Tag: AWS Security Hub

Managing a cloud infrastructure consisting of multiple AWS accounts is an important but also complex topic for Well-Architected cloud environments. The superwerker on AWS Quick Start provides an automation of what consultants charged with building a platform and landing zone would build for a customer. As an individual consulting solution, this typically involves a mix of consulting and hands-on click ops, as well as building some automation in the customer’s preferred infrastructure provisioning tooling.

A pair of leading Kubernetes-native network security solutions, Calico and Calico Enterprise are both now available as AWS Quick Starts. Everything you need to leverage Calico and Calico Enterprise is installed and configured in your Amazon EKS cluster. This enables you to take advantage of the full set of Kubernetes security, observability, and networking features, including Calico’s flexible IP address management capabilities.

VPC traffic mirroring and VPC ingress routing are powerful AWS networking primitives to monitor network traffic in your VPC at the packet-level. With Blue Hexagon’s next-gen Network Detection and Response (NG-NDR) security tool for AWS, which is powered by real-time deep learning, you can detect threats in network headers and payloads in less than a second. The additional AWS Security Hub integration enables you to trigger a rich action space of remediation and response.

By hosting a Palo Alto Networks VM-Series firewall in an Amazon VPC, you can use AWS native cloud services—such as Amazon CloudWatch, Amazon Kinesis Data Streams, and AWS Lambda—to monitor your firewall for changes in configuration. This post explains why that’s desirable and walks you through the steps required to do it. You now have a way to monitor your Palo Alto Networks firewall that is very similar to how you monitor your AWS environment with AWS Config.

Successful data lake implementations can serve a corporation well for years. Accenture, an APN Premier Consulting Partner, recently had an engagement with a Fortune 500 company that wanted to optimize its AWS data lake implementation. As part of the engagement, Accenture moved the customer to better-suited services and developed metrics to closely monitor the health of its overall environment in the cloud.

AWS Security Hub gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. The service also aggregates security events—called findings—from specific AWS security services while supporting third-party finding providers such as Sumo Logic. Learn how Sumo Logic’s integration with AWS Security Hub works and how to leverage it to address your goals.

AWS Security Hub is a great way to get visibility into your security profile for all your AWS accounts. PagerDuty gives you the ability to display, triage, and investigate events within your organization. When used together, Security Hub and PagerDuty gives you the ability to have full visibility and response to the security events happening in your AWS accounts. I invite you to explore PagerDuty and Security Hub further and see what you can do to build out your own integrations.

AWS Security Hub’s Custom Actions allow you to initiate responsive actions against findings selected through the console. Your workflow benefits from these defined actions, reducing the dwell time to investigate and remediate findings in Security Hub. We introduce the process of creating Custom Actions with two examples: (1) sending findings to email; and 2) sending findings to Slack. This post will help you understand the process to create your own Custom Actions for utilization in Security Operations playbooks.