AWS Security Hub gives users a comprehensive view of your high-priority security alerts and security posture across AWS accounts. With Security Hub, users have a single place that aggregates, organizes, and prioritizes security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Identity and Access Management (IAM) Access Analyzer, and AWS Firewall Manager, as well as from AWS Partner solutions.
N/A
Splunk On-Call
Score 6.1 out of 10
N/A
Formerly known as VictorOps, Splunk On-Call is an incident response system for developers, devops and operations teams that helps reduce outage time.
AWS Security Hub is it's own unique program that I have used. I haven't used anything similar to it and it was worth it to try out. However, for those that want to keep for long, it will be very heavy in term of budget and resource that they have to provide.
AWS stacks up very similarly to Splunk but being that it's an AWS tool it is better able to natively monitor our AWS footprint, unlike splunk which requires an appliance and / or forwarding agent for it to work properly. The same can be said about some other tools like …
The GuardDuty and Inspector components have been invaluable for us. We don't use all of AWS Security Hub because we're comfortable with the our other tooling which we use for other aspect of our IT operations.
Splunk stacks really well due to its native integration with Splunk Products. The platform provides direct access to all the underlying data which is part of the investigation and this really adds tremendous value to the overal incident handling and management process. Also, …
Splunk On-Call integrates better with our Splunk Cybersecurity and Reporting products due to the same family tree of the same eco system. We were previously using built-in on-call from individual applications and while adequate, they were difficult to manage and support SLA …
Splunk is more intelligent, easy, and faster compared to other tools in the market. Easy to configure, and customization can be done easily. It's more user-friendly, and it adds more value when I mention about the navigation panel. Multi-level escalations and root cause …
We really liked PagerDuty but it got too expensive for us. In my opinion, PagerDuty has a nicer UI/UX and iPhone app as it's done well and has some fun associated with it. However, the pricing model became too expensive for the features we needed. VictorOps is one of several …
Both VictorOps and Pagerduty do a great job at hands-off alerting people of all their systems neeeds. If used properly it allows everyone, devs, ops, and managers to see into the status of the systems and see what systems and processes need to be improved based upon the types …
AWS Security Hub is mainly for protecting your software, video games, web application, etc... from external digital threats. This is a must for all software out there that can afford it. This also require a decent amount of resources to mitigate problems so that the monitoring page isn't overloaded. So overall, a large amount of budget and manpower is required to maintain this product.
Splunk On-Call has proved to be a great help in incident response within my organization. With the scheduling and assignment feature it is never in question which engineer is tasked with each assignment/incident. Being able to quickly and easily access all relevant logs greatly expedites incident resolution time. I would argue that the larger the environment and incident volume, the more important a tool such as this will prove to be.
Not easy to read past data, especially once it moves into Glacier deep storage
performance is somewhat sluggish ... other systems are much faster to analyze data
Doesn't always provide a remediation solution or suggested fix like other 3rd party tools like Qualys.
It's hard to get the initial configuration and enrollment completed as there's a lot of manual intervention for every configured rule that needs to be enabled
AWS always good with usability and same here for AWS Security Hub. A lot of good documentation is available to read and configure your own. We also started with looking at the videos and documentation to configure automation for our compliance checks. And to configure there are very less steps to be followed which is a very good thing for faster configuration.
VictorOps support has proven excellent for us. Because it is such a widely used tool, there is a lot of documentation on usage, and a large community of users to lean on. Also, many engineers have had experience working with VictorOps already, and the tool is so easy to setup / manage that much support isn't really necessary.
AWS stacks up very similarly to Splunk but being that it's an AWS tool it is better able to natively monitor our AWS footprint, unlike splunk which requires an appliance and / or forwarding agent for it to work properly. The same can be said about some other tools like Dynatrace. Dynatrace has a much more pleasant user interface that the senior management seems to like more, but AWS Security Hub has better options, a more straightforward rules engine and is less expensive than both Splunk and Dynatrace
Splunk is more intelligent, easy, and faster compared to other tools in the market. Easy to configure, and customization can be done easily. It's more user-friendly, and it adds more value when I mention about the navigation panel. Multi-level escalations and root cause analysis is done in an intelligent way. Troubleshooting is faster.