We performed a comparison between AWS Security Hub and Prisma Cloud by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Ease of Deployment: Prisma Cloud by Palo Alto Networks' initial setup was straightforward and aided by helpful engineers and clear instructions. Deployment time differed but was uncomplicated. On the other hand, AWS Security Hub's setup is simple and straightforward, though policies must be set up. It necessitates minimal upkeep.
Features: Prisma Cloud provides a management console, continuous compliance monitoring, auto-remediation, and identity-based micro-segmentation. On the other hand, AWS Security Hub is commended for its integration capabilities, real-time alerts, and compliance monitoring. Prisma Cloud could benefit from more personalized dashboard options, enhanced automation capabilities, and better integration with ticketing systems. On the other hand, AWS Security Hub might benefit from greater integration possibilities with open-source solutions and upgrades to its user interface and dashboards.
Pricing: Prisma Cloud is perceived as having a complex credit-based pricing system, leading to a general perception of being expensive. However, it provides good value for securing multi-cloud environments. In contrast, AWS Security Hub is considered to have reasonable pricing, but there is some uncertainty surrounding it for those outside of the central team.
Service and Support: Prisma Cloud's customer service has been a bit inconsistent, with some customers appreciating the technical assistance and account managers, while others have encountered slow response times and unhelpful solutions. On the other hand, AWS Security Hub's technical support has been commended by contented customers for being prompt and efficient.
ROI: Prisma Cloud by Palo Alto Networks offers benefits such as risk transparency, enhanced compliance and security, and quicker issue resolution, resulting in improved productivity and cost savings. Although the exact ROI is hard to quantify, it reduces risks and enhances resource utilization. On the other hand, AWS Security Hub has been well-received with a positive outcome.
Comparison Results: Prisma Cloud by Palo Alto Networks is the better option when compared to AWS Security Hub. Its features are more comprehensive and effective in protecting the entire cloud-native stack, including cloud compliance monitoring and alerting, network security, and micro-segmentation. While AWS Security Hub is praised for its integration capabilities, it falls short in terms of comprehensive features and auto-remediation capabilities.
"The security baseline and vulnerability assessments is the valuable feature."
"With Wiz, we get timely alerts for leaked data or any vulnerabilities already existing in our environment."
"I like Wiz's reporting, and it's easy to do queries. For example, it's pretty simple to find out how many servers we have and the applications installed on each. I like Wiz's security graph because you can use it to see the whole organization even if you have multiple accounts."
"The product supports out-of-the-box reporting with context about the asset and allows us to perform complex custom queries on UI."
"The CSPM module has been the most effective. It was easy to deploy and covered all our accounts through APIs, requiring no agents. Wiz provides instant visibility into high-level risks that we need to address."
"The vulnerability management modules and the discovery and inventory are the most valuable features. Before using Wiz, it was a very manual process for both. After implementing it, we're able to get all of the analytics into a single platform that gives us visibility across all the systems in our cloud. We're able to correspond and understand what the vulnerability landscape looks like a lot faster."
"The solution is very user-friendly."
"Out of all the features, the one item that has been most valuable is the fact that Wiz puts into context all the pieces that create an issue, and applies a particular risk evaluation that helps us prioritize when we need to address a misconfiguration, vulnerability, or any issue that would put our environment into risk."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"Cloudposse is a valuable feature as it guarantees my security."
"It's a security posture management tool from AWS. Basically, it identifies misconfigurations, similar to Trusted Advisor but on a larger scale."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."
"Easily integrates with third-party tools"
"Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"We found it to be easy and flexible. We could easily configure it for our needs, and we could spread the Prisma Cloud platform to 16 countries without encountering any kind of problem."
"The container and serverless security is most valuable. It is quite a new technology for this region. Even though containers have been there for a long time, the adoption of containers is very minimal in this region. When it comes to using Kubernetes containers in a complex architecture, there is a lack of security in the market. People aren't aware of the security controls or the process for governance. Container security provided by Prisma Cloud is quite good at filling that gap."
"The runtime mechanism on the solution is very useful. It's got very good network mapping between containers. If you have more than one container, you can create a content data link between them."
"Technical support is quite helpful."
"It has improved the overall collaboration between SecOps and DevOps. Now, instead of asking people to do something, it is a default offering in the CI/CD. There is less manual intervention and more seamless integration. It is why we don't have many dependencies across many teams, which is definitely a better state."
"Cloud security posture management is the preferred feature among other vendors."
"I find the CSPM area to be a more valuable and flexible feature."
"CSPM is very useful because it gives us good policies and violation alerts."
"We wish there were a way, beyond providing visibility and automated remediation, to wait on a given remediation, due to a critical aspect, such as the cost associated with a particular upgrade... We would like to see preventive controls that can be applied through Wiz to protect against vulnerabilities that we're not going to be able to remediate immediately."
"Wiz's reporting capabilities could be refined a bit. They are making headway on that, but more executive-style dashboards would be nice. They just implemented a community aspect where you can share documents and feedback. This was something users had been requesting for a while. They are listening to customer feedback and making changes."
"The only small pain point has been around some of the logging integrations. Some of the complexities of the script integrations aren't supported with some of the more automated infrastructure components. So, it's not as universal. For example, they have great support for cloud formation and other services, but if you're using another type of management utility or governance language for your infrastructure-as-code automation components, it becomes a little bit trickier to navigate that."
"The solution's container security could be improved."
"One significant issue is that the searches are case-sensitive, so finding a misconfigured resource can become very challenging."
"The only thing that needs to be improved is the number of scans per day."
"We're looking at some of the data compliance stuff that they've got Jon offer. I know they're looking at container security, which we gonna be looking at next."
"The reporting isn't that great. They have executive summaries, but it's only a compliance report that maps all current issues to specific controls. Whether you look at one subscription or project, regardless of the size, you will get a multipage report on how the issues in that account map to that control. Our CSO isn't going to read through that. He won't filter that out or show that to his leadership and say, "Here's what we're doing." It isn't a helpful report. They're working on it, but it's a poor executive summary."
"One aspect that could be improved in the solution is its adaptability to different markets and geopolitical restrictions. In certain regions like Thailand, specific services from certain countries or providers, such as AWS or Azure, might be limited or blocked. It also needs improvement in would require configuring the solution more adaptable to AWS infrastructure and function."
"The solution should be easier to learn and use"
"The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update."
"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."
"Although AWS Security Hub does a periodic scan of your overall infrastructure, it doesn't do it in real time."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls."
"There are hundreds of built-in policies for AWS and Azure, but GCP and Oracle are not covered as much as AWS. There is a lot of work to do on that part. There is, obviously, a tiny bit of favoritism towards AWS because it has the most market share."
"We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert."
"The area for improvement is less about the product and more about the upsell. If we've already agreed that we'd like your product x, y, or z, don't try to add fries to my burger. I don't need it."
"They are missing some compatibility details in their documentation."
"The automation capabilities are growing each day, but the problem is that the updates are not that frequent. There are some services on Amazon that have come out with updates, and Azure is also getting up to date. But Prisma takes some time to follow. There's a time gap that Prisma inherits from these clouds. I understand why it takes some time, but that time should be reduced."
"The integration of the Compute function into the cloud monitoring function—because those are two different tools that are being combined together—could use some more work. It still feels a little bit disjointed."
"Though Prisma Cloud by Palo Alto Networks provides excellent security, is a pioneer in this space, and knows what it's doing, from a user perspective, it would have been better if it was a little easier to use."
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
AWS Security Hub is ranked 13th in Cloud Security Posture Management (CSPM) with 17 reviews while Prisma Cloud by Palo Alto Networks is ranked 1st in Cloud Security Posture Management (CSPM) with 82 reviews. AWS Security Hub is rated 7.6, while Prisma Cloud by Palo Alto Networks is rated 8.4. The top reviewer of AWS Security Hub writes "A centralized dashboard that enables efficient monitoring and management of possible security issues". On the other hand, the top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". AWS Security Hub is most compared with Microsoft Sentinel, Microsoft Defender for Cloud, Google Chronicle Suite, Oracle Security Monitoring and Analytics Cloud Service and Splunk Enterprise Security, whereas Prisma Cloud by Palo Alto Networks is most compared with Microsoft Defender for Cloud, Aqua Cloud Security Platform, CrowdStrike Falcon Cloud Security, AWS GuardDuty and Snyk. See our AWS Security Hub vs. Prisma Cloud by Palo Alto Networks report.
See our list of best Cloud Security Posture Management (CSPM) vendors.
We monitor all Cloud Security Posture Management (CSPM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.