Posted On: Aug 18, 2021
AWS Security Hub has released 18 new controls for its Foundational Security Best Practice standard to enhance customers’ cloud security posture monitoring. These controls conduct fully-automatic checks against security best practices for Amazon API Gateway, Amazon EC2, Amazon ECS, Elastic Load Balancing, Amazon Elasticsearch Service, Amazon RDS, Amazon Redshift, and Amazon SQS. If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled by default. Security Hub now supports 159 security controls to automatically check your security posture in AWS.
The 18 controls launched that we have launched are:
- [APIGateway.5] API Gateway REST API cache data should be encrypted at rest
- [EC2.19] Security groups should not allow unrestricted access to ports with high risk
- [ECS.2] Amazon ECS services should not have public IP addresses assigned to them automatically
- [ELB.7] Classic Load Balancers should have connection draining enabled
- [ES.5] Elasticsearch domains should have audit logging enabled
- [ES.6] Elasticsearch domains should have at least three data nodes
- [ES.7] Elasticsearch domains should be configured with at least three dedicated master nodes
- [ES.8] Connections to Elasticsearch domains should be encrypted using TLS 1.2
- [RDS.16] RDS DB clusters should be configured to copy tags to snapshots
- [RDS.17] RDS DB instances should be configured to copy tags to snapshots
- [RDS.18] RDS instances should be deployed in a VPC
- [RDS.19] An RDS event notifications subscription should be configured for critical cluster events
- [RDS.20] An RDS event notifications subscription should be configured for critical database instance events
- [RDS.21] An RDS event notifications subscription should be configured for critical database parameter group events
- [RDS.22] An RDS event notifications subscription should be configured for critical database security group events
- [RDS.23] RDS databases and clusters should not use a database engine default port
- [Redshift.4] Amazon Redshift clusters should have audit logging enabled
- [SQS.1] Amazon SQS queues should be encrypted at rest
Security Hub also added 5 integration partners and 3 consulting partners, which brings Security Hub up to 71 total partners. The new integration partners include Caveonix Cloud, Forcepoint Cloud Security Gateway (CSG), Micro Focus ArcSight, Netscout Cyber Investigator, and Sysdig Secure for Cloud. Caveonix Cloud sends findings to Security Hub and is a SaaS risk mitigation platform that delivers automated compliance and hybrid-cloud security posture management for comprehensive workload protection. Forcepoint CSG sends findings to Security Hub about policy violations, actions resulting from traffic and/or email inspection rules, threats, and other events identified by CSG. Mirco Focus ArcSight is a Security Information and Event Management (SIEM) platform that receives findings from Security Hub. NETSCOUT Cyber Investigator sends findings to Security Hub and is a network threat and risk investigation solution that leverages AWS technologies such as VPC traffic mirroring. Sysdig Secure for Cloud sends findings to Security Hub and is a unified Cloud Security Platform that provides a complete suite for asset discovery, Cloud Security Posture Management (CSPM), vulnerability scanning, and threat detection.
The new consulting partners are 5pillars, Keepler, and Ubertas Consulting. 5pillars automates the deployment of AWS Security Hub in concert with a comprehensive suite of other AWS security services and provides automated remediation capabilities. Keepler leverages AWS Security Hub as a key component of its solution to centralize security monitoring and programmatically remediate and escalate security incidents. Ubertas Consulting offers a Foundations for AWS Well-Architected consulting engagement to build out a robust, best-practice-driven AWS environment that includes AWS Security Hub.
AWS Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS IAM Access Analyzer, as well as from over 60 AWS Partner Network (APN) solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.