Scribd
Upload
5 views

Deep Dive on AWS Security Hub - Slides

AWS Security Hub is a managed service that aggregates security findings across AWS accounts, enabling users to manage security and compliance in a single location. It addresses challenges such as compliance, visibility, and alert prioritization by providing insights and automated compliance checks. The service is available in 15 regions and integrates with various partner solutions for enhanced security management.

Uploaded by

rajeshjha9_8
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

Deep Dive on AWS Security Hub - Slides

AWS Security Hub is a managed service that aggregates security findings across AWS accounts, enabling users to manage security and compliance in a single location. It addresses challenges such as compliance, visibility, and alert prioritization by providing insights and automated compliance checks. The service is available in 15 regions and integrates with various partner solutions for enhanced security management.

Uploaded by

rajeshjha9_8
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Deep Dive on AWS Security Hub

Centrally view and manage security alerts and


automate compliance checks

Ric Harvey
SaaS Solutions Architect
Amazon Web Services
[email protected]
@ric__harvey
https://gitlab.com/ric_harvey/

© 2019, Amazon Web Services, Inc. or its Affiliates.


Why Security Hub?

© 2019, Amazon Web Services, Inc. or its Affiliates.


AWS security services overview
https://aws.amazon.com/security/

Inspector,
Macie,
GuardDuty

Systems
Manager,
AWS Config

Identify Protect Detect Respond Recover

Automate CloudWatch,
Lambda
Snapshot,
Archive

IoT Device Defender, Key Management Service,


IAM, Single-Sign-On, Firewall Manager, Server
Manager, Shield, WAF, VPC Investigate

CloudWatch,
Forensic
Cloudtrial
What security challenges are we facing?
https://aws.amazon.com/security/

Compliance Multiple formats Prioritizing Visibility

1 2 3 4
Ensure your AWS Dozens of security Lack of single
Large volume of
infrastructure tools with pane of glass
alerts and the
meets compliance different data across security and
need to prioritize
requirements formats compliance tools
Introducing AWS Security Hub
https://aws.amazon.com/security-hub/
AWS Security Hub benefits
https://aws.amazon.com/security-hub/

Managed regional AWS service in minutes that aggregates findings


across AWS accounts

Manage security and compliance findings in a single location,


increasing efficiency of locating relevant data

Create custom insights to track issues unique to your environment


AWS Security Hub workflow
https://aws.amazon.com/security-hub/

Account 1
Account 2
Account 3

Enable AWS Security Continuously Conduct automated Take action based


Hub for all your aggregate and compliance scans on findings.
accounts. prioritize findings. and checks.
Compliance Standards
https://aws.amazon.com/security-hub/

• Based on CIS AWS Foundations Benchmark

• Findings are displayed on main dashboard for


quick access

• Best practices information is provided to help


mitigate issues
Compliance
Standards
AWS Security Hub insights
https://aws.amazon.com/security-hub/

Security findings that are correlated and grouped for prioritization


• More than 20 pre-built insights provided by AWS and AWS partners
• Ability to create your own insights
• Dashboard provides visibility into the top security findings
• Additional details for each finding is available for review

EC2 instances that have S3 buckets with stored S3 buckets with public read
missing security patches credentials and write permissions
AWS Security Hub
Services Availability (Regions)

Available in 15 Regions
• US East (N. Virginia) • EU (Paris)
• US East (Ohio) • Asia Pacific (Singapore)
• US West (N. California) • Asia Pacific (Sydney)
• US West (Oregon) • Asia Pacific (Seoul)
• Canada (Central) • Asia Pacific (Tokyo)
• EU (Ireland) • Asia Pacific (Mumbai)
• EU (Frankfurt • South America (Sao Paulo)
• EU (London)
Used by Customers

© 2019, Amazon Web Services, Inc. or its Affiliates.


Reference Customers
Extendable with Partners

© 2019, Amazon Web Services, Inc. or its Affiliates.


Partner integrations
https://aws.amazon.com/security-hub/features/

Firewalls Endpoint

Vulnerability Compliance

SOAR MSSP

SIEM Other
Partner integration examples - CrowdStrike
Partner integration examples -Armor
Simple to Enable

© 2019, Amazon Web Services, Inc. or its Affiliates.


Getting started A few clicks to enable Security Hub
https://aws.amazon.com/security-hub/getting-started/
Simple multi-account setup
AWS Security Finding Format

~100 JSON-formatted fields Serverity.Normalised

Finding Types 0 30 70 100


• Sensitive Data Identifications
• Software and Configuration Checks
• Unusual Behaviors
Sensitive Data Software & Unusual TTPs Effects
• Tactics, Techniques, and Procedures Identifications Config Check Behavior
(TTPs)
• Effects
Automated compliance checks

43 fully automated,
nearly continuous
checks
Insights help identify resources that require attention
Customisable response and remediation actions

Event (event-
based)

Rule
Demo
https://github.com/aws-samples/aws-securityhub-to-email

© 2019, Amazon Web Services, Inc. or its Affiliates.


Key takeaways

Understand and manage your overall AWS security and compliance posture

Evaluate your compliance against regulatory and best practice frameworks

Collect and process security findings from multiple accounts within a region

Identify and prioritize the most important issues by grouping and correlating
security findings with Insights
Thank you!
Any Questions?

Ric Harvey
SaaS Solutions Architect
Amazon Web Services
[email protected]
@ric__harvey
https://gitlab.com/ric_harvey/

© 2019, Amazon Web Services, Inc. or its Affiliates.

You might also like