What is AWS Security Hub?
AWS Security Hub is an AWS-managed cloud service that allows companies and enterprises to gather, analyze, and manage their cloud security findings. Essentially, it’s an Amazon-provided web service for aggregating, viewing, and managing security alerts and findings across a cloud environment.
AWS cloud security allows teams to gather, manage, and store their security findings from all AWS services, AWS partner solutions, and even third-party security solutions — all in a single view. It allows teams to collect security information for services including Amazon GuardDuty, IAM Access Analyzer, Amazon Macie, AWS Firewall Manager, and AWS partner solutions.
How does AWS Security Hub work?
When building and managing applications and workloads in AWS and the public cloud, DevOps and SecOps teams leverage a handful of specific cloud security services.
When managing applications in the cloud, teams can implement services to manage processes, including the following:
- Generating and collecting logs using CloudTrail, CloudWatch, or similar solutions
- Intrusion detection using AWS GuardDuty or a similar solution
- Vulnerability scanning using AWS Inspector, etc.
- Anti-virus solutions
- Endpoint monitoring
- Cloud configuration management
The above services all generate security findings that must be analyzed and resolved by security teams. For example, some teams may be required to update a vulnerable dependency discovered during vulnerability scanning, or, they may need to remediate malware (if detected). Security Hub allows teams to gather all security findings from these different services and view them all as one. This makes it incredibly simple to view, sort, and act on these findings. Teams can even use Security Hub to automate and remediate the collection of security findings.
How do I enable AWS Security Hub?
As mentioned, AWS Security Hub connects and digests findings from multiple data sources, including AWS cloud security services.
Presently, users can connect Security Hub to the following AWS cloud services:
AWS CloudTrail: for gathering events and API calls that occur across your AWS and cloud environment
AWS GuardDuty: for gathering data relating to intrusion detection in regard to cloud resources such as EC2 instances
AWS Macie: for gathering information relating to data classification and findings related to Personally Identifiable Information (PII)
AWS Inspector: for gathering information regarding events related to vulnerability scanning; specifically relating to EC2 instances
IAM Access Analyzer: for gathering information relating to security, IAM user alerts, roles, and permissions.
AWS Firewall Manager: for gathering information on events relating to AWS WAF, AWS Shield, and Amazon VPCs
To get a better view of the security events occurring across your environment, teams should enable AWS CloudTrail, AWS GuardDuty, AWS Macie, and AWS Inspector in all AWS Accounts to collect information regarding relevant security findings.
What Security Controls Can Be Enabled with Security Hub?
Aside from the rather large number of security solutions and cloud services that can be connected to AWS security services, teams can also leverage specific AWS data security-provided control sets across cloud environments.
Security Hub provides control sets for standards, including:
- CIS AWS Foundations,
- Payment Card Industry Data Security Standard (PCI DSS)
- AWS Foundational Security Best Practices
Teams can enable one or more of these control sets to monitor configuration across the cloud. After one or more of these standards have been enabled, AWS will automatically begin gathering related security findings.
Consider using Dash ComplyOps to gather security findings and to connect all Security Hub findings to compliance standards and controls, including HIPAA, SOC 2, NIST CSF, and more.
Dash enables your team to digest Amazon Cloud Security events, match findings to standards within compliance frameworks, and create robust control sets that exceed security and compliance requirements.
Managing Compliance with Security Hub and Dash
Security Hub is a great platform when it comes to gathering information across AWS cloud accounts. It allows teams to gather events and findings from all AWS cloud services, including third-party security solutions; however, there is still work that needs to be done. Once these security events have been collected, it’s up to you to establish a workflow for understanding the security findings — this is where Dash ComplyOps comes into the picture.
Dash provides teams with a solution that digests AWS security monitoring findings and manages security events relating to compliance standards and security programs. Teams can rely on Dash to match Security Hub findings to regulatory and compliance standards, including SOC 2, HIPAA, HITRUST, and more. Learn more about how security teams can manage compliance in Security Hub with Dash ComplyOps.