No more typing reviews! Try our Samantha, our new voice AI agent.

AWS Security Hub vs USM Anywhere comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
AWS Security Hub
Average Rating
7.6
Reviews Sentiment
6.5
Number of Reviews
27
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (7th), Cloud Security Posture Management (CSPM) (11th)
USM Anywhere
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
115
Ranking in other categories
Log Management (29th), Security Information and Event Management (SIEM) (29th), Endpoint Detection and Response (EDR) (40th), Compliance Management (14th)
 

Mindshare comparison

Cloud Security Posture Management (CSPM) Mindshare Distribution
ProductMindshare (%)
AWS Security Hub2.5%
Wiz10.4%
Prisma Cloud by Palo Alto Networks7.9%
Other79.2%
Cloud Security Posture Management (CSPM)
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
USM Anywhere1.4%
Splunk Enterprise Security7.3%
IBM Security QRadar5.3%
Other86.0%
Security Information and Event Management (SIEM)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Karthik Ekambaram - PeerSpot reviewer
Director at Scybers
Has helped identify misconfigurations and prioritize risks but lacks multi-cloud support and deeper integration features
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
Kris Nawani - PeerSpot reviewer
Co-Founder/Director at Bangkok MSP Company Limited
Offers complete coverage without the need to install additional software
USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence and various other investigation tools The solution offers complete coverage without the need to install additional software, as it is maintained by the vendor. It helps in saving…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud's most valuable feature is its agent versatility."
"Qualys TotalCloud fulfills all these needs."
"CSPM is currently the most used feature, and we are enjoying the new feature, FlexScan, which is valuable for Internet-facing VMs."
"I highly recommend Qualys TotalCloud to other users."
"I like the web API security and IoT scanning features the most. The user-friendly design of TotalCloud's interface enables customers to navigate it and use its full potential easily"
"If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI."
"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."
"TotalCloud has been excellent in providing us with immediate access to all the products and features we need, such as CSPM, TruRisk Insights, and compliance reports, including CIS and HIPAA."
"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."
"Easily integrates with third-party tools"
"This solution is for security posture management for the cloud, showing the security posture of your cloud infrastructure and giving you good insight into whether your infrastructure is secure or not."
"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"One of the most effective features of AWS Security Hub is the easy access to a dashboard with a ready-to-use security score."
"AWS Security Hub brings many features into one table that is quite useful, and the app team finds it easier to see what is missing."
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"We had used previous products and found AlienVault centralized the logging for our security."
"Here we can get file integrity monitoring and a vulnerability assessment tool together with SIEM."
"The other big selling feature for us was its integration capabilities with all the other security-based products."
"The UI is clean and easy to use."
"The main menu: You can see everything there, what is happening on the servers, and in the logs, you can view more details of each event."
"The IDS and the threat intelligence are very useful. They are very intuitive and data-rich."
"Alien Vault had the best set up for MSPs — the way they are set up for billing and the way they set up their USM account."
"We have a better detection rate for malware and other cyber-attacks, and it really helps when USM is integrated in the incident response plan."
 

Cons

"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
"The price is very expensive, actually."
"In my opinion, what can be improved in Qualys TotalCloud includes pricing and container scanning."
"It is already perfect, but they can bring some newer dashboards and customization options for the dashboard. It would be great to be able to include on-prem assets on the dashboard."
"There is room for improvement in the support."
"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."
"Two areas for improvement in Qualys TotalCloud are the speed of the public cloud platform and vulnerability detection."
"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."
"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"The support must be quicker."
"It is not flexible for multi-cloud environments."
"AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS."
"Many findings are too generic or irrelevant to the environment, which can lead to false positives."
"Security Hub is currently not worth investing in, as it requires more configurations and integration with other services to work effectively."
"I would say the menus could use some tweaking and custom rule creation could be made simpler."
"Creating directives is a pain on its own, but editing them can be a nightmare filled with tedious unnecessary steps."
"I had a renegade plugin that was installed by the company who helped me with the initial setup. The plugin was missing a command to rotate logs and would fill my hard drives capacity to full quickly."
"There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks."
"Sometimes the log is unclear, and the report is a bit ambiguous."
"The vulnerability management solution is worse than buying a Nessus Professional license."
"The reporting is mediocre and is something that needs to be improved."
"I knocked off a point for the learning curve compared to some of the competition and another point for the lack of native user behavior analytics but for the money you really can't do any better."
 

Pricing and Cost Advice

"TotalCloud's price is about right where I would expect it to be."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"Qualys TotalCloud is expensive."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"Qualys TotalCloud offers cost-effective licensing flexibility."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"Security Hub is not an expensive solution."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The price of the solution is not very competitive but it is reasonable."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"The price of AWS Security Hub is average compared to other solutions."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"The pricing is fine. It is not an expensive tool."
"AWS Security Hub's pricing is pretty reasonable."
"It's affordable for most customers."
"It is affordable, and it also has many features that the premium products such as ArcSight and QRadar have. It is a very good platform for a SIEM solution. Everything is included in the price."
"I rate the price of AT&T AlienVault USM a four out of five."
"​The vulnerability management solution is worse than buying a Nessus Professional license.​"
"I don't think the product's pricing is a good value because they try to raise the price 50 percent every year... AlienVault needs to understand that not all customers are huge enterprises... Their sales team is way too aggressive. The price they advertise is not always the price you get."
"So far, I feel the product's pricing is a good value. The technology is decent. You get what you pay for. I think it's fair."
"The licensing fees are dependent on usage."
"I don't know exactly, but I know it is based on the number of logs and the retention duration, such as 30 days or something like that. So, the smallest package is about 500 a month for 30 days of logs. There is a virtual machine. You need resources for it. It is a log collecting VM. They provide the software, and you just have to load a virtual machine. So, you're going to incur some CPU RAM and storage for wherever this log collecting appliance is running, which typically is in our cloud and on our platform for the customer."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
904,054 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Director of Operations at a comms service provider with 10,001+ employees
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
13%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
12%
Manufacturing Company
10%
Computer Software Company
8%
Comms Service Provider
7%
Construction Company
23%
Financial Services Firm
10%
Comms Service Provider
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise29
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business65
Midsize Enterprise29
Large Enterprise25
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
What needs improvement with AWS Security Hub?
I do not see any areas for improvement in AWS Security Hub itself, but the cost factor is something that is the main ...
What is your primary use case for AWS Security Hub?
AWS Security Hub is something I have used daily as it is a part of my job for cloud security purposes. If you are dea...
What needs improvement with AT&T AlienVault USM?
There are scalability issues due to a 60 TB limit, which restricts its use for large customers like banks. It is also...
What is your primary use case for AT&T AlienVault USM?
USM Anywhere is used for threat detection and investigation. It provides a solution with built-in threat intelligence...
 

Also Known As

Qualys TotalCloud with FlexScan
SQRRL
AT&T AlienVault USM, AlienVault, AlienVault USM, Alienvault Cybersecurity
 

Overview

 

Sample Customers

Information Not Available
Edmunds, Frame.io, GoDaddy, Realtor.com
Abel & Cole, Bank of Ireland, Bluegrass Cellular, CareerBuilder, Claire's, Hays Medical Center, Hope International, McCurrach, McKinsey & Company, Party Delights, Pepco Holdings, Richland School District, Ricoh, SaveMart, Shake Shack, Steelcase, TaxAct, Taylor Morrison, Vonage and Zoom
Find out what your peers are saying about Wiz, Palo Alto Networks, Microsoft and others in Cloud Security Posture Management (CSPM). Updated: July 2026.
904,054 professionals have used our research since 2012.