initial investment for the base platform. You also have to pay for IBM Resilient support."
"There are no costs except for the support services that our company pays in addition to the licensing charges attached to the solution."
"We could create unlimited users using the license we had purchased."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Director of Operations at a comms service provider with 10,001+ employees
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Manufacturing Company
10%
Computer Software Company
9%
Comms Service Provider
7%
Financial Services Firm
28%
Construction Company
9%
Computer Software Company
7%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise2
Large Enterprise7
 

Questions from the Community

What needs improvement with Torq?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...
What is your primary use case for Torq?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...
What advice do you have for others considering Torq?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
What needs improvement with AWS Security Hub?
I do not see any areas for improvement in AWS Security Hub itself, but the cost factor is something that is the main ...
What is your primary use case for AWS Security Hub?
AWS Security Hub is something I have used daily as it is a part of my job for cloud security purposes. If you are dea...
What is your experience regarding pricing and costs for IBM Resilient?
I am not the one in charge of pricing, so I am not sure about the costs.
What needs improvement with IBM Resilient?
Integration with some devices, including Cisco PowerPower and certain antivirus products, has limitations.
 

Also Known As

No data available
SQRRL
No data available
 

Overview

 

Sample Customers

Information Not Available
Edmunds, Frame.io, GoDaddy, Realtor.com
Golden Living, Health Equity, USA Funds
Find out what your peers are saying about AWS Security Hub vs. IBM Resilient and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.