AWS Security Blog

Tag: SecOps

Automate Amazon EC2 instance isolation by using tags

Containment is a crucial part of an overall Incident Response Strategy, as this practice allows time for responders to perform forensics, eradication and recovery during an Incident. There are many different approaches to containment. In this post, we will be focusing on isolation—the ability to keep multiple targets separated so that each target only sees […]

Read More

How to visualize multi-account Amazon Inspector findings with Amazon Elasticsearch Service

Amazon Inspector helps to improve the security and compliance of your applications that are deployed on Amazon Web Services (AWS). It automatically assesses Amazon Elastic Compute Cloud (Amazon EC2) instances and applications on those instances. From that assessment, it generates findings related to exposure, potential vulnerabilities, and deviations from best practices. You can use the […]

Read More

How to deploy the AWS Solution for Security Hub Automated Response and Remediation

In this blog post I show you how to deploy the Amazon Web Services (AWS) Solution for Security Hub Automated Response and Remediation. The first installment of this series was about how to create playbooks using Amazon CloudWatch Events, AWS Lambda functions, and AWS Security Hub custom actions that you can run manually based on […]

Read More

AWS Foundational Security Best Practices standard now available in Security Hub

AWS Security Hub offers a new security standard, AWS Foundational Security Best Practices This week AWS Security Hub launched a new security standard called AWS Foundational Security Best Practices. This standard implements security controls that detect when your AWS accounts and deployed resources do not align with the security best practices defined by AWS security […]

Read More

Continuous compliance monitoring with Chef InSpec and AWS Security Hub

In this post, I will show you how to run a Chef InSpec scan with AWS Systems Manager and Systems Manager Run Command across your managed instances. InSpec is an open-source runtime framework that lets you create human-readable profiles to define security, compliance, and policy requirements and then test your Amazon Elastic Compute Cloud (Amazon […]

Read More

How to use the AWS Security Hub PCI DSS v3.2.1 standard

On February 13, 2020, AWS added partial support for the Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1 requirements to AWS Security Hub. This update enables you to validate a subset of PCI DSS’s requirements and helps with ongoing PCI DSS security activities by conducting continuous and automated checks. The new Security Hub […]

Read More

Automated Response and Remediation with AWS Security Hub

June 2, 2021: The instructions in this blog post have been implemented in an AWS Solution, AWS Security Hub Automated Response and Remediation, that includes remediations for more than 20 security controls. To learn more about implementing the solution, see How to deploy the AWS Solution for Security Hub Automated Response and Remediation. AWS Security […]

Read More

Use AWS Fargate and Prowler to send security configuration findings about AWS services to Security Hub

May 3, 2021: Since the author wrote this post, Security Hub has launched native features that simplify integration with Prowler as a findings provider. Therefore, Security Hub native integration with Prowler is now the recommended solution for sending findings from Prowler. For more information, see the Prowler documentation. In this blog post, I’ll show you […]

Read More