About AWS Security Hub
AWS Security Hub provides a consolidated view of the security status of your Amazon Web Services (AWS) account. With AWS Security Hub, you can automate security checks, manage security findings, and identify the highest priority security issues across your entire AWS environment. This enables your auditors or security team to solve the most pressing challenge they face – how to collect scattered information from different services across the console. No more scattered information because Security Hub provides all alerts/findings in one single place.
AWS has been adding support to different security standards to simplify your IT compliance requirements:
- New AWS Foundational Security Best Practices v1.0.0
- CIS AWS Foundations Benchmark v1.2.0
- PCI DSS v3.2.1 (If you have chosen)
Consolidated View of AWS Security Hub
AWS Security Hub consolidates the findings from all the below AWS managed services to provide a single view of the resources in your account and their associated compliance with the configured ‘config’ rules. It also supports a wide number of marketplace solutions that can be easily integrated into your AWS environment.
AWS Guard Duty
This AWS managed service is built on Machine Learning (ML) technology. It can continuously monitor VPC Flow Logs, CloudTrail Logs, and DNS logs to find any malicious, abnormal or anomalous activities. This capability can be further integrated and extended to lambda functions which will perform automated tasks to secure the environment at the earliest.
AWS Inspector is also a managed offering from AWS which does an automated assessment of exposures and vulnerabilities based on a set of best practices and knowledge-based rules.
Yet another managed offering from the AWS stable, AWS Macie also uses Machine Learning to discover and safeguard sensitive data present in Amazon Simple Storage Service (Amazon S3).
AWS Config continuously keeps track of all changes in AWS resources and evaluates those changes to provide an audit trail. It can be further integrated and extended to lambda functions which will perform automated tasks to deal with unintended changes.
AWS IAM Access Analyzer
AWS IAM Analyzer plays a major role in eliminating the high risk which can occur because of users having access to unintended data. AWS IAM Access Analyzer continuously monitor and analyze IAM permissions and helps you to identify unintended access to your resources like S3 buckets which might have highly confidential data.
AWS Firewall manager
AWS Firewall Manager is for AWS organization users with multiple AWS accounts. This security management service allows you to centrally configure and manage firewall rules across all your AWS accounts and applications.
Enabling AWS Security Hub
Step 1: Login to AWS console and type “Security Hub” in the search bar under Services dropdown. Click to open Security Hub.
Step 2: You will be greeted by the service welcome page. Click on Go to Security Hub.
Step 3: By default, you will find all Security standards enabled except for PCI DSS standards. If your environment is handling payments and you have card details of your customers stored in your environment, this is a “MUST GO” option. This will help you set the stage for PCI DSS compliance. For more detailed information, click here. Once done, click Enable Security Hub.
Step 4: After enabling Security Hub, you should be able to see a consolidated report on the dashboard as shown below.
You will also find detailed findings here:
Findings will show the results (scores) from various other AWS services like Inspector, GuardDuty, AWS Config etc.
This shows all insights for default findings. You can also create your own insights for ease of tracking.
You can try AWS Security Hub at no additional charge with a 30-day free trial. After the free trial period expires, you will be billed based on the number of checks done. Please visit here for more information on pricing details.