Introduction to AWS Security Hub
Centralized Security Alerts and Checks
AWS Security Hub is one of the most important AWS services when it comes to your cloud security posture. Instead of becoming overwhelmed by security alerts coming from all different areas, AWS Security Hub gives you a way to centrally manage these alerts and automate security checks across Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS IAM Access Analyzer, AWS Systems Manager, and AWS Firewall Manager. According to AWS, the main features of AWS Security Hub include:
- Consolidated findings across AWS services and partner integrations
- Automated, continuous security checks
- Curated security best practices
- Seamless integration through a standardized findings format
- Custom response and remediation actions
- Multi-account support
- Useful pre-defined security insights
- Custom insights for your environment
- Visual summary dashboard
- Diverse ecosystem of partner integrations
For more information on centralizing security alerts, visit the User Guide for AWS Security Hub.
AWS Security Hub is frequently updated with capabilities and they add security checks that you can implement in order to help you get a comprehensive view of your security alerts and security posture across your AWS environment. When you set up alerts with the various security tools that are out there – you might have alerts coming from GuardDuty or Inspector, Macie, IAM Access Analyzer, Systems Manager, Firewall Manager – there are so many alerts coming from so many places, it’s really hard to keep up with all of it. You can get very overwhelmed quickly. By ingesting all of this data into Security Hub, you can correlate all of these events that are occurring and get that unified view of your security tools and infrastructure in order to manage these alerts that are happening.
Beyond that, another really cool thing with Security Hub is automating security checks. You can establish policies in order to generate certain checks and understand whether something is in or out of compliance with the standard that you have established within Security Hub. For example, you could establish a policy so that any time you deploy a container image in an Amazon EKS cluster, it will check to see if the image contains a critical or high vulnerability. You’ll get an immediate alert to let you know if the container is complying with the policy that you’ve established. This way, you can receive that alert and make an immediate change, rather than waiting for some later time when you’re running a scan or some other control that you’ve put into place that might not happen for a week or a month. Finding those things out immediately makes it much easier to establish and view within AWS Security Hub.