Amazon recently released AWS Security Hub for general use. The tool, which just wrapped up its preview period, is meant to help users better understand their cloud security. It works across all your AWS accounts and integrates with other AWS services and third-party products. Developers can even create their own integrations using the Security Hub API. Features include automated compliance checks and aggregated insights from a variety of sources. These options are meant to help you keep your security on track so you can experiment while staying compliant and confident. Here’s a look at some of the specific features you can expect from AWS Security Hub.
Once you sign up for AWS Security Hub, you automatically get access to permissions, which are created via IAM service-linked roles. So these automated compliance checks start up right away and run continuously. Right now, the Center for Internet Security AWS Foundations Benchmark is the first compliance standard available on the platform, but more will be available later in the year. Once these compliance checks run, they give you what are called findings. These tell you if there are any issues, which systems reported those issues, which resources they affect, and how severe they are.
AWS Security Hub also aggregated data from a variety of sources and then normalizes the data. This feature compiles findings from AWS Guard Duty, Amazon Inspector, Amazon Macie, and 30 other AWS partner security solutions. It can also import findings from proprietary or custom systems that you set up.
Custom actions with AWS Security Hub
AWS Security Hub also supports custom actions, which you can use to support integrations with response and remediation workflows. Basically, custom actions let you set up a batch of selected findings and use them to generate events within CloudWatch. Then you can use those events to trigger other actions like sending notifications via chat systems or paging tools.
Photo credit: Freerange Stock