Try our new research platform with insights from 80,000+ expert users

AWS Security Hub vs Splunk Enterprise Security comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AWS Security Hub
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
22
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (5th), Cloud Security Posture Management (CSPM) (14th)
Splunk Enterprise Security
Average Rating
8.4
Reviews Sentiment
7.5
Number of Reviews
318
Ranking in other categories
Log Management (2nd), Security Information and Event Management (SIEM) (1st), IT Operations Analytics (1st)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. AWS Security Hub is designed for Cloud Security Posture Management (CSPM) and holds a mindshare of 4.0%, down 5.5% compared to last year.
Splunk Enterprise Security, on the other hand, focuses on Security Information and Event Management (SIEM), holds 9.4% mindshare, down 12.1% since last year.
Cloud Security Posture Management (CSPM)
Security Information and Event Management (SIEM)
 

Featured Reviews

MuhammadAzhar Khan - PeerSpot reviewer
Offers best practice recommendations and supports various compliance standards
Security Hub provides insightful information about what is running and where there might be weaknesses. It offers best practice recommendations and supports various compliance standards such as ISO and PCI DSS. Enabling these compliance checks helps identify non-compliant services and suggests steps to achieve compliance. The main advantage is providing information and compliance insights rather than prevention.
ROBERT-CHRISTIAN - PeerSpot reviewer
Has many predefined correlation rules and is brilliant for investigation and log analysis
It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"One of the most effective features of AWS Security Hub is the easy access to a dashboard with a ready-to-use security score."
"Cloudposse is a valuable feature as it guarantees my security."
"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"Security Hub provides insightful information about what is running and where there might be weaknesses."
"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."
"Very good at detection and providing real-time alerts."
"It scales better in the cloud than on-premise."
"If properly built, I'm very impressed with the stability of Splunk ES."
"The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."
"Its usability is the best part. It is easy for our developers to use if they want to search their logs, etc."
"Splunk Enterprise Security is more advanced compared to other solutions, which makes it stand out as a better option."
"Splunk Enterprise Security is a valuable tool that allows us to monitor data from the APS daily."
"Without Splunk Enterprise Security, it would be difficult for us to manage and prioritize alerts. There's a potential to lose track of important notifications, and it's essential to our security that we do not miss anything. Splunk has improved our investigations because the reporting and dashboarding make things so much easier. We can provide weekly or monthly reports. I also like Splunk's ability to integrate."
"The initial setup is really straightforward. It's one of the easiest installations."
 

Cons

"Security Hub is currently not worth investing in, as it requires more configurations and integration with other services to work effectively."
"Many findings are too generic or irrelevant to the environment, which can lead to false positives."
"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"It's not user-friendly. Too much going on, too many unnecessary findings, not very visual. You can't do much compared to other similar tools that are cheaper and better."
"The solution should be easier to learn and use"
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"The Enterprise Security app could be improved. We have had trouble with it working from the first day."
"Due to its high licensing cost, Splunk is out of reach for many organizations."
"Areas of Splunk Enterprise Security that could be improved include the need for training and certifications. We are planning to do certifications, and there are many features, such as risk-based score and score detection, where the current training doesn't provide visibility to the analyst."
"The presence of multiple layers creates a significant challenge for monitoring across cloud environments."
"In the next releases, I would like to see more pricing flexibility."
"We do have to educate developers on how to not blow it up. It is a little to easy to write an expensive query and overly stress the system. This could be improved."
"We are planning to do certifications, and there are many features, such as risk-based score and score detection, where the current training doesn't provide visibility to the analyst. They should offer training based on the features we use."
"The threat detection library needs to increase the frequency at which the playbooks are updated."
 

Pricing and Cost Advice

"The price of AWS Security Hub is average compared to other solutions."
"The price of the solution is not very competitive but it is reasonable."
"The pricing is fine. It is not an expensive tool."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"AWS Security Hub's pricing is pretty reasonable."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"Security Hub is not an expensive solution."
"Splunk differs from other SIEM solutions by using a gigabyte-based pricing model, rather than the agent-based licenses common with its competitors."
"We had a yearly subscription."
"It is quite expensive."
"Splunk Enterprise Security is cheaper than competitors, but I do not know whether it is just our contract."
"Some of the insights that we have obtained as a part of using Splunk have greatly helped us in increasing our revenue in terms of selling our products."
"Price-wise, if you compare QRadar to Splunk for SIEM functionality then they are in the same range but when you integrate SOAR with these solutions, Splunk takes the lead and is more competitive."
"Although Splunk is an expensive product, it is designed to be utilized across your organization in order to maximize your ROI and lower your TCO."
"It can be cost-prohibitive when you start to scale and have terabytes of data. Its cost model is based on how much data it processes a day. If they're able to create scaled-down niche or custom package offerings, it may help with the cost. Instead of the full-blown features, if they can narrow the scope where it can only be used for a specific purpose, it would kind of create that market for the product, and it may help with the costing. When you start using it as a central aggregator and you're pumping tons of logs at it, pretty soon, you'll start hitting your cap on what it can process a day. Once you've got that, you're kind of defeating the purpose because you're going to have to scale back."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
10%
Government
6%
Financial Services Firm
14%
Computer Software Company
14%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.
What needs improvement with AWS Security Hub?
There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just sugge...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
How does Splunk compare with Azure Monitor?
Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring information from different sources. Splunk is very good at alerting us if we...
 

Also Known As

SQRRL
No data available
 

Overview

 

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com
Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
Find out what your peers are saying about AWS Security Hub vs. Splunk Enterprise Security and other solutions. Updated: October 2024.
861,390 professionals have used our research since 2012.