Posted On: Feb 21, 2020
AWS Security Hub has added 7 new external partner integrations bringing its total 54 integrations, including 48 external partner integrations and 6 AWS service integrations. Security Hub now supports integrations with Cloud Custodian (cloud compliance and remediation), FireEye Helix (Security Information Event Management, or SIEM), Forcepoint CASB (cloud access security broker), Forcepoint DLP (data loss prevention), Forcepoint NGFW (next-generation firewall), Rackspace Cloud Native Security (Managed Security Service Provider, or MSSP), and Vectra.ai Cognito (network anomaly detection). The Forcepoint and Vectra.ai integrations send findings from their respective product to Security Hub using the AWS Security Finding Format. FireEye receives findings from Security Hub, and Rackspace is a managed security service provider (MSSP) that leverages Security Hub to gather security and compliance information about their customers’ accounts. Setting up the integration only requires deployment of a AWS CloudFormation template or similar script. To learn more, visit the Integration pages in the Security Hub console and click on the "Configuration" link for the partner to learn more about the integration and how to set it up.
Available globally, AWS Security Hub gives you a comprehensive view of your high priority security alerts and compliance status across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. You can also continuously monitor your environment using automated compliance checks based on the AWS best practices and industry standards, such as the CIS AWS Foundations Benchmark. You can also take action on these security and compliance findings by using Amazon CloudWatch Event rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), Security Orchestration Automation and Response (SOAR), and incident management tools or to custom remediation playbooks.
You can enable your 30-day free trial of AWS Security Hub with a single-click in the AWS Management console. Please see the AWS Regions page for all the regions where AWS Security Hub is available. To learn more about AWS Security Hub capabilities, see the AWS Security Hub documentation, and to start your 30-day free trial see the AWS Security Hub free trial page.