Consolidated findings across AWS services and partner integrations
AWS Security Hub collects and consolidates findings from AWS security services enabled in your environment, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, S3 bucket policy findings from Amazon Macie, publicly accessible and cross-account resources from IAM Access Analyzer, and resources lacking WAF coverage from AWS Firewall Manager. AWS Security Hub also consolidates findings from integrated AWS Partner Network (APN) security solutions. All findings are stored for at least 90 days within AWS Security Hub.
Automated, continuous security checks
Automate continuous, account and resource-level configuration and security checks using industry standards and best practices. For example, AWS Security Hub automates the Payment Card Industry Data Security Standard (PCI DSS) and the Center for Internet Security (CIS) AWS Foundations Benchmark, a set of security configuration best practices for AWS. If any of your accounts or resources deviate from a best practice, AWS Security Hub flags the problem and recommends remediation steps.
Curated security best practices
Security Hub offers customers a set of automated security controls called the AWS Foundational Security Best Practices standard. This is a highly curated set of security best practices vetted by our AWS security experts. It is our recommendation that this standard is enabled across all accounts and regions.
Seamless integration through a standardized findings format
Security findings from AWS services such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie are collected in Security Hub using a standardized AWS Security Findings Format. Partner integrations such as Check Point, CrowdStrike, Palo Alto Networks, Qualys, Symantec, and others use the same standardized findings format, eliminating time-consuming data parsing and normalization tasks. Now you can focus on prioritizing and acting on these consolidated findings.
Custom response and remediation actions
AWS Security Hub integrates with Amazon CloudWatch events, enabling you to create custom response and remediation workflows. You can easily send findings to SIEMs, chat tools, ticketing systems, Security Orchestration Automation and Response (SOAR) tools, and on-call management platforms. Response and remediation actions can be fully automated or they can be triggered manually in the console. You can also use AWS System Manager Automation documents, AWS Step Functions, and AWS Lambda functions to build automated remediation workflows that can be initiated from Security Hub.
With a few clicks in the AWS Security Hub console, you can connect multiple AWS accounts and consolidate findings across those accounts. By designating an administrator account, you can enable your security team to see consolidated findings for all accounts, while individual account owners see only findings associated with their account. Integration with AWS Organizations allows you to automatically enable any account in your organization with Security Hub.
Useful predefined security insights
Security insights are grouped findings that highlight emerging trends or possible issues. For example, insights help to identify EC2 instances that are missing security patches for important vulnerabilities, or S3 buckets with public read or write permissions. AWS Security Hub’s predefined (i.e., managed) insights are designed to quickly flag the resources and accounts of most concern.
Custom insights for your environment
Create and customize your own insights, tailored to your specific security and compliance needs. You can base custom insights on the predefined security insights offered by AWS Security Hub or start from scratch. For example, you can create an insight to identify EC2 instances tagged as “production” that don't meet security standards.
Visual summary dashboard
Monitor your security posture and quickly identify security issues and trends using AWS Security Hub’s summary dashboard. For example, you can drill down into a trendline graph to discover that a set of Amazon EC2 instances with a high number of findings were all created using the same Amazon Machine Images (AMI).
Diverse ecosystem of partner integrations
AWS Security Hub can send and receive findings from integrated third-party products offered by a broad set of AWS Partners. In addition to findings generated by the integrated AWS services and third-party products, Security Hub can also consume findings that are generated by your own custom security products. Learn more about AWS Security Hub Partners.