AWS Security Hub vs Splunk SOAR comparison

Amazon Web Services (AWS) and Splunk are both solutions in the Security Orchestration Automation and Response (SOAR) category. Amazon Web Services (AWS) is ranked #5 with an average rating of 7.6, while Splunk is ranked #3 with an average rating of 8.1. Amazon Web Services (AWS) holds a 11.3% mindshare in SOAR, compared to Splunk’s 8.8% mindshare. Additionally, 90% of Amazon Web Services (AWS) users are willing to recommend the solution, compared to 87% of Splunk users who would recommend it.

AWS Security Hub

Read 19 AWS Security Hub reviews

4,611 Views
3,892 Comparison Views

90% willing to recommend

Splunk SOAR

Read 43 Splunk SOAR reviews

5,505 Views
3,291 Comparison Views

87% willing to recommend

AWS Security Hub

Splunk SOAR

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 4, 2024

Splunk SOAR and AWS Security Hub compete in the security orchestration and management category. AWS Security Hub seems to have the upper hand due to its seamless integration with other AWS services.

Features: Users value Splunk SOAR for its extensive playbooks, customization options, and nuanced automated responses. AWS Security Hub is praised for its ability to aggregate and prioritize security alerts, centralized security management, and integration with AWS services.

Room for Improvement: Users suggest Splunk SOAR improve integration with non-Splunk products, enhance scalability, and streamline user interface. AWS Security Hub could benefit from more granular alerting functions, deeper integrations with non-AWS ecosystems, and improved documentation.

Ease of Deployment and Customer Service: Splunk SOAR has a steep learning curve but strong customer support. AWS Security Hub is easier to deploy in AWS environments but has mixed feedback on support responsiveness.

Pricing and ROI: Splunk SOAR's setup cost is high, achieving ROI through process automation. AWS Security Hub is considered cost-effective in AWS environments, with ROI tied to enhanced security posture management.

To learn more, read our detailed AWS Security Hub vs. Splunk SOAR Report (Updated: October 2024).

Buyer's Guide

AWS Security Hub vs. Splunk SOAR

October 2024

Download the complete report

Helped 814,763 peers since 2012

Categories and Ranking

AWS Security Hub

Ranking in Security Orchestration Automation and Response (SOAR)

5th

Average Rating

7.6

Reviews Sentiment

7.7

Number of Reviews

Ranking in other categories

Security Information and Event Management (SIEM) (7th), Cloud Security Posture Management (CSPM) (14th)

Splunk SOAR

Ranking in Security Orchestration Automation and Response (SOAR)

3rd

Average Rating

8.2

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of November 2024, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of AWS Security Hub is 11.3%, up from 10.9% compared to the previous year. The mindshare of Splunk SOAR is 8.8%, down from 9.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Orchestration Automation and Response (SOAR)

Featured Reviews

CobusFrey

Product Owner Global Cloud at Tyme

Apr 8, 2024

Not only does it easily integrate with third-party tools but also allows auto synchronization of logs

AWS Security Hub has advanced quite a bit over the last couple of years. The features are quite rich now. Before purchasing, one should develop an understanding of the product. I believe AWS Security Hub is one of the most friendly solutions for integration with third-party tools. I find the integration of AWS Security Hub to be the easiest with tools from Microsoft and a bit difficult with Google solutions. AWS Security Hub is compliant in many different ways. The development business I am part of is SOC compliant for AWS Security Hub, while the banks our organization works with have been PCI compliant for AWS Security Hub for three years. I would definitely recommend AWS Security Hub to others, yet I would also inquire about their purpose and knowledge of cloud solutions. If you know how to use AWS Security Hub, it can be a great solution to work with. The solution is more suitable for people working in the cloud instead of on-premises. I would rate AWS Security Hub a nine out of ten.

Read full review

Ryan Plas

SOAR Engineer at Accenture Federal Services

Jun 12, 2024

Offers playbook automation that helps reduce the manual and tedious work for users

When it comes to Splunk SOAR's ability to provide end-to-end visibility into our company's cloud-native environment, I would say that we are not using the cloud portions of it. I don't know if that's super relevant to what we are doing in our organization. I am 100 percent sure that Splunk SOAR helped reduce your mean time to resolve, but I don't have any metrics on hand but I know it has dramatically decreased. The tool has helped with the business resilience part. I think having it as a platform has been a solid portion of the product that we offer to people. Spunk SOAR has definitely saved my time in alert triage. When some of the tedious enrichment and lookup stuff happens, the analyst doesn't have to deal with such areas, and they can just jump in and see relevant data all in one pane of glass, which has been super helpful for speeding things up. The unified platform helps consolidate networking, security, and IT observability tools. The consolidation of tools impacts our organization as it just helps focus the SOC analyst on a single unified place to find information. It helps keep things streamlined and regular so they know where to look for certain stuff they want. It really helps people with training. It is a really easy tool to onboard people into because everything is right there in the product itself. The product is really great. I would love to see more SOAR innovation going into the tool, especially the on-premises version since it is what we use in our company. I feel the tool needs to encourage continuous improvements, but as a product itself, my company is really happy with the solution. I rate the tool an eight out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"AWS Security Hub has very good integration features. It allows for AWS native services integration, and it helps us to integrate some of the services outside of AWS. They have partners, such as Amazon Preferred Network Partners (APN). If you have different security tools around APN, we can integrate those findings with AWS Security Hub reducing the need to refer to different portals or different UIs. You can have AWS Security Hub act as a single common go-to dashboard."

"The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture."

"Finding out if your infrastructure is secure is a valuable feature."

"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."

"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."

"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."

"Very good at detection and providing real-time alerts."

"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."

More AWS Security Hub pros

"I'm just a beginner on the solution and it's pretty easy for me to use."

"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."

"Splunk has many features that make work easier, and it's simple to implement in a large production environment. Splunk collects a massive amount of data from cloud servers and handles it perfectly."

"Splunk SOAR's extensive library of pre-built integrations allows it to connect with a vast array of popular security and IT applications, streamlining workflows across our existing security stack."

"Our customers find it easy to conduct searches and consider it an excellent content management system."

"Its ability to integrate with other systems and applications in our environment is pretty easy. Sometimes if we see any complexity we try to involve a consultant to help us. Everything is through the built-in app. Splunk can connect to any assets through the built-in app. It could be in a platform, firewalls, or endpoints. It's easy if it's an app integration."

"The solution’s dashboard is really good and customizable. It also has a good UI."

"The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us."

More Splunk SOAR pros

Cons

"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."

"AWS Security Hub's configuration and integration are areas where it lacks and needs to improve."

"Adding SIEM features would be beneficial because of the limited customization of AWS Security Hub."

"The solution lacks self-sufficiency."

"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."

"It is not flexible for multi-cloud environments."

"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."

"The solution should be easier to learn and use"

More AWS Security Hub cons

"Creating playbooks using the solution’s playbook editor, for me, is very cumbersome. There have been instances where I have said to myself that I just don't want to use this editor. I might just use a code block and write my own code within it... The functionality in the playbook editor is 80 percent there, but that 20 percent is still lacking. They could make it more efficient."

"It could be easier to implement."

"Improving the integration ecosystem can raise the quality of the bottom tier of the integrations so that they can work better out of the box."

"We have playbooks written to extract these events and put them into the workflow since it wasn't structured as expected. It was a miss for us. We couldn't figure out why it broke or what actually happened there. It was something in this feed with legitimate and security events, so we tried to understand the names and what we would call them."

"Some of the training materials are on a basic level."

"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."

"Providing Splunk app developers and playbook developers Python Stub files so that way when they create custom code through their IDE, they can have IntelliCode suggestions."

"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."

More Splunk SOAR cons

Pricing and Cost Advice

"The pricing is fine. It is not an expensive tool."

"AWS Security Hub's pricing is pretty reasonable."

"Security Hub is not an expensive solution."

"The price of AWS Security Hub is average compared to other solutions."

"The price of the solution is not very competitive but it is reasonable."

"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."

"There are multiple subscription models, like yearly, monthly, and packaged."

"The licensing cost is reasonable."

"I found the price of Splunk SOAR to be good."

"It's very overpriced because it is based on the number of users. There is no bulk licensing."

"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."

"Splunk SOAR is an expensive solution for an organization of our size."

"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."

"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."

"When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."

More Splunk SOAR pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.

See recommendations

814,763 professionals have used our research since 2012.

Comparison Review

it_user186927

Director of Operations at Bell

Feb 16, 2015

Cybereason vs. Interset vs. SQRRL

Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…

Read full review

Top Industries

By visitors reading reviews

Computer Software Company

15%

Financial Services Firm

13%

Manufacturing Company

Government

Computer Software Company

15%

Financial Services Firm

13%

Manufacturing Company

11%

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

See all answers

What do you like most about AWS Security Hub?

The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.

See all answers

What needs improvement with AWS Security Hub?

Many findings are too generic or irrelevant to the environment, which can lead to false positives. It can be challenging to suppress or turn off these findings. Turning specific findings on or off ...

See all answers

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

See all answers

What is your experience regarding pricing and costs for Splunk Phantom?

I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...

See all answers

What needs improvement with Splunk Phantom?

The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...

See all answers

Comparisons

Microsoft Sentinel vs AWS Security Hub

Compared 38% of the time

Wiz vs AWS Security Hub

Compared 12% of the time

Prisma Cloud by Palo Alto Networks vs AWS Security Hub

Compared 11% of the time

Microsoft Defender for Cloud vs AWS Security Hub

Compared 6% of the time

Google Chronicle Suite vs AWS Security Hub

Compared 6% of the time

More AWS Security Hub Competitors

Cortex XSIAM vs Splunk SOAR

Compared 26% of the time

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 20% of the time

ServiceNow Security Operations vs Splunk SOAR

Compared 8% of the time

Tines vs Splunk SOAR

Compared 8% of the time

Cyware Cyber Fusion vs Splunk SOAR

Compared 1% of the time

More Splunk SOAR Competitors

Product Reports

Buyer's Guide

AWS Security Hub

November 2024

Download AWS Security Hub product report

Buyer's Guide

Splunk SOAR

October 2024

Download Splunk SOAR product report

Also Known As

SQRRL

Phantom

Learn More

Amazon Web Services (AWS)

Splunk

Overview

AWS Security Hub is a comprehensive security service that provides a centralized view of security alerts and compliance status across an AWS environment. It collects data from various AWS services, partner solutions, and AWS Marketplace products to provide a holistic view of security posture. With Security Hub, users can quickly identify and prioritize security issues, automate compliance checks, and streamline remediation efforts.

The service offers a range of features including continuous monitoring, threat intelligence integration, and customizable dashboards. It also provides automated insights and recommendations to help users improve their security posture. Security Hub integrates with other AWS services like Amazon GuardDuty, AWS Config, and AWS Macie to provide a unified security experience. Additionally, it supports integration with third-party security tools through its API, allowing users to leverage their existing security investments.

With its user-friendly interface and powerful capabilities, AWS Security Hub is a valuable tool for organizations looking to enhance their security and compliance posture in the cloud.

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com

Recorded Future, Blackstone

Buyer's Guide

AWS Security Hub vs. Splunk SOAR

October 2024

Free Report: AWS Security Hub vs. Splunk SOAR

Find out what your peers are saying about AWS Security Hub vs. Splunk SOAR and other solutions. Updated: October 2024.

DOWNLOAD NOW

814,763 professionals have used our research since 2012.

See our AWS Security Hub vs. Splunk SOAR report.

See our list of best Security Orchestration Automation and Response (SOAR) vendors.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.