⬡ Hub
Skip to content

AWS Security Hub

AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation.

Key Concepts

1. Centralized Security View

Security Hub provides a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions.

2. Security Standards

Security Hub runs continuous, automated security checks based on AWS best practices and industry standards. The supported standards include: * AWS Foundational Security Best Practices (FSBP): A set of controls that detect when your deployed accounts and resources deviate from security best practices. * CIS AWS Foundations Benchmark: A set of security configuration best practices for AWS. * Payment Card Industry Data Security Standard (PCI DSS): A standard for organizations that handle branded credit cards. * NIST Special Publication 800-53: A catalog of security and privacy controls for all U.S. federal information systems except those related to national security.

3. Findings

A finding is a potential security issue. Security Hub generates its own findings from the security checks it runs. It also consumes, aggregates, and analyzes findings from other AWS services and third-party products.

4. Insights

Insights are collections of related findings. Security Hub includes several managed insights, and you can also create your own custom insights. Insights help you to identify common security issues that may require remediation.

5. Automated Response and Remediation

You can use Amazon EventBridge to create custom actions to take when a finding is received. For example, you can send findings to a ticketing system, or you can use AWS Lambda to automatically remediate specific findings.

How it Works

  1. Enable Security Hub: You enable Security Hub in your AWS account. You can also designate a central account to aggregate findings from multiple accounts.
  2. Enable Security Standards: You choose which security standards you want to enable. Security Hub will then start running checks against your resources.
  3. View and Manage Findings: You can view and manage your findings in the Security Hub console. You can filter, group, and sort findings to prioritize your work.
  4. Take Action: You can take action on findings by investigating them, remediating them, or suppressing them.

Benefits

  • Unified View: Get a comprehensive view of your security posture across your AWS accounts.
  • Automated Checks: Continuously monitor your environment for misconfigurations and vulnerabilities.
  • Prioritization: Focus on the most important security issues.
  • Automated Remediation: Automatically respond to security findings.
  • Compliance: Continuously monitor your compliance with industry standards and best practices.