No more typing reviews! Try our Samantha, our new voice AI agent.

AWS Security Hub vs Skyhigh Security comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Vulnerability Management (11th), Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
AWS Security Hub
Average Rating
7.6
Reviews Sentiment
6.5
Number of Reviews
27
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (7th), Cloud Security Posture Management (CSPM) (11th)
Skyhigh Security
Average Rating
8.2
Reviews Sentiment
6.5
Number of Reviews
72
Ranking in other categories
Secure Web Gateways (SWG) (7th), Data Loss Prevention (DLP) (13th), Cloud Access Security Brokers (CASB) (8th), ZTNA as a Service (10th), Secure Access Service Edge (SASE) (10th)
 

Mindshare comparison

Cloud Security Posture Management (CSPM) Mindshare Distribution
ProductMindshare (%)
AWS Security Hub2.5%
Wiz10.4%
Prisma Cloud by Palo Alto Networks7.9%
Other79.2%
Cloud Security Posture Management (CSPM)
Secure Access Service Edge (SASE) Mindshare Distribution
ProductMindshare (%)
Skyhigh Security2.5%
Prisma Access by Palo Alto Networks10.2%
Zscaler Zero Trust Exchange Platform8.8%
Other78.5%
Secure Access Service Edge (SASE)
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Karthik Ekambaram - PeerSpot reviewer
Director at Scybers
Has helped identify misconfigurations and prioritize risks but lacks multi-cloud support and deeper integration features
AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS. There are other products in the market for CSPM that can give you multi-cloud environment misconfigurations, even Microsoft for that matter. Regarding the integration of AWS Security Hub with third-party tools, I am not certain whether we can integrate them, but there is no need to do so. However, AWS Security Hub cannot integrate with other cloud providers, so it only supports the AWS environment. The compliance checks within AWS Security Hub are good, but we don't use them much. We utilize compliance frameworks such as CIS compliance frameworks and ISO 27017 framework, which are beneficial, but it can improve in other areas too, such as including NIST and other frameworks beyond just ISO and CIS. Improvements can be applicable for scalability, particularly on integration with multi-cloud environments, and compliance frameworks can be added for more variety as well. The unified dashboard in AWS Security Hub is adequate; I cannot say it is exceptional, but the content available in the dashboards is satisfactory for now.
DG
Deputy Manager at a comms service provider with 10,001+ employees
Centralized cloud security has improved DLP incident management and simplifies email protection
One major challenge is that downloading incidents during the investigation process takes a very long time, and this issue should be resolved. More customized columns and filtering options in incident review would be beneficial. File types should be included, such as file names along with file extensions, which are not currently available to my knowledge. Overall, Skyhigh Security is very good and just needs to improve in terms of the latency of downloading incidents.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Generally, Qualys is very good at detections, whether on cloud or on-prem, and the agent allows deployment on both infrastructures, providing continuous monitoring of your assets, which is a key selling point for us."
"Qualys TotalCloud provides a single, prioritized view based on requirements such as identifying the most vulnerable assets and calculating the average time to remediate vulnerabilities."
"With TotalCloud, we can scan through the API. If we are not able to deploy cloud agents on the machine, we can use the API."
"Qualys TotalCloud has helped us view our risk structure, vulnerabilities, and security posture."
"Qualys TotalCloud fulfills all these needs."
"Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk."
"One of the features I appreciate is the ability to generate daily reports without relying on anyone else."
"One of the most valuable features of Qualys TotalCloud is FlexScan, which is specifically for internet-facing VMs. We found this feature to be very useful. It was a key differentiator for us."
"Currently, our organization utilizes AWS for various purposes, including SaaS (Software as a Service), PaaS (Platform as a Service), and hosting applications in the cloud. We develop our applications and use AWS services as a platform for basic functions and secondary development needs. Additionally, we rely on PaaS for accounting services. Approximately, 50% of our applications are hosted in the cloud environment, making it a significant part of our current setup."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"The solution is very good at detection and providing real-time alerts."
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS."
"I rate Security Hub ten out of ten for stability."
"The service is working very well."
"The most valuable features of McAfee Web Gateway are anti-malware, reports, and powerful categorization of web pages."
"Shadow IT reporting capabilities."
"The risk rating of each cloud application has been very useful. Whenever we discover a new application is use, we are able to quickly determine if this application is safe to use and whether or not we should allow our end users to be able to access it."
"Skyhigh Security has positively impacted our organization by helping us secure our network better, secure our HTTP traffic, and assist in compliance with GDPR and HIPAA requirements, especially since we are a health-based company."
"Skyhigh Security is well managed, and its user interface is simple and easy to use for a security solution; it is a very good solution."
"It is affordable."
"The ability to identify shadow IT within our environment through proxy log analysis based on risk assessments provided by Skyhigh Registry have been invaluable in helping us reduce our overall data risk."
 

Cons

"Overall, we are satisfied with it. However, the response part of the Cloud Detection and Response (CDR) module can be improved. It is not yet in place according to requirements; it is not completely available even though the module has been released."
"I sometimes have difficulty detecting or uninstalling certain versions of applications, which I have to do manually."
"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."
"We would like to see Windows-based sensors available in Qualys, as this would make the platform more versatile and support a broader range of environments."
"From a downside perspective, the UI is not user-friendly and feels dated compared to other tools like Prisma Cloud."
"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."
"The downside is only in container security, but it has not been a long time since they introduced these models."
"There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness."
"AWS Security Hub cannot scale up to multiple different cloud environments; it only works for AWS."
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."
"The solution is not wholly self-sufficient."
"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve."
"However, the sheer number of services can be overwhelming when implementing something new."
"The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update."
"Feature-wise, we are not able to do multi-cloud. We are doing individual cloud monitoring, and we see other tools are better than AWS Security Hub."
"The documentation could be improved."
"Skyhigh Security can be improved by addressing the current challenges we face with complex DLP policies that are difficult to manage, particularly in managing the exception rules in a large environment."
"It needs to be more user-friendly, as it is a little bit complicated to use."
"There isn't really any aspect that is lacking."
"The Skyhigh for Google Drive interface and policy engine is a bit confusing and limited when compared against other Google Drive CASB capabilities."
"The virtual solution requires improvement."
"One major challenge is that downloading incidents during the investigation process takes a very long time, and this issue should be resolved."
"The performance of the tool can be improved to provide faster report generation."
 

Pricing and Cost Advice

"Qualys TotalCloud offers competitive pricing given its comprehensive suite of features, including integration, assessment, remediation, and detection capabilities, all within a single platform."
"Qualys TotalCloud is cost-efficient and was selected for its value compared to other products."
"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."
"TotalCloud's price is about right where I would expect it to be."
"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."
"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."
"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."
"The price of the solution is not very competitive but it is reasonable."
"Security Hub is not an expensive solution."
"The pricing is fine. It is not an expensive tool."
"There are multiple subscription models, like yearly, monthly, and packaged."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"The price of AWS Security Hub is average compared to other solutions."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"AWS Security Hub's pricing is pretty reasonable."
"This is an expensive product, although it is made for larger enterprises and not for small organizations."
"The solution is quite expensive. As we take add-ons continuously as per our customer's requirements, there are additional charges."
"The tool is not expensive."
"The biggest thing to watch for is the difference in price per monitored user for the different API integrations."
"They definitely charge a huge amount. All the security service providers charge a huge amount."
"Pricing for Skyhigh Security is okay, though there's always a scope for price improvements. Its pricing is okay compared to other products because other products have very expensive licensing costs. Along with the licensing, support is also provided for Skyhigh Security, so pricing is reasonable, but if there's proactive or better support, that will justify the pricing. I haven't interacted with the Skyhigh Security technical support team yet, so I'd give pricing a four out of five rating for now."
"There is an annual licensing cost to use McAfee Web Gateway. The purchasing of licensing can be difficult for the government sector."
"The licensing fees are based on what environments you are monitoring."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
903,182 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Director of Operations at a comms service provider with 10,001+ employees
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Top Industries

By visitors reading reviews
Manufacturing Company
16%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Financial Services Firm
12%
Manufacturing Company
10%
Computer Software Company
9%
Comms Service Provider
7%
Financial Services Firm
14%
Manufacturing Company
10%
Government
9%
Construction Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise5
Large Enterprise14
By reviewers
Company SizeCount
Small Business32
Midsize Enterprise8
Large Enterprise49
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
What needs improvement with AWS Security Hub?
I do not see any areas for improvement in AWS Security Hub itself, but the cost factor is something that is the main ...
What is your primary use case for AWS Security Hub?
AWS Security Hub is something I have used daily as it is a part of my job for cloud security purposes. If you are dea...
What needs improvement with McAfee Web Gateway?
Skyhigh Security is, in my view, a strong platform. Of course, there are still areas where the user experience and op...
What is your primary use case for McAfee Web Gateway?
My main use case for Skyhigh Security is primarily for CASB functionality, SaaS security visibility, cloud data prote...
What advice do you have for others considering McAfee Web Gateway?
My main advice would be to spend enough time planning governance, policy design, and operational workflows before ena...
 

Also Known As

Qualys TotalCloud with FlexScan
SQRRL
McAfee MVISION Cloud, McAfee MVISION Unified Cloud Edge, McAfee Web Gateway, McAfee MVISION CNAPP, and Skyhigh Networks, McAfee Web Gateway
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
Edmunds, Frame.io, GoDaddy, Realtor.com
Western Union.Aetna.DirecTV.Adventist.Equinix.Perrigo.Goodyear.HP.Cargill.Sony.Bank of the West.Prudential.
Find out what your peers are saying about Wiz, Palo Alto Networks, Microsoft and others in Cloud Security Posture Management (CSPM). Updated: June 2026.
903,182 professionals have used our research since 2012.