Posted On: Aug 12, 2020
We’re excited to announce the launch of AWS Security Hub Automated Response & Remediation, a reference implementation that includes a library of automated security response and remediation actions to common security findings. The AWS Security Hub Automated Response & Remediation solution makes it easier for customers to resolve common security findings and improve their security posture in AWS.
AWS Security Hub gives you a comprehensive view of your security posture across your AWS accounts. Customers can create CloudWatch Event rules to invoke on-demand response workflows for selected findings across their AWS accounts, or they can use CloudWatch Event rules to take fully automated actions on specific types of findings. Many customers find the process to set up CloudWatch Event rules difficult and time consuming and creating the permissions to enable them to run cross-account can be complex. The AWS Security Hub Automated Response & Remediation solution simplifies this process by offering predefined response and remediation actions to common security controls. Version 1.0 includes 10 prepacked security playbooks to remediate security findings based on the Center for Internet Security (CIS) AWS Foundations Benchmark, a security standard for AWS resources. For example, customers can apply recommendations to ensure key rotation within 90 days, establish strong password policies, or enforce encryption of event logs stored in AWS. Customers use the solution with AWS Security Hub to execute remediation workflows across all accounts managed the Security Hub service. Remediations can be setup in the master Security Hub account and they can remediate issues in member accounts via cross-account permissions. All remediation actions are captured in a centralized log so customers can collect, store and analyze their data.
The AWS Security Hub Automated Response & Remediation solution is available on the AWS Solution Library and GitHub.