Posted On: Mar 30, 2022
AWS Security Hub has released 12 new controls for its Foundational Security Best Practice standard (FSBP) to enhance your Cloud Security Posture Management (CSPM). These controls conduct fully automatic checks against security best practices for Amazon Auto Scaling, Amazon CloudFront, AWS CodeBuild, Amazon EC2, Amazon Elastic Container Service (ECS), AWS Lambda, Amazon Network Firewall, Amazon Relational Database Service (Amazon RDS), Amazon Redshift, and Amazon Simple Storage Service (S3). If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled by default. Security Hub now supports 187 security controls to automatically check your security posture in AWS.
The 12 FSBP controls that we have launched are:
- [AutoScaling.2] Amazon EC2 Auto Scaling group should cover multiple Availability Zones
- [CloudFront.8] CloudFront distributions should use SNI to serve HTTPS requests
- [CodeBuild.4] CodeBuild project environments should have a logging configuration
- [CodeBuild.5] CodeBuild project environments should not have privileged mode enabled
- [EC2.22] Unused EC2 security groups should be removed
- [EC2.21] Network ACLs should not allow ingress from 0.0.0.0/0 to port 22 or port 3389
- [Lambda.5] VPC Lambda functions should operate in more than one Availability Zone
- [NetworkFirewall.6] Stateless network firewall rule group should not be empty
- [RDS.24] RDS database clusters should use a custom administrator username
- [RDS.25] RDS database instance should use a custom administrator username
- [Redshift.8] Amazon Redshift clusters should not use the default Admin username
- [S3.10] S3 buckets with versioning enabled should have lifecycle policies configured
Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS Health, AWS IAM Access Analyzer, as well as from over 60 AWS Partner Network (APN) solutions. You can also continuously monitor your environment using automated security checks based on standards, such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.