No more typing reviews! Try our Samantha, our new voice AI agent.

AWS Security Hub vs ThreatConnect Threat Intelligence Platform (TIP) comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.8
Reviews Sentiment
6.5
Number of Reviews
14
Ranking in other categories
AI-SOC (1st), AI-Powered Security Automation (1st)
AWS Security Hub
Ranking in Security Orchestration Automation and Response (SOAR)
7th
Average Rating
7.6
Reviews Sentiment
6.5
Number of Reviews
27
Ranking in other categories
Cloud Security Posture Management (CSPM) (11th)
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
15th
Average Rating
8.2
Reviews Sentiment
6.5
Number of Reviews
7
Ranking in other categories
Threat Intelligence Platforms (TIP) (7th)
 

Mindshare comparison

As of July 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.8%, down from 5.7% compared to the previous year. The mindshare of AWS Security Hub is 5.8%, down from 8.9% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 3.1%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Torq3.8%
AWS Security Hub5.8%
ThreatConnect Threat Intelligence Platform (TIP)3.1%
Other87.3%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

AD
Solutions Architect at ProArch
Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency
Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.
Karthik Ekambaram - PeerSpot reviewer
Director at Scybers
Has helped identify misconfigurations and prioritize risks but lacks multi-cloud support and deeper integration features
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
Nikhil Jethwa - PeerSpot reviewer
Technical Consultant at ProTechmanize Solutions (P) Ltd.
Centralized threat intelligence has streamlined IOC workflows and now improves response time
ThreatConnect Threat Intelligence Platform (TIP) has positively impacted our organization by significantly reducing response times and improving detection accuracy by ensuring only high-confidence, context-rich indicators are pushed to security controls. From an operational standpoint, ThreatConnect Threat Intelligence Platform (TIP) has helped us reduce IOC handling and response time from hours to minutes by automating injection, enrichment, and distribution workflows.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Using that one piece of AI, we auto-closed 511 cases in quarter four alone."
"Torq has helped a lot regarding SOC analyst efficiency."
"Once I started to use the system and I saw the potential, it changed all of our work in IT."
"Since we started working with Torq, I am handling much fewer alerts, it is becoming really easy for me to handle an alert, I have all the information that I need, I do not need to connect to different vendors to receive this information, and the main thing I got from Torq is time, which now helps me to build another automated system and learn."
"Torq has exceeded expectations by delivering workflows in a timely and lower effort manner than XSOAR, and it meets all my needs while saving a ton of time and targeting $600,000 saved this year, which is a substantial amount of money."
"If I review about 100 vendors that I might work with, Torq is definitely in the top five that gave me personally investment back, just because every bit of effort I put into Torq eventually became a workflow that gave it back to me."
"What I appreciate most about Torq is that it is an essential part of our system."
"As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."
"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS."
"One of the most effective features of AWS Security Hub is the easy access to a dashboard with a ready-to-use security score."
"Though I'm still in the initial evaluation phase for AWS Security Hub, I would recommend it to others because it has good features."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"The solution is very good at detection and providing real-time alerts."
"Cloudposse is a valuable feature as it guarantees my security."
"The most valuable features are ease of use and the ability to customize it."
"We have been able to see a return on investment as our clients believe in us more."
"It is used to help an operations team with the identification and resolution of threats in an automated, zero-touch fashion."
"ThreatConnect has a highly user-friendly interface; I loved it, and it's really great and easy to configure."
"ThreatConnect Threat Intelligence Platform (TIP) has positively impacted our organization by significantly reducing response times and improving detection accuracy by ensuring only high-confidence, context-rich indicators are pushed to security controls."
"The tool's installation, integration, and playbooks are very straightforward."
"The product automatically generated a threat score based on the maliciousness of an IP."
"I like their customer support."
 

Cons

"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"Torq does extensive marketing saying that SOAR is dead and markets itself as an all-in-one solution, but this is not actually true."
"Torq can probably use more ML and look at what can be closed and what cannot be closed in terms of data classification."
"Regarding the pricing of Torq, I would say it is expensive."
"We have MCP that we are working with our cloud security platform, and we wanted to connect this MCP to the case management."
"Even now, we have workflows that are in production that use AI steps and I get different results, making it unusable to some degree."
"I wish Torq's AI assistant for building templated workflows from scratch worked better; when you start with a blank slate, asking AI to help you build or template the workflow out does not go well."
"Additionally, the documentation for Torq is not very clear. Most of the information is presented in videos, which are not ideal for reading; there are mostly paragraphs and other text-based content."
"However, the sheer number of services can be overwhelming when implementing something new."
"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"Right now, there are some difficulties we're facing with AWS Security Hub, and we need our central team to mitigate the issues."
"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"Integration is an area that could use some improvement."
"I couldn’t get any training videos online when I was working with the tool."
"They should make it a little bit easier to generate events and share them with the community."
"It would be good to have more feeds and more integrated sources for enrichment."
"I would like to see improvements in the time zone support of their customer service, considering users are from different time zones."
"Support is an area with which nobody is ever fully satisfied, so it can be improved."
"ThreatConnect Threat Intelligence Platform (TIP) could be improved by simplifying the user interface to better fit day-to-day analyst workflow and reducing the complexity of configuring playbook and score logic."
"Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats."
 

Pricing and Cost Advice

Information not available
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"The price of the solution is not very competitive but it is reasonable."
"Security Hub is not an expensive solution."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"The pricing is fine. It is not an expensive tool."
"The price of AWS Security Hub is average compared to other solutions."
"There are multiple subscription models, like yearly, monthly, and packaged."
"AWS Security Hub's pricing is pretty reasonable."
"The tool is expensive."
"The price of this product is in the mid-range, not too expensive, nor inexpensive."
"I rate the product price as six on a scale of one to ten, where one is extremely expensive, and ten means it is cheap."
"The price could be better."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Director of Operations at a comms service provider with 10,001+ employees
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
12%
Manufacturing Company
10%
Computer Software Company
9%
Comms Service Provider
7%
Financial Services Firm
15%
Comms Service Provider
8%
Retailer
7%
Construction Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise23
Large Enterprise5
 

Questions from the Community

What needs improvement with Torq?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...
What is your primary use case for Torq?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...
What advice do you have for others considering Torq?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
What needs improvement with AWS Security Hub?
I do not see any areas for improvement in AWS Security Hub itself, but the cost factor is something that is the main ...
What is your primary use case for AWS Security Hub?
AWS Security Hub is something I have used daily as it is a part of my job for cloud security purposes. If you are dea...
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
My experience with ThreatConnect Threat Intelligence Platform (TIP) pricing, setup cost, and licensing indicates that...
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
Based on my experience, ThreatConnect Threat Intelligence Platform (TIP) is already doing a great job in the market b...
What is your primary use case for ThreatConnect Threat Intelligence Platform (TIP)?
Our main use case for ThreatConnect Threat Intelligence Platform (TIP) is to centralize, analyze, and operationalize ...
 

Also Known As

No data available
SQRRL
No data available
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
Edmunds, Frame.io, GoDaddy, Realtor.com
Customer Case Studies & Use Cases
Find out what your peers are saying about AWS Security Hub vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.