Try our new research platform with insights from 80,000+ expert users

AWS Security Hub vs Zscaler Zero Trust Exchange Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AWS Security Hub
Ranking in Cloud Security Posture Management (CSPM)
12th
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
22
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (5th)
Zscaler Zero Trust Exchange...
Ranking in Cloud Security Posture Management (CSPM)
13th
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
63
Ranking in other categories
Data Loss Prevention (DLP) (3rd), Cloud Access Security Brokers (CASB) (3rd), Application Control (3rd), ZTNA as a Service (1st), Secure Access Service Edge (SASE) (2nd), Cloud-Native Application Protection Platforms (CNAPP) (10th), Remote Browser Isolation (RBI) (1st)
 

Mindshare comparison

As of April 2025, in the Cloud Security Posture Management (CSPM) category, the mindshare of AWS Security Hub is 4.6%, down from 5.5% compared to the previous year. The mindshare of Zscaler Zero Trust Exchange Platform is 1.2%, down from 1.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM)
 

Featured Reviews

MuhammadAzhar Khan - PeerSpot reviewer
Offers best practice recommendations and supports various compliance standards
Security Hub provides insightful information about what is running and where there might be weaknesses. It offers best practice recommendations and supports various compliance standards such as ISO and PCI DSS. Enabling these compliance checks helps identify non-compliant services and suggests steps to achieve compliance. The main advantage is providing information and compliance insights rather than prevention.
Sumit Bhanwala - PeerSpot reviewer
Cloud-based platform simplifies device and data center management
I find it to be good. The solution is cloud-based with the latest inspection engines, which I find to be amazing. We are less dependent on data centers and device management, which reduces our efforts significantly. It improves our device management, data center management, and updating devices. We need fewer engineers for this management, and it reduces time and efforts for data center management, device upgrades, and IT support.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"AWS Security Hub provides comprehensive alerts about potential compliance issues with CIS standards. The integration with third-party tools is another excellent feature. All our workloads are on AWS."
"The solution shows us our compliance score."
"Very good at detection and providing real-time alerts."
"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"Cloudposse is a valuable feature as it guarantees my security."
"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"I find all of the features to be highly valuable."
"We don't need to connect anymore. It is automatically connected when you log on in Windows."
"The solution offers a simplified network infrastructure and security functions and it enables secure remote access for the users"
"The scalability of the solution is great."
"The most valuable feature is its seamless integration capabilities, streamlining the process by eliminating the need for extensive installations."
"The most valuable features of Zscaler Private Access are reliability, scalability, and availability."
"SASE's most valuable features are proxy and content filtering."
"The most valuable features are the File Type Control and SSL bypass policies. We"
"The most valuable feature is its ability to establish connectivity for remote users and remote endpoints. It offers a high level of granularity compared to typical VPNs, which also encapsulate a lot of I/O."
 

Cons

"The solution will only give you insight if you have configure rule enabled. It should work more like Prisma Cloud and Dome9 which have a better approach."
"Many findings are too generic or irrelevant to the environment, which can lead to false positives."
"There is room for improvement in implementing AI capabilities."
"I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"Security Hub is currently not worth investing in, as it requires more configurations and integration with other services to work effectively."
"Security Hub is currently not worth investing in, as it requires more configurations and integration with other services to work effectively."
"Whenever my team gets some alarms from the central team, my team needs to initiate whether it's a real or false trigger. The central team needs to keep adjusting to the parameters or at least the concerned IPs, whether it's really from the company's pool of IPs, so the trigger process can be improved. In the next release of AWS Security Hub, I'd like a better dashboard that could result in better alert visibility."
"There could be additional ways to define proximity. Additionally, they should provide some exclusion options for specific policies and an ability to control the DLP engine."
"Zscaler Cloud DLP needs to improve its compatibility with other security tools."
"There is some issue while accessing the portal. It takes too long."
"The product must allow users to check logs for an entire year in the local console."
"The solution's granularity should be improved because it has limited granular options to control, visible, allow, block, delay, and receive."
"Setup is a bit complex because there are many steps that need to be taken before onboarding and activating the solution."
"We have issues with the tool's maintenance and networking. It should be able to work in offline mode as well."
"It has massive room for improvement. The Zscaler product itself is okay, but it doesn't give enough granularity for us as an organization to stipulate rules or processes, especially for data-driven services. For instance, we can stick on SSL inspection, but it's just a click box. It doesn't allow us to go any further into the detail of the SSL inspection. We also can't pull it out without having an additional logging server. It just doesn't give us enough granularity. They should give us more control over the interfaces because it is all backend. They weren't very open to discussing their backend architecture with us in terms of their own data centers. They can maybe a little bit more open about what components are there and how the backend infrastructure works alongside Zscaler. Its licensing can be better. Some of the additional licensing costs are quite high, and they should have certain features ready and available as a baseline rather than having to purchase additional licenses for it. Their support should also be improved. I initially had a consultant from Zscaler for its deployment, but the support that I had throughout the deployment of the project wasn't the best."
 

Pricing and Cost Advice

"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"AWS Security Hub's pricing is pretty reasonable."
"The price of AWS Security Hub is average compared to other solutions."
"The pricing is fine. It is not an expensive tool."
"The price of the solution is not very competitive but it is reasonable."
"Security Hub is not an expensive solution."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"Zscaler DLP solution is expensive, with a fixed pricing structure that is billed annually and monthly. There are no additional costs for licenses."
"My company is a Zscaler Private Access partner, so the customers pay for the license fees."
"Pricing for Zscaler Private Access is moderate. It's acceptable, though I can't give you the exact price currently. It's not too expensive, and on a scale of one to five, I would rate it a four out of five in terms of pricing."
"The solution is expensive."
"The cost is expensive. It depends on the number of users."
"It is an auto-renewal subscription service."
"The pricing is quite high, especially when it comes to the gateway."
"Zscaler CASB is an expensive solution."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
12%
Manufacturing Company
10%
Government
7%
Computer Software Company
16%
Financial Services Firm
13%
Manufacturing Company
10%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.
What needs improvement with AWS Security Hub?
There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just sugge...
What is the better solution - Prisma Access or Zscaler Private Access?
We looked into Prisma Access before choosing Zscaler Private Access (ZPA). Palo Alto’s Prisma Access is a secure access service edge (SASE) designed to deliver network security in a cloud-deliver...
What do you like most about Zscaler SASE?
The most valuable features of Zscaler Private Access are reliability, scalability, and availability.
What is your experience regarding pricing and costs for Zscaler SASE?
Zscaler SASE is quite expensive compared to other solutions. The price is not fixed and it does not include all of the features, so my advice for organizations would be to evaluate their specific n...
 

Also Known As

SQRRL
Zscaler SASE, Zscaler DLP, Zscaler CASB, Zscaler CSPM, Zscaler Browser Isolation, Zscaler Posture Control
 

Overview

 

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com
Siemens, AutoNation, GE, NOV
Find out what your peers are saying about AWS Security Hub vs. Zscaler Zero Trust Exchange Platform and other solutions. Updated: March 2025.
849,190 professionals have used our research since 2012.