Try our new research platform with insights from 80,000+ expert users

AWS Security Hub vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Customer Service

Sentiment score
7.0
AWS Security Hub support is praised for its prompt technical assistance but could improve email response efficiency.
Sentiment score
7.3
Microsoft Sentinel support is praised for premium tier efficiency, but basic support faces delays; community forums are frequently used.
AWS ProLogitech Support is very helpful and timely, especially at the enterprise level.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
 

Room For Improvement

Sentiment score
4.5
AWS Security Hub needs real-time scanning improvements, better integrations, enhanced compliance, cost control, and user-friendly features.
Sentiment score
5.0
Microsoft Sentinel users desire improved integration, user-friendliness, documentation, and lower costs while addressing learning curve and query challenges.
A more user-friendly experience programmatically in writing queries and configuring custom security rules.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
 

Scalability Issues

Sentiment score
7.6
AWS Security Hub is scalable and efficient for multi-account operations but less effective in multi-cloud environments.
Sentiment score
8.1
Microsoft Sentinel offers scalable, cloud-based security with automatic scaling, handling large data volumes, and a pay-as-you-go model.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
 

Setup Cost

Sentiment score
5.0
AWS Security Hub offers flexible, cost-effective subscription models, appealing to enterprises for its affordability and included cloud security features.
Sentiment score
5.2
Microsoft Sentinel's flexible pricing offers value, but requires careful monitoring and optimization to manage costs effectively compared to SIEM tools.
 

Stability Issues

Sentiment score
8.3
AWS Security Hub is highly regarded for its stability, frequent updates, and reliable performance, though improvement is suggested by some.
Sentiment score
8.3
Microsoft Sentinel is praised for stability and reliability, with minimal downtime and consistent performance across environments despite minor glitches.
So far, we have not experienced any issues, and it has been stable from the beginning.
 

Valuable Features

Sentiment score
7.6
AWS Security Hub enhances cloud security by integrating services, offering centralized management, real-time alerts, and compliance evaluations.
Sentiment score
8.5
Microsoft Sentinel offers seamless integration, automation, and AI-driven threat detection for efficient security management and enhanced threat visibility.
The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate.
Custom workbooks are valuable. It is one of the crucial points in dealing with potential security threats in an automated way without requiring too much manpower.
 

Categories and Ranking

AWS Security Hub
Ranking in Security Orchestration Automation and Response (SOAR)
5th
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
20
Ranking in other categories
Cloud Security Posture Management (CSPM) (13th)
Microsoft Sentinel
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
90
Ranking in other categories
Security Information and Event Management (SIEM) (3rd), Microsoft Security Suite (5th), AI-Powered Cybersecurity Platforms (5th)
 

Mindshare comparison

As of December 2024, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of AWS Security Hub is 11.4%, up from 10.7% compared to the previous year. The mindshare of Microsoft Sentinel is 21.0%, up from 20.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Q&A Highlights

NC
Nov 26, 2021
 

Featured Reviews

CobusFrey - PeerSpot reviewer
Not only does it easily integrate with third-party tools but also allows auto synchronization of logs
AWS Security Hub has advanced quite a bit over the last couple of years. The features are quite rich now. Before purchasing, one should develop an understanding of the product. I believe AWS Security Hub is one of the most friendly solutions for integration with third-party tools. I find the integration of AWS Security Hub to be the easiest with tools from Microsoft and a bit difficult with Google solutions. AWS Security Hub is compliant in many different ways. The development business I am part of is SOC compliant for AWS Security Hub, while the banks our organization works with have been PCI compliant for AWS Security Hub for three years. I would definitely recommend AWS Security Hub to others, yet I would also inquire about their purpose and knowledge of cloud solutions. If you know how to use AWS Security Hub, it can be a great solution to work with. The solution is more suitable for people working in the cloud instead of on-premises. I would rate AWS Security Hub a nine out of ten.
Nitin Arora - PeerSpot reviewer
Gives us one place to investigate and respond to threats, and automation eliminates manual work
They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
817,457 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Answers from the Community

NC
Nov 26, 2021
Nov 26, 2021
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will always have the performance capability you need. If you have Microsoft 365, it is very easy to plug the endpoints into Azure Sentinel. With this solution, you can go on the offensive and stay proact...
See 2 answers
Nov 24, 2021
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will always have the performance capability you need. If you have Microsoft 365, it is very easy to plug the endpoints into Azure Sentinel. With this solution, you can go on the offensive and stay proactive, continually hunting for threats. Azure Sentinel is purely cloud-based and a leading next-generation SIEM. We have experienced a few false positives with Azure Sentinel. There is a certain level of expertise that you need to possess to appropriately utilize all of Azure Sentinel's offerings - it can be a somewhat steep learning curve to get things running at capacity. It would be an improvement if Azure Sentinel integrated better with other SaaS providers and offered more out-of-the-box connectors. You get a huge range of powerful security tools with AWS Security Hub, including compliance scanners, vulnerability endpoint protection, and firewalls. AWS Security Hub has very good detection and offers helpful real-time alerts. AWS Security Hub aggregates, organizes, and prioritizes security alerts or findings from other AWS services, all in one single pane. AWS Security Hub lacks a certain level of self-sufficiency, though. We would like to see AWS Security Hub become a multi-cloud solution. AWS Security Hub has some regional restrictions that have proved problematic for us; we need visibility for all instances we have on our account. We found that AWS Security Hub is not a good global product. Conclusion: We felt AWS was lacking in some basic features we consider essential, like multi-region coverage. We also wanted a solution that was more intuitive. We found Azure Sentinel to be a better fit for our team and our clients. We have a global reach and need a product that could satisfy cross-region coverage efficiently. We also feel that Azure Sentinel offers better proactive threat awareness.
Shibu Babuchandran - PeerSpot reviewer
Nov 26, 2021
Hi @Netanya Carmi ​, Had prepared some comparison factors between AWS and Azure for one of my presales discussions, hope this will hold some insights .So depending on the requirements from the client appropriate solutions can be proposed. Widely Azure Sentinel is what has be going of matching the customer requriements. AI and machine learning AWS service Azure service Description SageMaker Machine Learning A cloud service to train, deploy, automate, and manage machine learning models. Alexa Skills Kit Bot Framework Build and connect intelligent bots that interact with your users using text/SMS, Skype, Teams, Slack, Microsoft 365 mail, Twitter, and other popular services. Lex Speech Services API capable of converting speech to text, understanding intent, and converting text back to speech for natural responsiveness. Lex Language Understanding (LUIS) Allows your applications to understand user commands contextually. Polly, Transcribe Speech Services Enables both Speech to Text, and Text into Speech capabilities. Rekognition Cognitive Services Computer Vision: Extract information from images to categorize and process visual data. Face: Detect, identify, and analyze faces and facial expressions in photos. Skills Kit Virtual Assistant The Virtual Assistant Template brings together a number of best practices we've identified through the building of conversational experiences and automates integration of components that we've found to be highly beneficial to Bot Framework developers. Big data and analytics AWS service Azure service Description Redshift Synapse Analytics Cloud-based Enterprise Data Warehouse (EDW) that uses Massively Parallel Processing (MPP) to quickly run complex queries across petabytes of data. Lake Formation Data Share A simple and safe service for sharing big data Big data processing AWS service Azure service Description EMR Azure Data Explorer Fully managed, low latency, distributed big data analytics platform to run complex queries across petabytes of data. EMR Databricks Apache Spark-based analytics platform. EMR HDInsight Managed Hadoop service. Deploy and manage Hadoop clusters in Azure. EMR Data Lake Storage Massively scalable, secure data lake functionality built on Azure Blob Storage. Data orchestration / ETL AWS service Azure service Description Data Pipeline, Glue Data Factory Processes and moves data between different compute and storage services, as well as on-premises data sources at specified intervals. Create, schedule, orchestrate, and manage data pipelines. Glue Azure Purview A unified data governance service that helps you manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Dynamo DB Table Storage, Cosmos DB NoSQL key-value store for rapid development using massive semi-structured datasets. Analytics and visualization AWS service Azure service Description Kinesis Analytics Stream Analytics Storage and analysis platforms that create insights from large quantities of data, or data that originates from many sources. Azure Data Explorer Data Lake Analytics Data Lake Store QuickSight Power BI Business intelligence tools that build visualizations, perform ad hoc analysis, and develop business insights from data. CloudSearch Cognitive Search Delivers full-text search and related search analytics and capabilities. Athena Data Lake Analytics Provides a serverless interactive query service that uses standard SQL for analyzing databases. Azure Synapse Analytics Azure Synapse Analytics is a limitless analytics service that brings together data integration, enterprise data warehousing, and big data analytics. It gives you the freedom to query data on your terms, using either serverless or dedicated resources at scale. Elasticsearch Service Elastic on Azure Use the Elastic Stack (Elastic, Logstash, and Kibana) to search, analyze, and visualize in real time. Database Type AWS Service Azure Service Description Relational database RDS SQL Database Managed relational database services in which resiliency, scale and maintenance are primarily handled by the Azure platform. Database for MySQL Database for PostgreSQL Database for MariaDB Serverless relational database Amazon Aurora Serverless Azure SQL Database serverless Database offerings that automatically scales compute based on the workload demand. You're billed per second for the actual compute used (Azure SQL)/data that's processed by your queries (Azure Synapse Analytics Serverless). Serverless SQL pool in Azure Synapse Analytics NoSQL/ DynamoDB Cosmos DB Cosmos DB is a globally distributed, multi-model database that natively supports multiple data models including key-value pairs, documents, graphs and columnar. Document SimpleDB Amazon DocumentDB Caching ElastiCache Cache for Redis An in-memory–based, distributed caching service that provides a high-performance store typically used to offload nontransactional work from a database. Database migration Database Migration Service Database Migration Service A service that executes the migration of database schema and data from one database format to a specific database technology in the cloud.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
13%
Manufacturing Company
10%
Government
8%
Computer Software Company
16%
Financial Services Firm
10%
Government
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.
What needs improvement with AWS Security Hub?
AWS Security Hub could improve its guidance links to resolve findings related to multiple resources. The implementation of more guidance links could enhance issue resolution. Additionally, shorteni...
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
What do you like most about Microsoft Sentinel?
The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high.
 

Also Known As

SQRRL
Azure Sentinel
 

Overview

 

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about AWS Security Hub vs. Microsoft Sentinel and other solutions. Updated: November 2024.
817,457 professionals have used our research since 2012.