A 5 Minute Overview of AWS Security Hub

One of the challenges every security and audit professional has is collecting information from multiple sources, and then making sense of that information to determine if there is an action to take. AWS is not different.

Image screenshot of AWS Security Hub Summary graphs

What is AWS Security Hub

AWS Security Hub was announced as a new service offering at the 2018 AWS re:Invent conference, and is currently in “Preview” mode. Organizations can sign up for the preview and experiment with the service at no cost. The ancillary services which are used by Security Hub are still charged at their associated price structure.

Setting up Security Hub

Accessing the AWS Security Hub webpage while In Preview mode, allows you to enable Security Hub for your account. If you are already using AWS Guard Duty, AWS Config and AWS Inspector, Security Hub will immediately start getting information from those services.

Accounts

Security Hub allows you to not only monitor the account you have configured Security Hub in, but also other “member accounts”. Note, the other accounts must first accept the monitoring request, and also have the associated services configured.

Custom Actions

When an insight is detected, such as an out of compliance configuration, the custom action can send an alert to CloudWatch for action from another service, such as a Lambda function.

Providers

The providers section allows you to add other security providers to the Security Hub.

Some of the AWS Security Hub providers

Usage

The usage section gives you a view of the usage of the services configured in Security Hub.

General

The General settings allow you to see the service permissions, resource policies and disable Security Hub.

The Security Hub Dashboard

Here is a sample Security Hub summary dashboard.

Standards

Currently, AWS Security Hub only has what is called the “AWS CIS Standards”, which are 43 tests executed to verify compliance with the AWS CIS Benchmark. This benchmark is published by the Center for Internet Security.

Conclusion

AWS Security Hub has the ability to collect security data and configuration information from other AWS and partner services, with a single place for security and operations teams to see the overall status of the monitored accounts.

References

AWS Security Hub

Chris is the co-author of seven books and author of more than 70 articles and book chapters in technical, management, and information security publications.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store