We performed a comparison between AWS Security Hub and Netsurion based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The automation feature is valuable."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"Very good at detection and providing real-time alerts."
"The solution shows us our compliance score."
"The platform has valuable features for security."
"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."
"Finding out if your infrastructure is secure is a valuable feature."
"I find all of the features to be highly valuable."
"Netsurion's 24/7 monitoring has enhanced the overall security of the company. They have someone looking at the data 24/7 who will call us as needed. If their team spots a malicious process after hours, they notify the appropriate person by phone. We get a lot of actionable threat intelligence from Netsurion. For example, if a user clicks on a malicious link in a web page and starts an unusual process that isn't on the white-list, Netsurion's team can detect it and prevent it from executing. Afterward, they'll notify us by telephone, so we can respond and clean up whatever damage has occurred."
"The product satisfies our compliance, and thus, all of our auditors. All of the data that we use and store for all security events is required by our auditors to be kept in a central storage location."
"Expediting incident response is really great."
"When I looked last week, we probably averaged about 20 million log entries a day. So, we certainly can't individually manage that. Just looking at the reports, then trying to go back and find anything that was questionable, was a challenge. Therefore, the managed service has been invaluable to us in terms of being able to narrow the scope of what really needs to be looked at and bringing those things to our attention to be dealt with."
"The real-time alerting for things such as people getting dropped into a VPN group or the domain admin group — things like that which really shouldn't happen without proper change management, but we all know the reality, they do from time to time — gives me real-time visibility into what's going on."
"When it comes to threat detection and response, it does a very good job detecting and blocking on its own. And the SOC is a nice added value because they're doing analysis on things that aren't as obvious, on things that you can't just detect with a signature or behavior. Also, any SIEM will come with a lot of noise, so having them do a lot of the initial analysis to find out what's critical and what issues are false alarms is very good."
"We don't have the eyeballs available to stare and watch for things, or even have the capability of building internal alert systems. So, the managed SOC has been huge for freeing up staff to work on other responsibilities. We are saving on at least one full-time employee."
"Their SOC team manages vulnerability management and IOC reviews. They stop bad processes when they happen. The best thing is their weekly reviews of what has been going on in the infrastructure as well as the things that they see and what we should look out for."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"There is room for improvement in entity behavior and the integration site."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"It's not user-friendly. Too much going on, too many unnecessary findings, not very visual. You can't do much compared to other similar tools that are cheaper and better."
"The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update."
"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve."
"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"There are some issues with searches taking a long period of time, but they assured me that they have implemented a new search function that's available in version 9, but which requires a solid-state hard drive... Depending on how many logs you have it could take a long time to return the results if you're looking back prior to the last 30 days."
"The agents on the endpoints seem to fail quite a bit, requiring manual involvement from the local administrators. I would like to see their product be much more ad hoc and update automatically."
"There's always room to improve because there would be no competition if they had a perfect solution. The GUI to perform searches within the product may not be intuitive to a new user."
"The solution's dashboard is okay. The one thing that we ran into are issues when we upgraded to the newer version. It uses Elasticsearch for the different dashboard entries. So, we were running on spinning disks, and Elasticsearch didn't work that well. A number of the different dashboards, like my dashboard or different things like that, pull from Elasticsearch. Since Elasticsearch really wasn't working, we were having some issues with that, but we just migrated."
"We get a report generated on a particular day of the week and we go through it, trying to mitigate problems and make sure we're seeing everything that's happening. It would be helpful if the SOC spent a little more time with us going through some of those reports."
"The biggest problem is that we have too many domain controllers. So, we have to keep all the clients and main system updated with the latest versions along with making sure all the firewalls are open."
"The deployment of the agents could be a bit easier. We always seem to have a bit of a challenge with that. A lot of times the agents either don't deploy or they quit responding, then we have to go and redeploy them."
"The threat detection and response is passive. We have asked if there were options for taking action, and we have not gotten any feedback on that, which would be useful to know. Depending on the situation and threat, some actions may not be possible, but we haven't gotten any feedback on what options could be directed and actionable with the understanding that it may have an extra cost. It would be nice to know or find out if it is actually possible to take actions by a SIEM service or a SIEM agent."
AWS Security Hub is ranked 8th in Security Information and Event Management (SIEM) with 16 reviews while Netsurion is ranked 16th in Security Information and Event Management (SIEM) with 24 reviews. AWS Security Hub is rated 7.6, while Netsurion is rated 8.4. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Netsurion writes "The SOC center monitors, hunts, and notifies us of threats around the clock". AWS Security Hub is most compared with Prisma Cloud by Palo Alto Networks, Wiz, Microsoft Defender for Cloud, Google Chronicle Suite and Oracle Security Monitoring and Analytics Cloud Service, whereas Netsurion is most compared with Arctic Wolf Managed Detection and Response and CyberHat CYREBRO. See our AWS Security Hub vs. Netsurion report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.