No more typing reviews! Try our Samantha, our new voice AI agent.

AWS Security Hub vs LogRhythm SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AWS Security Hub
Average Rating
7.6
Reviews Sentiment
6.5
Number of Reviews
26
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (6th), Cloud Security Posture Management (CSPM) (11th)
LogRhythm SIEM
Average Rating
8.2
Reviews Sentiment
6.4
Number of Reviews
176
Ranking in other categories
Log Management (13th), Security Information and Event Management (SIEM) (11th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. AWS Security Hub is designed for Cloud Security Posture Management (CSPM) and holds a mindshare of 3.0%, down 4.4% compared to last year.
LogRhythm SIEM, on the other hand, focuses on Security Information and Event Management (SIEM), holds 2.5% mindshare, down 3.1% since last year.
Cloud Security Posture Management (CSPM) Mindshare Distribution
ProductMindshare (%)
AWS Security Hub3.0%
Wiz12.6%
Prisma Cloud by Palo Alto Networks8.6%
Other75.8%
Cloud Security Posture Management (CSPM)
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
LogRhythm SIEM2.5%
Splunk Enterprise Security7.0%
IBM Security QRadar5.2%
Other85.3%
Security Information and Event Management (SIEM)
 

Featured Reviews

Karthik Ekambaram - PeerSpot reviewer
Director at Scybers
Has helped identify misconfigurations and prioritize risks but lacks multi-cloud support and deeper integration features
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
SV
Cyber Security Engineer at Diyar United Company
Provides strong detection capabilities but requires improvements in parsing and stability
I cannot think of any specific features that LogRhythm SIEM can improve upon since it supports a wide variety of major vendors. However, they need to improve their parsing techniques; the tool should understand various devices and present data in a human-readable format. For example, if a personal Android mobile needs to be integrated, LogRhythm SIEM should be able to parse that data effectively. They also need to improve their database of supported devices to cover smaller vendors alongside the major players, allowing for better global reach and usability. I have noticed some problems with parsing errors, event mismatches, and data mismatching, so ensuring accurate parsing and continuous improvement according to device updates are my basic expectations as a detection engineer.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"Within AWS Security Hub, there is a feature for aggregating and prioritizing security findings which allows for better risk prioritization based on misconfiguration, as they know AWS thoroughly."
"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."
"One of the most effective features of AWS Security Hub is the easy access to a dashboard with a ready-to-use security score."
"The platform has valuable features for security."
"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS. They have partners, such as Amazon Preferred Network Partners (APN). If you have different security tools around APN, we can integrate those findings with AWS Security Hub reducing the need to refer to different portals or different UIs. You can have AWS Security Hub act as a single common go-to dashboard."
"Very good at detection and providing real-time alerts."
"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"This solution has been almost like a transformative change in how we detect and then respond to incidence."
"It has centralized monitoring for our security operations. Therefore, it improves our analysts' work."
"I have found the Advanced Intelligence Engine has provided the most value to us because we can customize alarms based on our requirements and have created hundreds of alarms that notify different people for different scenarios."
"The most valuable feature to me is certainly the CloudAI, which I have been a beta tester of, and also the SIEM capabilities and automation."
"It has been the easiest SIEM platform that I have worked with or seen in production."
"Overall, my rating for LogRhythm SIEM is nine out of ten."
"Provides visibility into the network."
"The dashboards in the LogRhythm SIEM really help us as a starting point. It gives us a starting point we can go to every day. We walk through several dashboards to see anomalous activity for further investigation."
 

Cons

"It is not flexible for multi-cloud environments."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"Right now, there are some difficulties we're facing with AWS Security Hub, and we need our central team to mitigate the issues."
"The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update."
"The solution should be easier to learn and use"
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"Security Hub is currently not worth investing in, as it requires more configurations and integration with other services to work effectively."
"The solution is not wholly self-sufficient."
"We do about 750 million a day and some days we do 715 million. Some days we do 820 million or 1.2 billion. But there's no way to drill in and find out: "Where did I get 400,000 extra logs today?" What was going on in my environment that I was able to absorb that peak? I have no way to identify it without running reports, which will produce a long-running PDF that I have to somehow compare to another long-running PDF... I would like to see like profiling behavior awareness around systems like they've been gunned to do around users with UEBA."
"NextGen SIEM has separate rules for AI, advanced intelligence, and MP rules - it would be better to have a centralized way to write the rules and create alarms."
"I think a must-have feature would be better reporting. The reports do not provide information such as, who are your top ten end users generating the most activity within the environment, or appliances, per se, so that's very limited."
"NextGen SIEM's integration with other software is good but could be improved."
"A lot of times they'll say something is coming out in a certain release and then we get to that release and they say, "No, we're pushing it back to a coming release.""
"Lots of concern these days regarding vulnerability, and being able to interface with other types of applications when creating event logs."
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
"One of the things I find that would be helpful is the GLPR information, to be able to understand what is actually being processed."
 

Pricing and Cost Advice

"The price of the solution is not very competitive but it is reasonable."
"The price of AWS Security Hub is average compared to other solutions."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"Security Hub is not an expensive solution."
"AWS Security Hub's pricing is pretty reasonable."
"There are multiple subscription models, like yearly, monthly, and packaged."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"The pricing is fine. It is not an expensive tool."
"The license cost is around $10 per MPS."
"I would recommend talking to the rep. That's the biggest thing because they will know what questions to ask."
"In the context of our country, the price of this solution is too high."
"We did a five-year agreement. We pay close to a quarter of a million dollars for our solution."
"On a scale of one to ten, I'd rate the pricing of this solution as a seven - not too expensive but not cheap either. Regarding licensing costs, it varies depending on factors like being a partner or an end user, but there are no additional costs aside from standard licensing fees for the basic SIEM solution."
"The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee."
"On a scale of one to ten, where one is low, and ten is high, I rate the pricing between six and seven."
"I would rate the pricing 4 out of 5. There are no additional costs to the standard licensing fees."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
890,088 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Director of Operations at a comms service provider with 10,001+ employees
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Manufacturing Company
10%
Computer Software Company
9%
Comms Service Provider
7%
Financial Services Firm
10%
Construction Company
9%
Computer Software Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business10
Midsize Enterprise5
Large Enterprise12
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise39
Large Enterprise83
 

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What needs improvement with AWS Security Hub?
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfig...
What is your primary use case for AWS Security Hub?
The major use case for identifying misconfigurations within the AWS environment focuses on determining whether the administrators have configured everything correctly, giving a better picture of AW...
What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
LogRhythm SIEM could learn from Wazuh, as Wazuh has a built-in mechanism that allows you to write custom scripting and scripts through languages that Wazuh can then trigger, which is somewhat bette...
What is your experience regarding pricing and costs for LogRhythm SIEM?
I find LogRhythm SIEM affordable, as it is a bit less costly than QRadar, although I have not been involved in negotiation charges; however, from the manager's approval, I see it as affordable.
 

Also Known As

SQRRL
LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
 

Overview

 

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Find out what your peers are saying about AWS Security Hub vs. LogRhythm SIEM and other solutions. Updated: October 2024.
890,088 professionals have used our research since 2012.