AWS Security Hub was announced today by AWS CEO, Andy Jassy, during his Keynote at re:Invent. As an Advanced Technology Partner, Cloud Conformity was briefed early on the new capabilities and we are delighted to announce that we will support AWS Security Hub by end of the year.

The AWS Security Hub allows customers to consolidate the findings from a number of native AWS tools (GuardDuty, Inspector, etc.) in one dashboard. You can think of the Security Hub as a data lake for security ‘insights’. Insights is the term AWS is using for a collection of findings from tools such as its own Config, Inspector, GuardDuty and from partner tools.

Findings

A finding is a potential security issue. Security Hub aggregates, organizes, and prioritizes security alerts, or findings, from AWS and third-party services, as well as generating its own findings as the result of running continuous and automated configuration checks. Findings that are passed are marked as informational in the dashboard.

Insights

An insight is a collection of related findings. Security Hub offers pre-defined insights formed using filters that you can further tailor for your unique environment. For example, insights help to identify EC2 instances that are missing security patches for important vulnerabilities and are open to the internet. Built-in and custom Security Hub insights help you track security issues in your AWS environment. Other interesting insights include:

  • Resources that have a vulnerability and are involved in potential malicious behaviour.
  • AWS resources that that don’t meet security standards
  • AWS resources associated with potential data exfiltration
  • AWS users with the most suspicious activity

You can also create your own custom insights.

Hands-on

True to form this was as easy to set up and get going as GuardDuty was previously. Within a few seconds I had enabled Security Hub and alarms appeared in the dashboard from GuardDuty showing I had made API calls from an unusual network.

Pricing

AWS Security Hub is currently in preview which means it is free of charge for now. That said the compliance checks rely on the Config service which you pay for. Security Hub comes with native Insights from current AWS security tooling such as Config, GuardDuty, Inspector and Macie. If you have a licence for a supported Partner solution, such as Cloud Conformity’s (which will support Security Hub soon), you can see all your Insights across all tools. This will greatly improve both visibility and reduce the time that remediation takes.

This is not the first time that AWS has launched a platform which supports rulesets from third party companies. We saw this most recently with the AWS Web Application Firewall which comes with a set of basic rules developed by AWS and customers can purchase additional rule sets, such as those from Imperva, F5 etc through the AWS Marketplace.

Technical Details

AWS Security Hub is enabled via one click after you select the preview on the product home page. Security Hub Cloud can be deployed to multiple accounts and regions either on an account by account basis or by using the tool’s inbuilt account hierarchy setup.

AWS Security Hub will come with native insights from Config, GuardDuty, Inspector and Macie.

AWS Security Hub supports the CIS Baseline for AWS.

Cloud Conformity platform will support AWS Security Hub by the end of the year with over 450 insights and 48 auto-remediation lambda functions.

Cloud Conformity will be available via AWS Marketplace.