The AWS Security Hub: An Overview
Erik Rush | Jun. 17, 2021
In today’s business landscape, data security is of vital importance to organizations, and data is increasingly their most coveted asset. Organizations of all types must ensure that their data is available to authorized users and applications while also ensuring that it remains unavailable to anyone (or anything) else.
Since Amazon Web Services (AWS) is now providing so many services to help organizations achieve their security objectives, we thought this would be a good time (and place) to provide an overview of the AWS Security Hub.
Security Hub Capabilities, Revisited
AWS continually engages with organizations and users to determine what features they’d like to see on the platform, their Security Hub included. Recently, AWS discovered that their customers sought the following capabilities to properly secure their environments:
- Standardized alert formats and automated investigation across all AWS and non-AWS sources transmitting alerts,
- A way to keep track of and ensure adherence to compliance standards,
- Prioritization of alerts with insights to determine alert priorities,
- A single, aggregating screen representing overall security and compliance across multiple connected AWS accounts.
In lay terms, the AWS Security Hub is a service that consolidates, organizes and prioritizes security alerts from other AWS services like GuardDuty, Inspector and Macie, as well as AWS Partners like F5, Palo Alto, Trend Micro, Splunk and Sumologic. Security Hub provides organizations with this single, aggregating screen from which they can manage their security and compliance across their entire infrastructure and act on security events in a timely manner.
Navigating Security Hub & Features
One of the most impressive features of Security Hub is its continuous automated compliance checks using the CIS AWS Foundations Benchmark, which consists of 43 best practice checks. In order to allow Security Hub to perform each of the automated compliance checks, AWS Config must be enabled (AWS Config can be enabled prior to enabling Security Hub, although this is not required). If AWS Config is enabled after Security Hub, a message within the Security Hub interface will appear, indicating that it could take up to 12 hours for compliance data to update.
Once you’ve enabled Security, you may then complete the integration with AWS GuardDuty, Inspector and Macie. After that, any security findings, or insights, from these services are pulled into Security Hub. The Summary page provides an “at a glance” view, detailing top security findings and insights, the AWS service integration status and CIS AWS Foundations compliance. You can drill down into any insight or status by clicking the blue text within the console.
Within Security Hub, AWS has a number of managed and static insights which assist in prioritizing identified security findings as quickly as possible. Insights are security events that will require your attention. AWS managed insights cannot be changed, but administrators can create custom insights within Security Hub to better track security issues and risks that are specific to your AWS environment.
Third Party Products
Once you’ve enabled integration with a given third party product, security findings from that solution are imported into Security Hub. Security Hub can be integrated with over 30 third party solutions, with that number expected to increase as increasing numbers of organizations adopt AWS and vendors configure their solutions to support Security Hub’s import file format. Security Hub findings and insights can also be exported to SIEM products like Splunk.
With a few easy clicks, AWS Security Hub allows you to quickly evaluate your AWS security and compliance posture through the Summary page, as well as performing continuous automated compliance checks using the CIS AWS Foundations Benchmark.
Order of the Cipher is an Amazon Web Services (AWS) training company and a novel approach to cybersecurity training that combines theatrical presentation with proven teaching techniques. We’ve mastered Amazon Web Services, and we’ve perfected how to showcase the versatility and capability of AWS technology in a manner that provides real-world immersion experiences that prepare students to expertly navigate the AWS ecosystem.