Try our new research platform with insights from 80,000+ expert users

AWS Security Hub vs Trellix ESM comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AWS Security Hub
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
22
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (5th), Cloud Security Posture Management (CSPM) (12th)
Trellix ESM
Average Rating
7.4
Reviews Sentiment
7.4
Number of Reviews
36
Ranking in other categories
Security Information and Event Management (SIEM) (27th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. AWS Security Hub is designed for Cloud Security Posture Management (CSPM) and holds a mindshare of 4.6%, down 5.5% compared to last year.
Trellix ESM, on the other hand, focuses on Security Information and Event Management (SIEM), holds 0.9% mindshare, down 0.9% since last year.
Cloud Security Posture Management (CSPM)
Security Information and Event Management (SIEM)
 

Featured Reviews

MuhammadAzhar Khan - PeerSpot reviewer
Offers best practice recommendations and supports various compliance standards
Security Hub provides insightful information about what is running and where there might be weaknesses. It offers best practice recommendations and supports various compliance standards such as ISO and PCI DSS. Enabling these compliance checks helps identify non-compliant services and suggests steps to achieve compliance. The main advantage is providing information and compliance insights rather than prevention.
Daniel Durian - PeerSpot reviewer
Helps to monitor and detect cyberattacks
The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick. Trellix ESM provides situation awareness. On the dashboard, I can see outbound and inbound communications to known threat hosts, IPS/IDS activity, and threat intelligence of the perimeter defense in the firewall. This information helps preempt attacks.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Security Hub provides insightful information about what is running and where there might be weaknesses."
"The most valuable feature of AWS Security Hub is the ability to track when monitoring is not enabled on any of my resources."
"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"Cloudposse is a valuable feature as it guarantees my security."
"The solution shows us our compliance score."
"The most valuable feature of the solution stems from the fact that it is easy to manage...It is a scalable solution."
"One of the most effective features of AWS Security Hub is the easy access to a dashboard with a ready-to-use security score."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"It has performed well and delivered the results that I have been looking for."
"The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"The most valuable feature is that if the scanning does find something, it quarantines it. Then you can decide what you are going to do with it."
 

Cons

"The solution should be easier to learn and use"
"There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just suggesting them."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"Shortening the response time for support tickets, particularly in production issues, could make the service more efficient."
"I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier."
"We need more granular-level customizations to enable or disable the rules in AWS Security Hub."
"AWS Security Hub should improve the time it takes to update. It takes a long period of time when updating. It can take 24 hours sometimes to update. Additionally, when integrating this solution with more security tools, takes time."
"The solution lacks self-sufficiency."
"There's no software support from McAfee."
"It is not a very advanced solution, and it is for very generic use cases. It cannot cope with the advanced requirements that we're going to have. For example, for multiple authentication failures, it is still based on Windows events for detecting multiple login failures, whereas other companies are going beyond and working on implementing two-factor authentication. It is time to correlate the two-factor authentication results with authentification failures, which is not happening with McAfee ESM. The performance of the tool should be improved because it is very slow. The data display on the console is very slow in McAfee ESM. Its data storage is still old-fashioned, and it should be improved and upgraded to the latest versions. They have to come up with some new ideas to match what other leaders in the same domain are doing. For example, in Splunk, when you search for information for the last 60 days or five months, it quickly shows the information, but that is not the case with McAfee. The results should be quicker and faster on the console. They should integrate some additional features such as User Behavior Analytics (UBA) and automation. The threat intelligence part should also be improved on McAfee."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"Product-wise, adding accounts on a single data source by batch would be a really great help."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases."
 

Pricing and Cost Advice

"The pricing is fine. It is not an expensive tool."
"The price of AWS Security Hub is average compared to other solutions."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The price of the solution is not very competitive but it is reasonable."
"Security Hub is not an expensive solution."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"AWS Security Hub's pricing is pretty reasonable."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar."
"It is an inexpensive product. We purchase its yearly license."
"We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."
"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."
"The product is slightly expensive."
"McAfee is the right choice for a low-budget solution."
"We renew our license annually."
"The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Comparison Review

VS
Feb 26, 2015
HP ArcSight vs. IBM QRadar vs. ​McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm
We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
12%
Manufacturing Company
10%
Government
7%
Educational Organization
72%
Financial Services Firm
5%
Computer Software Company
4%
Comms Service Provider
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.
What needs improvement with AWS Security Hub?
There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just sugge...
What do you like most about McAfee ESM?
The solution's technical support is great.
What is your experience regarding pricing and costs for McAfee ESM?
Regarding pricing, Trellix ESM is not that expensive. It's less than half the cost of IBM QRadar.
What needs improvement with McAfee ESM?
The product is mature and needs little improvement, but we could enhance the customized dashboarding based on use cases.
 

Also Known As

SQRRL
McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager
 

Overview

 

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com
San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport
Find out what your peers are saying about AWS Security Hub vs. Trellix ESM and other solutions. Updated: October 2024.
849,190 professionals have used our research since 2012.