AWS Security Hub vs. SentinelOne Singularity

I don't think there's yet a perfect tool in this category of security and incident aggregators, but AWS Security Hub is an excellent tool for having visibility into our overall security posture. It is a great aggregator for many AWS services but also for third party security tools with which it integrates really well.

Incentivized

It works extremely well for investigating the root cause analysis of events because you can see so much detail into what was happening before, after, and around the detective incident. A weak point would be when the AI gets a little over-aggressive or doesn’t quite understand the use case for specific tools. Our RMM tool was detected as a pup.

• Alerting
• Aggregation, organization and prioritization of security alerts and events
• Third party integration

Incentivized

• Installs on all of our Windows machines and only requires 1 reboot for the install to finish.
• It allows you to customize the UI and filters based on your use case.
• Gives a very high level of visibility into any concerns you have or should have in your network.

Incentivized

• Not easy to read past data, especially once it moves into Glacier deep storage
• performance is somewhat sluggish ... other systems are much faster to analyze data
• Doesn't always provide a remediation solution or suggested fix like other 3rd party tools like Qualys.
• It's hard to get the initial configuration and enrollment completed as there's a lot of manual intervention for every configured rule that needs to be enabled
• alerts are often times delayed

Incentivized

• Possibly for compatibility with legacy Windows OS's and non Windows OS's.
• Some settings are greyed out and unable to change but I believe this is to protect you from making a bad configuration change.
• Could do better with reporting at the base level subscription.

Incentivized

Reliable for simple installation and above all efficient

Incentivized

AWS always good with usability and same here for AWS Security Hub. A lot of good documentation is available to read and configure your own. We also started with looking at the videos and documentation to configure automation for our compliance checks. And to configure there are very less steps to be followed which is a very good thing for faster configuration.

Incentivized

There are some minor issues with the platform that can be mildly frustrating, but the overall performance, peace of mind, and ROI make it worth using. The management console is intuitive and easy to learn, the endpoint clients are simple but give IT professionals enough data to make management easy and simple

Incentivized

Their support is good and quick to respond. The one issue we faced was when a non-protection issue arose there was a lot of dancing around trying to figure things out. This was frustrating as it took significantly longer to figure out issues. Lots of repetitive log gathers, screen caps, uninstalls that never seemed to resolve issues. Eventually, the product would be updated and the issue seemed to be resolved, but seemed to be the only solution.

Incentivized

AWS Security Hub is it's own unique program that I have used. I haven't used anything similar to it and it was worth it to try out. However, for those that want to keep for long, it will be very heavy in term of budget and resource that they have to provide.

Incentivized

SentinelOne had all of the major features that we were looking for. The other products either required too much administrative attention or were lacking key features. For example, one could be uninstalled by the end user. We required that the installation be password protected to protect against end user disabling or uninstalling. One product required manual intervention for all remediation which put to high a burden on limited staff. All products are always being revised so these may no longer be issues but they had a significant impact on our decision.

Incentivized

• Since we have started using this, we could notice a drop of security issues

Incentivized

• SentinelOne has already proved its value by stopping attacks that would have gone otherwise unnoticed until much later in their infection process.
• The Vigilance team has provided quick response to threats that were not easily contained via the automated response SentinelOne's agents provide. This has given us a significant piece of mind.

Incentivized