Posted On: Apr 8, 2022

AWS Security Hub has released 5 new controls for its Foundational Security Best Practices standard (FSBP) to enhance your Cloud Security Posture Management (CSPM). These controls conduct fully automatic checks against security best practices for Amazon CloudFront, Amazon Elastic Container Registry (ECR), Amazon Elastic Load Balancer (ELB), and Amazon Simple Storage Service (S3). If you have Security Hub set to automatically enable new controls and are already using AWS Foundational Security Best Practices, these controls are enabled by default. Security Hub now supports 192 security controls to automatically check your security posture in AWS.  

The 5 FSBP controls that we have launched are the following:  

  • [CloudFront.9] CloudFront distributions should encrypt traffic to custom origins
  • [ECR.3] ECR repositories should have at least one lifecycle policy configured
  • [ELB.10] Classic Load Balancer should span multiple Availability Zones
  • [S3.11] S3 Buckets should have event notifications enabled
  • [S3.12] S3 access control lists (ACLs) should not be used to manage user access to buckets

Security Hub also added a new integration partner, which brings Security Hub to 76 total integrations. The new integration partner is Data Theorem, which sends findings to Security Hub. Data Theorem continuously scans web applications, APIs, and cloud resources in search of security flaws and data privacy gaps to prevent AppSec data breaches.

Security Hub is available globally and is designed to give you a comprehensive view of your security posture across your AWS accounts. With Security Hub, you now have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services, including Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS Firewall Manager, AWS Systems Manager Patch Manager, AWS Config, AWS Health, AWS Identity and Access Management Access Analyzer, as well as from over 60 AWS Partner Network  solutions. You can also continuously monitor your environment using automated security checks based on standards such as AWS Foundational Security Best Practices, the CIS AWS Foundations Benchmark, and the Payment Card Industry Data Security Standard. In addition, you can take action on these findings by investigating findings in Amazon Detective or AWS Systems Manager OpsCenter or by sending them to AWS Audit Manager or AWS Chatbot. You can also use Amazon EventBridge rules to send the findings to ticketing, chat, Security Information and Event Management (SIEM), response and remediation workflows, and incident management tools.

You can start your 30-day free trial of Security Hub with a single click in the AWS Management Console. To learn more about Security Hub capabilities, see the Security Hub documentation, and to start your 30-day free trial, see the Security Hub free trial page.