No more typing reviews! Try our Samantha, our new voice AI agent.

AWS Security Hub vs OpenText Enterprise Security Manager comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
AWS Security Hub
Average Rating
7.6
Reviews Sentiment
6.5
Number of Reviews
27
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (7th), Cloud Security Posture Management (CSPM) (11th)
OpenText Enterprise Securit...
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
99
Ranking in other categories
Security Information and Event Management (SIEM) (23rd)
 

Mindshare comparison

Cloud Security Posture Management (CSPM) Mindshare Distribution
ProductMindshare (%)
AWS Security Hub2.5%
Wiz10.4%
Prisma Cloud by Palo Alto Networks7.9%
Other79.2%
Cloud Security Posture Management (CSPM)
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
OpenText Enterprise Security Manager1.6%
Splunk Enterprise Security7.3%
IBM Security QRadar5.3%
Other85.8%
Security Information and Event Management (SIEM)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Karthik Ekambaram - PeerSpot reviewer
Director at Scybers
Has helped identify misconfigurations and prioritize risks but lacks multi-cloud support and deeper integration features
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
SM
Cloud Security Archirect at IBM
Unified log analysis has strengthened incident detection and supports continuous attack simulation
I do not have any areas for improvement in ArcSight Enterprise Security Manager (ESM) as I have not delved deeply into it; overall, it is a good package. I would like to see the detection and response features included in the next release of ArcSight Enterprise Security Manager (ESM), as security orchestration and automation are increasingly important.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"TotalCloud offers a comprehensive suite of features, including EDR, XDR, and TrueRisk, providing a centralized platform for managing vulnerabilities and security risks."
"The best features in Qualys TotalCloud include the total asset management of the cloud environment. It is very easy to export the report and see the vulnerabilities related to the cloud specifically."
"We were able to realize its benefits within 24 to 48 hours."
"In my opinion, this is the best tool."
"Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk."
"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
"Qualys TotalCloud fulfills all these needs."
"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."
"The solution is very good at detection and providing real-time alerts."
"This solution is for security posture management for the cloud, showing the security posture of your cloud infrastructure and giving you good insight into whether your infrastructure is secure or not."
"Though I'm still in the initial evaluation phase for AWS Security Hub, I would recommend it to others because it has good features."
"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"The solution shows us our compliance score."
"Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup."
"AWS Security Hub can check your infrastructure against multiple compliance frameworks. You can turn on or off specific frameworks based on your needs."
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"ArcSight gives us better visibility into threats that were unknown earlier."
"The real-time analysis adds value."
"We help our customers do more than 'check a box' for security and compliance and we are very proud of that."
"ArcSight ESM helps us stop security incidents by detecting them early before they can cause more damage."
"The user interfaces are quite good and speedy, and I like the consoles too."
"Once the rules are defined, it becomes easy to detect changes and generate automated logs."
"ArcSight is very scalable."
"The filters and the ability to do what you want are the most valuable features; there is nothing that you cannot do in this solution, and it has all the features, which makes it very dynamic."
 

Cons

"We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."
"It has been working very well, but it would be helpful if the dashboard could generate reports tailored to specific compliance needs. For example, in India, we have to comply with RBI and SEBI guidelines. It w"
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."
"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"The support process is inefficient due to the excessive number of replies required when submitting tickets."
"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."
"It is not flexible for multi-cloud environments."
"The integration of AWS Security Hub has not helped much in maintaining my organization's security posture."
"The support must be quicker."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"Security Hub is currently not worth investing in, as it requires more configurations and integration with other services to work effectively."
"Right now, there are some difficulties we're facing with AWS Security Hub, and we need our central team to mitigate the issues."
"The solution should be easier to learn and use"
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
"Administration of ArcSight is not an easy job. The admin needs to be well experienced in it to identify the root cause and fix it."
"I would like to have native cluster for connectors as a software version and not as an appliance. It also needs a better disaster recovery procedure."
"It would be nice to have it on the cloud so that you can deploy it easily, saving time and resources."
"They can definitely provide faster search response and offer larger on-the-box storage support."
"The correlation engine effectively connects different events, significantly improving our detection reach. However, limitations exist with non-default alerts, where additional costs arise for integration."
"The roadmap is not clear."
"They need to improve the Web UI, similar to how it is done with Splunk."
 

Pricing and Cost Advice

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."
"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"Qualys TotalCloud is expensive."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"The price of AWS Security Hub is average compared to other solutions."
"Security Hub is not an expensive solution."
"The pricing is fine. It is not an expensive tool."
"AWS Security Hub's pricing is pretty reasonable."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"The price of the solution is not very competitive but it is reasonable."
"The solution is super expensive. At our organization size and license model, I think the price is average to what anyone else would charge us."
"It's a good price, it's one of the cheaper solutions."
"​It is best to be an institutional buyer and directly contact the sales team, as they can provide over-the-top discounts for bulk orders.​"
"The licensing cost is affordable if you get an enterprise license. The licensing is based on EPS, so you can probably provide a package of license for multiple ESMs with their correlational end fees. It is cost-effective."
"The pricing model is expensive compared to open-source alternatives."
"HPE ArcSight pricing might be more expensive than other SIEM solutions, but in my opinion it has powerful features and great flexibility in developing complex use cases."
"The product licenses are inexpensive."
"We're paying a fee for an MSSP, and the cost of the total cost of ArcSight ESM was approximately three to four million dollars a year. The price was less than similar solutions. We did not have additional fees."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
904,748 professionals have used our research since 2012.
 

Comparison Review

VS
Manager, Enterprise Risk Consulting at a tech company with 1,001-5,000 employees
Jun 28, 2015
Qradar vs. ArcSight
Continuing with the SIEM posts we have done at Infosecnirvana, this post is a Head to head comparison of the two Industry leading SIEM products in the market – HP ArcSight and IBM QRadar Both the products have consistently been in the Gartner Leaders Quadrant. Both HP and IBM took over niche SIEM…
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Outsourcing Company
8%
Comms Service Provider
7%
Financial Services Firm
12%
Manufacturing Company
10%
Computer Software Company
8%
Comms Service Provider
7%
Financial Services Firm
14%
Construction Company
11%
Marketing Services Firm
8%
Outsourcing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business37
Midsize Enterprise14
Large Enterprise59
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
What needs improvement with AWS Security Hub?
I do not see any areas for improvement in AWS Security Hub itself, but the cost factor is something that is the main ...
What is your primary use case for AWS Security Hub?
AWS Security Hub is something I have used daily as it is a part of my job for cloud security purposes. If you are dea...
Which is the best SIEM tool for a mid-sized financial services firm: Arcsight or Securonix?
In my market, a lot of financial companies had or have an ArcSight installation. Just because in former times it was ...
What is your experience regarding pricing and costs for ArcSight Enterprise Security Manager (ESM)?
I would rate the pricing of ArcSight Enterprise Security Manager (ESM) around seven, as it varies based on features a...
What needs improvement with ArcSight Enterprise Security Manager (ESM)?
I do not have any areas for improvement in ArcSight Enterprise Security Manager (ESM) as I have not delved deeply int...
 

Also Known As

Qualys TotalCloud with FlexScan
SQRRL
Micro Focus ArcSight, HPE ArcSight, ArcSight
 

Overview

 

Sample Customers

Information Not Available
Edmunds, Frame.io, GoDaddy, Realtor.com
Lake Health, U.S. Department of Health and Human Services, Bank AlJazira, Banca Intesa, and Obrela.
Find out what your peers are saying about Wiz, Palo Alto Networks, Microsoft and others in Cloud Security Posture Management (CSPM). Updated: July 2026.
904,748 professionals have used our research since 2012.