Try our new research platform with insights from 80,000+ expert users

AWS Security Hub vs Zscaler Zero Trust Exchange Platform comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 12, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

AWS Security Hub
Ranking in Cloud Security Posture Management (CSPM)
12th
Average Rating
7.6
Reviews Sentiment
7.2
Number of Reviews
22
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (5th)
Zscaler Zero Trust Exchange...
Ranking in Cloud Security Posture Management (CSPM)
13th
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
63
Ranking in other categories
Data Loss Prevention (DLP) (3rd), Cloud Access Security Brokers (CASB) (3rd), Application Control (3rd), ZTNA as a Service (1st), Secure Access Service Edge (SASE) (2nd), Cloud-Native Application Protection Platforms (CNAPP) (10th), Remote Browser Isolation (RBI) (1st)
 

Mindshare comparison

As of April 2025, in the Cloud Security Posture Management (CSPM) category, the mindshare of AWS Security Hub is 4.6%, down from 5.5% compared to the previous year. The mindshare of Zscaler Zero Trust Exchange Platform is 1.2%, down from 1.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Cloud Security Posture Management (CSPM)
 

Featured Reviews

MuhammadAzhar Khan - PeerSpot reviewer
Offers best practice recommendations and supports various compliance standards
Security Hub provides insightful information about what is running and where there might be weaknesses. It offers best practice recommendations and supports various compliance standards such as ISO and PCI DSS. Enabling these compliance checks helps identify non-compliant services and suggests steps to achieve compliance. The main advantage is providing information and compliance insights rather than prevention.
Sumit Bhanwala - PeerSpot reviewer
Cloud-based platform simplifies device and data center management
I find it to be good. The solution is cloud-based with the latest inspection engines, which I find to be amazing. We are less dependent on data centers and device management, which reduces our efforts significantly. It improves our device management, data center management, and updating devices. We need fewer engineers for this management, and it reduces time and efforts for data center management, device upgrades, and IT support.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most beneficial aspect of Security Hub is its proactive capability, allowing us to identify potential security issues before they escalate."
"I like that AWS Security Hub currently has several good features, around four or five. The technical support for AWS Security Hub is also responsive."
"I really like the seamless integration with the AWS account structure. It can even be made mandatory as part of the landing zone. These are great features. And there's a single pane of glass for the entire account."
"The advantage is that it is cloud-native, and we do not need to install agents or sensors to find findings."
"Cloudposse is a valuable feature as it guarantees my security."
"The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud."
"The best feature of AWS Security Hub is that you can get compliance or your cloud's current security posture."
"I rate Security Hub ten out of ten for stability."
"The ZPA is a unique feature which offers VPN along with all the additional security needed."
"The most valuable feature is its seamless integration capabilities, streamlining the process by eliminating the need for extensive installations."
"The solution is the best for storage."
"The scalability of the solution is great."
"It has some good data security and WIP features, providing secure Internet access."
"It does the job. What it is needed for. I can use it for VPN, I can use it for secure connections, I can use it as a firewall. So the solution does the job."
"The most valuable features of this solution are the CASB solutions, which is protecting their Office 365."
"The best feature is the ability to establish the connection between your public network and automatically connect to the intranet connection."
 

Cons

"There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just suggesting them."
"Security needs to be measured based on their own criteria. We can't add custom criteria specific to our organization. For example, having an S3 bucket publicly available might be flagged as a critical alert, but it might not be critical in a sandbox environment. So, it gets flagged as critical, which becomes a false positive. So, customization options and creating custom dashboards would be areas for improvement."
"The telemetry doesn't always go into the control center. When you have multiple instances running in AWS, you need a control tower to take feeds from Security Hub and analyze your results. Sometimes exemptions aren't passed between the control tower and Security Hub. The configuration gets mixed up or you don't get the desired results."
"From an improvement perspective, there is a need to add more compliance since, right now, AWS Security Hub only provides four to five compliances to control the tool."
"I would like a more fine-grained capability for creating custom rules and a more user-friendly experience programmatically in writing queries and configuring custom security rules, making it quicker and easier."
"The support must be quicker."
"The solution lacks self-sufficiency."
"The user interface, graphs, and dashboards of the solution could improve in the future. They are not very sophisticated and could use an update."
"Zscaler Cloud DLP needs to improve its compatibility with other security tools."
"Conflicts arise if you do not have the same management teams on the product."
"The area that requires improvement is their support. The current support is lacking."
"The product is not reliable."
"Occasionally, issues arise in the LogStack by a third party, particularly for government websites accessed by numerous users."
"The interface needs a bit of work."
"The only issue with Zscaler Cloud DLP is that it only gives you DLP protection from web traffic, which is flowing out, while a full-blown DLP solution such as Forcepoint or Symantec gives you DLP coverage for multiple channels. Zscaler Cloud DLP doesn't give you coverage for email, fax, and USB channels, and this is the only challenge or room for improvement in the solution. It's just an extension on top of what you're buying on the proxy, so it's just an added layer, and it doesn't cover DLP on a very broad level. I'm unsure if Zcaler is in the business of competing with a full-blown DLP solution, and if there's a plan to expand the features of Zscaler Cloud DLP beyond the web channel because you'll have to deploy a full-blown agent for it. I'm unsure if this is on the cards because the solution is just an added layer that you get with your proxy. I've asked the Zcaler team whether there's a plan to go full DLP in the future, but I didn't get a positive response. There isn't any feature I'd like added to Zscaler Cloud DLP currently, because anything you could think of that should be in cloud or SaaS solutions is already there, except for machine learning, as it's the only functionality that seems to be lacking in the solution. Machine learning is an additional policy available in other DLP solutions in the market, but my team didn't find it in Zscaler Cloud DLP."
"There is improvement in enhancing proper manageability, policies, and logs. So, log management could be improved."
 

Pricing and Cost Advice

"The cost is based on the number of compliances, core checks, and services required, and for more than 10,000 recommendations, the charge is just one dollar."
"There are multiple subscription models, like yearly, monthly, and packaged."
"The price of AWS Security Hub is average compared to other solutions."
"The pricing is fine. It is not an expensive tool."
"The price of the solution is not very competitive but it is reasonable."
"Security Hub is not an expensive solution."
"AWS Security Hub is not an expensive tool. I would consider it to be a cheap solution. AWS Security Hub follows the PAYG pricing model, meaning you will have to pay for whatever you use."
"AWS Security Hub's pricing is pretty reasonable."
"Zscaler DLP solution is expensive, with a fixed pricing structure that is billed annually and monthly. There are no additional costs for licenses."
"The pricing is quite high, especially when it comes to the gateway."
"Zscaler Private Access is extremely expensive."
"The price is competitive."
"Zscaler SASE software is quite expensive compared to other solutions"
"It is an auto-renewal subscription service."
"The cost is expensive. It depends on the number of users."
"The solution is expensive."
report
Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Comparison Review

it_user186927 - PeerSpot reviewer
Feb 16, 2015
Cybereason vs. Interset vs. SQRRL
Capture DB - they all use NoSQL db and hence solve the ad hoc query and 'go back in time' problem with current best of breed SIEM and DLP solutions that rely on real time analysis of incoming logs (and don't store them). This means deeper and quicker iterative threat analysis and assessment…
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
13%
Manufacturing Company
9%
Government
7%
Computer Software Company
16%
Financial Services Firm
13%
Manufacturing Company
10%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What do you like most about AWS Security Hub?
The most valuable features of the solution are the scanning of all the cloud environments and most of the compliances available in the cloud.
What needs improvement with AWS Security Hub?
There is room for improvement in implementing AI capabilities. It would be beneficial for Security Hub to implement preventative measures and to directly apply recommendations instead of just sugge...
What is the better solution - Prisma Access or Zscaler Private Access?
We looked into Prisma Access before choosing Zscaler Private Access (ZPA). Palo Alto’s Prisma Access is a secure access service edge (SASE) designed to deliver network security in a cloud-deliver...
What do you like most about Zscaler SASE?
The most valuable features of Zscaler Private Access are reliability, scalability, and availability.
What is your experience regarding pricing and costs for Zscaler SASE?
Zscaler SASE is quite expensive compared to other solutions. The price is not fixed and it does not include all of the features, so my advice for organizations would be to evaluate their specific n...
 

Also Known As

SQRRL
Zscaler SASE, Zscaler DLP, Zscaler CASB, Zscaler CSPM, Zscaler Browser Isolation, Zscaler Posture Control
 

Overview

 

Sample Customers

Edmunds, Frame.io, GoDaddy, Realtor.com
Siemens, AutoNation, GE, NOV
Find out what your peers are saying about AWS Security Hub vs. Zscaler Zero Trust Exchange Platform and other solutions. Updated: March 2025.
842,767 professionals have used our research since 2012.