Try our new research platform with insights from 80,000+ expert users

AWS Security Hub vs LogRhythm SIEM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AWS Security Hub
Average Rating
7.6
Reviews Sentiment
6.5
Number of Reviews
25
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (5th), Cloud Security Posture Management (CSPM) (14th)
LogRhythm SIEM
Average Rating
8.4
Reviews Sentiment
6.4
Number of Reviews
175
Ranking in other categories
Log Management (14th), Security Information and Event Management (SIEM) (8th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. AWS Security Hub is designed for Cloud Security Posture Management (CSPM) and holds a mindshare of 4.1%, down 5.1% compared to last year.
LogRhythm SIEM, on the other hand, focuses on Security Information and Event Management (SIEM), holds 3.1% mindshare, down 3.6% since last year.
Cloud Security Posture Management (CSPM) Market Share Distribution
ProductMarket Share (%)
AWS Security Hub4.1%
Wiz21.5%
Prisma Cloud by Palo Alto Networks11.5%
Other62.9%
Cloud Security Posture Management (CSPM)
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
LogRhythm SIEM3.1%
Wazuh10.9%
Splunk Enterprise Security9.3%
Other76.7%
Security Information and Event Management (SIEM)
 

Featured Reviews

MuhammadAzhar Khan - PeerSpot reviewer
Offers best practice recommendations and supports various compliance standards
Security Hub provides insightful information about what is running and where there might be weaknesses. It offers best practice recommendations and supports various compliance standards such as ISO and PCI DSS. Enabling these compliance checks helps identify non-compliant services and suggests steps to achieve compliance. The main advantage is providing information and compliance insights rather than prevention.
SumitKumar20 - PeerSpot reviewer
Tool consistently aids in effective threat detection and monitoring but could benefit from improved log source management and resource optimization
One major area for improvement in LogRhythm SIEM is the lack of volume measurement capability in terms of storage. There is currently no way to determine how much data is being consumed in terms of gigabytes, terabytes, or petabytes from particular devices or environments. This information is crucial for planning future storage needs and scalability. The system monitor (collector) agent has issues with resource consumption. Even when not actively collecting data, the agent continues to consume significant CPU and memory resources, which can be particularly problematic for small business environments with limited resources. LogRhythm SIEM could improve by adding more default device support. While they have good default settings for devices such as Palo Alto firewalls, custom log sources often require extensive work. Increasing the number of supported devices with built-in policies and functionality would reduce the need for custom work. Competitive SIEM tools often provide more comprehensive coverage for various devices and vendors.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"AWS Security Hub's unified dashboard does help streamline my process of identifying vulnerabilities, but we don't use Inspector."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"Easily integrates with third-party tools"
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"Finding out if your infrastructure is secure is a valuable feature."
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"The user interface is pretty good compared to other SIEM tools."
"The feature that makes it usable is the web interface."
"I see LogRhythm SIEM as value for money; I would rate it eight out of ten."
"Technical support is very helpful and responsive."
"The Web Console is my favorite. It enables me, at a glance, to see the health of the environments."
"We integrated Azure logs with it and that makes it simpler. Rather than having to log into the portal, we can just check everything in one place. We can compare those to our Windows and host logs to see if any problems correlate between them."
"The most valuable feature is that we can alternate incident automations."
"The major feature of this solution is its easy configuration which helps different team members to work on it effectively. This kind of feature is not available in other solutions because of a request for specialised schemes for configuration report extraction and searching. Another feature that I really admire is the significant improvement in the compliance in the auditing process by the solution. Our organisation-specific complaints require where the mailbox data needs to be forwarded, stored and searchable for a certain time period. This solution categorises data based on different types, which include cold, warm and hot data. These features allow faster and easier extraction of any data even if the event was occurring several years ago. I also like other features, especially user behaviour analysis and automation. If suddenly someone accesses your side or an unusual traffic is recorded from a user the solution flags it very effectively."
 

Cons

"There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just suggesting them."
"Shortening the response time for support tickets, particularly in production issues, could make the service more efficient."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier."
"The solution should be easier to learn and use"
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."
"One area for improvement in LogRhythm NextGen SIEM is that it's a Windows-based tool, and I feel it should be on the Linux operating system instead. Another area for improvement in the tool is the UI. There should be minor changes in the UI to make it better, though I like the dashboards in LogRhythm NextGen SIEM."
"The software needs to work on its pricing."
"When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away."
"I have probably submitted half a dozen log parser requests, and I keep finding more stuff that we need to keep an eye on that doesn't have a definition in LogRhythm."
"We have gone through a few versions which has caused a lot of instability. We have logged a lot of hours with professional services."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"Technical support could use a little work in the terms of responding back. The feedback that we received is they do need a little more staff."
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
 

Pricing and Cost Advice

"The pricing is fine. It is not an expensive tool."
"AWS Security Hub's pricing is pretty reasonable."
"The price of AWS Security Hub is average compared to other solutions."
"The price of the solution is not very competitive but it is reasonable."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"There are multiple subscription models, like yearly, monthly, and packaged."
"Security Hub is not an expensive solution."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"It is a very cost-effective solution."
"I give the price a six out of ten."
"It costs a great amount, but its pricing is competitive with some of the other vendors. For licensing and support, we pay about 20,000. There are no additional costs or anything like that."
"The setup and licensing for small and medium size businesses is straightforward, though when it comes to the enterprise it pays to keep in mind the possibility for complications given all the extras and add-ons that may be required."
"NextGen SIEM's pricing is moderate."
"The support which allows more customized to the environment when we are deploying new systems is called Professional Service and is very expensive. The technical annual support and there is an annual fee."
"The license cost is around $10 per MPS."
"I would recommend that whatever sales quotes to them upfront, they will probably go up. Because they are probably going to outgrow that very quickly or once they start getting everything into it, they are going to have to move up anyway."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
867,676 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Financial Services Firm
12%
Manufacturing Company
10%
Government
6%
Computer Software Company
13%
Government
10%
Financial Services Firm
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise5
Large Enterprise12
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise38
Large Enterprise83
 

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.
What needs improvement with AWS Security Hub?
Regarding how Amazon can improve AWS Security Hub, they have numerous services that are discriminated individually and grouped into packages. However, the sheer number of services can be overwhelmi...
What is the difference between log management and SIEM?
Rony, Daniel's answer is right on the money. There are many solutions for each in the market, a lot depends upon your ability to manage such tools and your budget. A small operation may be best s...
What needs improvement with LogRhythm NextGen SIEM?
One major area for improvement in LogRhythm SIEM is the lack of volume measurement capability in terms of storage. There is currently no way to determine how much data is being consumed in terms of...
What do you like most about LogRhythm SIEM?
I find LogRhythm's log management capabilities to be beneficial.
 

Also Known As

SQRRL
LogRhythm NextGen SIEM, LogRhythm, LogRhythm Threat Lifecycle Management, LogRhythm TLM
 

Overview

 

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com
Macy's, NASA, Fujitsu, US Air Force, EY, Abbott, HD Supply, SAB Miller, UCLA, Raytheon, Amtrak, Cargill
Find out what your peers are saying about AWS Security Hub vs. LogRhythm SIEM and other solutions. Updated: October 2024.
867,676 professionals have used our research since 2012.