AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
Regarding how Amazon can improve AWS Security Hub, they have numerous services that are discriminated individually and grouped into packages. However, the sheer number of services can be overwhelming when implementing something new. When faced with a new requirement, consultation with experts or consultants becomes necessary because finding the specific solution for a task or requirement isn't straightforward. This aspect could be improved.
Leader in Digital Transformation Security at Tata Communications Ltd
Real User
Top 20
Jul 24, 2025
It is able to find vulnerabilities, but we are seeing another tool has greater strength in getting the entire assets count from each AWS account and master account, allowing us to look at all vulnerability issues. Other tools have multi-cloud connectivity, enabling connection to multiple clouds. We are getting feedback from the team that it's costly for 24/7 watching. We want to enable it only on demand. The cost is higher. We are not using a unified dashboard, we are only pulling the report. Feature-wise, we are not able to do multi-cloud. We are doing individual cloud monitoring, and we see other tools are better than AWS Security Hub. We have only few tools integrated at the moment, but there are many integration options, though some are license-based. It's actually a one-click solution that we can easily enable. However, the app team should take care on a regular basis as it might generate too many issues once enabled. Someone has to work on these issues for actual ROI. It runs on a regular basis, and in the next cycle, it shows what is fixed and what is not fixed.
There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just suggesting them.
DevOps Engineer at a consultancy with 10,001+ employees
Real User
Top 5
Nov 19, 2024
I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier.
AWS Security Hub could improve its guidance links to resolve findings related to multiple resources. The implementation of more guidance links could enhance issue resolution. Additionally, shortening the response time for support tickets, particularly in production issues, could make the service more efficient.
Many findings are too generic or irrelevant to the environment, which can lead to false positives. It can be challenging to suppress or turn off these findings. Turning specific findings on or off would be useful so they don’t negatively impact your compliance score. This way, the dashboard would better reflect the actual state of your compliance, reducing confusion when presenting or reporting to management and stakeholders. If there were an option to filter out irrelevant findings, it would help streamline the results and provide a more accurate picture of your compliance status.
The solution should be easier to learn and use, and data exportation should be more user-friendly. If a user doesn't know how to export data or how to link at the back-end of tools like Amazon Athena, using AWS Security Hub can be difficult.
Senior Software Engineer at a media company with 11-50 employees
Real User
Top 10
Mar 26, 2024
We are facing some cost-related issues with the solution. We integrated a couple of services into AWS Security Hub, and some rules are not required for our environment. However, the assessment happens based on those rules, and we have to pay some additional costs. We need some customization into the compliances whenever we enable specific compliances. We need more granular-level customizations to enable or disable the rules in AWS Security Hub. Suppose we enabled one of the compliances and have more than 100 rules for that compliance. If one of the customers is not using all the services, those services are not really used in the environment. We are looking for some customizations to disable that rule so that the scanning will not happen based on that rule, and we can save some cost.
There is room for improvement in a couple of things. One is that the dashboard isn't very customizable. Another is that the alerting level is the same across the entire account. Every organization has different needs, like sandbox accounts. Even though they have the same alert level, it might not be critical for them. Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement.
It's not user-friendly. Too much going on, too many unnecessary findings, not very visual. You can't do much compared to other similar tools that are cheaper and better. There's this company called PingSafe, just acquired by SentinelOne, that has a great cloud security offering. Prisma Cloud is also a better alternative.
Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time. Real-time scanning should be included in the solution’s next release.
One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function.
Sr. Director - Group Head - IT Security (CISO) at Jubilant Organosys Ltd., India, Leading Chemical M
Real User
Mar 14, 2023
The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results.
AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time.
Right now, there are some difficulties we're facing with AWS Security Hub, and we need our central team to mitigate the issues. Otherwise, the number of incidents will keep increasing, and monitoring will become problematic. For example, whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility.
Manager-Cloud Security Operations at a retailer with 10,001+ employees
Real User
Oct 7, 2021
AWS Security Hub could improve by having more integration and flexibility with other cloud security solutions on the market. They have integration with AWS solutions and other commercial solutions but not ones that are open-source. If we have more of an open-source integration availability it would be great. The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update.
The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach. The product should not be a region restriction product. It should be global. It should give you the visibility of all the instances that you have for one account, be it in one region or many regions. There should be visibility of all the region in one place.
AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts.
The service offers a range of features including...
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
Regarding how Amazon can improve AWS Security Hub, they have numerous services that are discriminated individually and grouped into packages. However, the sheer number of services can be overwhelming when implementing something new. When faced with a new requirement, consultation with experts or consultants becomes necessary because finding the specific solution for a task or requirement isn't straightforward. This aspect could be improved.
It is able to find vulnerabilities, but we are seeing another tool has greater strength in getting the entire assets count from each AWS account and master account, allowing us to look at all vulnerability issues. Other tools have multi-cloud connectivity, enabling connection to multiple clouds. We are getting feedback from the team that it's costly for 24/7 watching. We want to enable it only on demand. The cost is higher. We are not using a unified dashboard, we are only pulling the report. Feature-wise, we are not able to do multi-cloud. We are doing individual cloud monitoring, and we see other tools are better than AWS Security Hub. We have only few tools integrated at the moment, but there are many integration options, though some are license-based. It's actually a one-click solution that we can easily enable. However, the app team should take care on a regular basis as it might generate too many issues once enabled. Someone has to work on these issues for actual ROI. It runs on a regular basis, and in the next cycle, it shows what is fixed and what is not fixed.
There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just suggesting them.
I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier.
AWS Security Hub could improve its guidance links to resolve findings related to multiple resources. The implementation of more guidance links could enhance issue resolution. Additionally, shortening the response time for support tickets, particularly in production issues, could make the service more efficient.
Many findings are too generic or irrelevant to the environment, which can lead to false positives. It can be challenging to suppress or turn off these findings. Turning specific findings on or off would be useful so they don’t negatively impact your compliance score. This way, the dashboard would better reflect the actual state of your compliance, reducing confusion when presenting or reporting to management and stakeholders. If there were an option to filter out irrelevant findings, it would help streamline the results and provide a more accurate picture of your compliance status.
The solution should be easier to learn and use, and data exportation should be more user-friendly. If a user doesn't know how to export data or how to link at the back-end of tools like Amazon Athena, using AWS Security Hub can be difficult.
We are facing some cost-related issues with the solution. We integrated a couple of services into AWS Security Hub, and some rules are not required for our environment. However, the assessment happens based on those rules, and we have to pay some additional costs. We need some customization into the compliances whenever we enable specific compliances. We need more granular-level customizations to enable or disable the rules in AWS Security Hub. Suppose we enabled one of the compliances and have more than 100 rules for that compliance. If one of the customers is not using all the services, those services are not really used in the environment. We are looking for some customizations to disable that rule so that the scanning will not happen based on that rule, and we can save some cost.
There is room for improvement in a couple of things. One is that the dashboard isn't very customizable. Another is that the alerting level is the same across the entire account. Every organization has different needs, like sandbox accounts. Even though they have the same alert level, it might not be critical for them. Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement.
It's not user-friendly. Too much going on, too many unnecessary findings, not very visual. You can't do much compared to other similar tools that are cheaper and better. There's this company called PingSafe, just acquired by SentinelOne, that has a great cloud security offering. Prisma Cloud is also a better alternative.
Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub.
Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time. Real-time scanning should be included in the solution’s next release.
One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function.
AWS Security Hub's configuration and integration are areas where it lacks and needs to improve.
The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results.
AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time.
Right now, there are some difficulties we're facing with AWS Security Hub, and we need our central team to mitigate the issues. Otherwise, the number of incidents will keep increasing, and monitoring will become problematic. For example, whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility.
AWS Security Hub could improve by having more integration and flexibility with other cloud security solutions on the market. They have integration with AWS solutions and other commercial solutions but not ones that are open-source. If we have more of an open-source integration availability it would be great. The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update.
The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach. The product should not be a region restriction product. It should be global. It should give you the visibility of all the instances that you have for one account, be it in one region or many regions. There should be visibility of all the region in one place.