Q: What is AWS Security Hub?
AWS Security Hub is a cloud security posture management (CSPM) service that performs automated, continuous security best practice checks against your AWS resources to help you identify misconfigurations, and aggregates your security alerts (i.e. findings) in a standardized format so that you can more easily enrich, investigate, and remediate them.
Q: What are the key benefits of Security Hub?
Security Hub reduces the complexity and effort of managing and improving the security of your AWS accounts, workloads, and resources. You can enable Security Hub within a particular Region in minutes, and the service helps you answer fundamental security questions you may have on a daily basis. Key benefits include:
- Detect deviations from security best practices with a single click. Security Hub runs continuous and automated account and resource-level configuration checks against the controls in the AWS Foundational Security Best Practices standard and other supported industry best practices and standards, including CIS AWS Foundations Benchmark, National Institute of Standards and Technology (NIST), and Payment Card Industry Data Security Standard (PCI DSS). Learn more about supported standards and controls available in Security Hub.
- Automatically aggregate security findings in a standardized data format from AWS and partner services. Security Hub collects findings from the security services enabled across your AWS accounts, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, and sensitive data identification findings from Amazon Macie. Security Hub also collects findings from partner security products using a standardized AWS Security Finding Format, eliminating the need for time-consuming data parsing and normalization efforts. Customers can designate an administrator account that can access all findings across their accounts.
- Accelerate mean time to resolution with automated response and remediation actions. Create custom automated response, remediation, and enrichment workflows using the Security Hub integration with Amazon EventBridge, and other integrations to create Security Orchestration Automation and Response (SOAR) and Security Information and Event Management (SIEM) workflows. You can also use Security Hub Automation Rules to automatically update or suppress findings in near-real time.
Q: How much does Security Hub cost?
Security Hub is priced along three dimensions: the quantity of security checks, the quantity of finding ingestion events, and the quantity of automation rule evaluations processed per month. With AWS Organizations support, Security Hub allows you to connect multiple AWS accounts and consolidate findings across those accounts to enjoy tiered pricing for your entire organization’s security checks, finding ingestion events, and automation rule evaluations. Security Hub also offers a perpetual free tier of 10,000 finding ingestion events per month. Please see the Security Hub pricing page for latest pricing information.
Security Hub security checks leverage configuration items recorded by AWS Config. AWS Config is required for these security checks, and configuration items are priced separately from Security Hub. Please see AWS Config pricing for details. Security Hub customers are not charged separately for any AWS Config rules enabled by Security Hub. The AWS Config rules enabled by Security Hub are referred to as service-linked rules.
Q: Does Security Hub come with a free trial?
Yes. Every AWS account in each Region that is enabled with Security Hub receives a 30-day free trial. During the trial period, you will have access to all Security Hub features and security checks, and you will get an estimate of your monthly bill if you were to continue using Security Hub across the same accounts and Regions.
Q: Am I charged multiple times for a control that appears in multiple standards?
No. You are only charged once for each time a control is evaluated against a resource (i.e., for each security check) regardless of how many standards the control is linked to.
Q: Is Security Hub a regional or global service?
Security Hub is a regional service, but supports cross-Region aggregation of findings via designation of an aggregator Region. Customers must enable Security Hub in each Region to view findings in that Region.
Q: Which Regions does Security Hub support?
The regional availability of Security Hub is listed in the AWS Region Table.
Q: Which partners work with Security Hub?
There are many technology partners that support the standardized findings format and have integrated with Security Hub. Visit the AWS Security Hub partners page for details.
Getting started with AWS Security Hub
- You can manage multiple accounts within a Region and consolidate findings across those accounts by configuring the multi-account hierarchy within Security Hub or by importing an existing hierarchy from services like Amazon GuardDuty. By designating an administrator account, your security team can see consolidated findings for all accounts, while individual account owners see only findings associated with their account.
- Integration with AWS Organizations allows you to automatically enable any account in your organization with Security Hub and the AWS Foundational Security Best Practices standard.
- AWS CloudFormation StackSets can help you manage Security Hub across accounts and Regions with a single step. You can designate your entire Organization or a specific Organizational Unit (OU) as the action’s target, which gives new accounts your desired configuration. If you are an existing Security Hub customer, we recommend using the resource import capability in CloudFormation before using any of these capabilities to avoid overriding your current configuration.
Q: When do I use Security Hub and AWS Config conformance packs?