We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Customize cookie preferences
We use cookies and similar tools (collectively, "cookies") for the following purposes.
Essential
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
Performance
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
Allowed
Functional
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
Allowed
Advertising
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
Allowed
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in the AWS Cookie Notice.
Your privacy choices
We display ads relevant to your interests on AWS sites and on other properties, including cross-context behavioral advertising. Cross-context behavioral advertising uses data from one site or app to advertise to you on a different company’s site or app.
To not allow AWS cross-context behavioral advertising based on cookies or similar technologies, select “Don't allow” and “Save privacy choices” below, or visit an AWS site with a legally-recognized decline signal enabled, such as the Global Privacy Control. If you delete your cookies or visit this site from a different browser or device, you will need to make your selection again. For more information about cookies and how we use them, please read our AWS Cookie Notice.
К сожалению, данный материал на выбранном языке не доступен. Мы постоянно работаем над расширением контента, предоставляемого пользователю на выбранном языке. Благодарим вас за терпение!
Automated Security Response on AWS is an AWS Solution that enhances AWS Security Hub by automatically addressing common security issues across your organization's AWS environment. When Security Hub identifies a potential security concern, this solution initiates pre-defined responses to resolve the issue efficiently. It also operates across multiple AWS accounts for comprehensive security coverage. This solution logs all actions taken, sends notifications to your relevant parties, and can integrate with your existing ticketing services. By automating the remediation of your Security Hub findings, you can maintain a strong security posture with reduced manual effort, aligning with industry best practices and compliance standards while streamlining your overall security management process.
Benefits
AWS Security Hub integration
Initiate remediations and findings using custom actions in the Security Hub console.
Remediation playbooks
Configure AWS Foundations Benchmarks or AWS Foundational Security Best Practices.
Automatic remediations
Deploy a predefined set of response and remediation actions to respond to threats automatically.
Extensible and Customizable
Extend this solution with custom remediation and playbook implementations. Or, deploy a custom playbook for a new set of controls.
4. Schedule: The Scheduling AWS Lambda function is invoked to place the remediation event in the Amazon DynamoDB State Table.
5. Orchestrate: Using cross-account AWS Identity and Access Management (IAM) roles,theorchestrator in the admin account invokes the remediation in the member account containing the resource that produced the security finding.
6. Remediate: An AWS Systems Manager Automation Document in the member account performs the action required to remediate the finding on the target resource, such as disabling Lambda public access.
You can enable the Action Log feature in the Member stacks, which will capture actions taken by the solution in your Member accounts and display them in this solution's Amazon CloudWatch dashboard.
7. (Optional) Ticketing: If you choose to enable ticketing in the Admin stack, this solution will invoke the provided Ticket GeneratorLambda function to create a ticket in your ticketing service of choice once the remediation has successfully executed in the Member account. We provide stacks for easy integration with Jira and ServiceNow.
On the Security Hub dashboard, the finding workflow status is changed from NEW to RESOLVED. The security finding notes are updated to reflect the remediation performed.
Overview: Security Hub findings aggregated in the delegated administrator account initiate AWS Step Functions. The orchestrator invokes a remediation SSM automation document in the member account containing the resource that produced the AWS Security Hub finding.
1. Detect:Security Hub provides you with a comprehensive view of their AWS security state. It helps you to measure your environment against security industry standards and best practices. It works by collecting events and data from other AWS services, such as AWS Config, Amazon GuardDuty, and AWS Firewall Manager.
These events and data are analyzed against security standards, such as CIS AWS Foundations Benchmark. Exceptions are asserted as findings in the Security Hub console. New findings are sent as Amazon EventBridge.
2. Initiate: You can initiate events against findings using custom actions, which result in Amazon EventBridge Events. AWS Security Hub Custom Actions and Amazon EventBridge rules initiate Automated Security Response on AWS playbooks to address findings. One EventBridge rule is deployed to match the custom action event, and one EventBridge Event Rule is deployed for each supported control (deactivated by default) to match the real-time finding event.
You can use the Security Hub Custom Action menu to initiate automated remediation, or after careful testing in a non-production environment, you can activate automated remediations. This can be activated per remediation—it is not necessary to activate automatic initiations on all remediations.
3.Preparation: The orchestrator in the admin account processes the remediation event and prepares it to be scheduled.
4. Schedule: The Scheduling AWS Lambda function is invoked to place the remediation event in the Amazon DynamoDB State Table.
5. Orchestrate: Using cross-account AWS Identity and Access Management (IAM) roles,theorchestrator in the admin account invokes the remediation in the member account containing the resource that produced the security finding.
6. Remediate: An AWS Systems Manager Automation Document in the member account performs the action required to remediate the finding on the target resource, such as disabling Lambda public access.
You can enable the Action Log feature in the Member stacks, which will capture actions taken by the solution in your Member accounts and display them in this solution's Amazon CloudWatch dashboard.
7. (Optional) Ticketing: If you choose to enable ticketing in the Admin stack, this solution will invoke the provided Ticket GeneratorLambda function to create a ticket in your ticketing service of choice once the remediation has successfully executed in the Member account. We provide stacks for easy integration with Jira and ServiceNow.
On the Security Hub dashboard, the finding workflow status is changed from NEW to RESOLVED. The security finding notes are updated to reflect the remediation performed.
Overview: Security Hub findings aggregated in the delegated administrator account initiate AWS Step Functions. The orchestrator invokes a remediation SSM automation document in the member account containing the resource that produced the AWS Security Hub finding.
1. Detect:Security Hub provides you with a comprehensive view of their AWS security state. It helps you to measure your environment against security industry standards and best practices. It works by collecting events and data from other AWS services, such as AWS Config, Amazon GuardDuty, and AWS Firewall Manager.
These events and data are analyzed against security standards, such as CIS AWS Foundations Benchmark. Exceptions are asserted as findings in the Security Hub console. New findings are sent as Amazon EventBridge.
2. Initiate: You can initiate events against findings using custom actions, which result in Amazon EventBridge Events. AWS Security Hub Custom Actions and Amazon EventBridge rules initiate Automated Security Response on AWS playbooks to address findings. One EventBridge rule is deployed to match the custom action event, and one EventBridge Event Rule is deployed for each supported control (deactivated by default) to match the real-time finding event.
You can use the Security Hub Custom Action menu to initiate automated remediation, or after careful testing in a non-production environment, you can activate automated remediations. This can be activated per remediation—it is not necessary to activate automatic initiations on all remediations.
3.Preparation: The orchestrator in the admin account processes the remediation event and prepares it to be scheduled.
4. Schedule: The Scheduling AWS Lambda function is invoked to place the remediation event in the Amazon DynamoDB State Table.
4. Schedule: The Scheduling AWS Lambda function is invoked to place the remediation event in the Amazon DynamoDB State Table.
5. Orchestrate: Using cross-account AWS Identity and Access Management (IAM) roles,theorchestrator in the admin account invokes the remediation in the member account containing the resource that produced the security finding.
6. Remediate: An AWS Systems Manager Automation Document in the member account performs the action required to remediate the finding on the target resource, such as disabling Lambda public access.
You can enable the Action Log feature in the Member stacks, which will capture actions taken by the solution in your Member accounts and display them in this solution's Amazon CloudWatch dashboard.
7. (Optional) Ticketing: If you choose to enable ticketing in the Admin stack, this solution will invoke the provided Ticket GeneratorLambda function to create a ticket in your ticketing service of choice once the remediation has successfully executed in the Member account. We provide stacks for easy integration with Jira and ServiceNow.
On the Security Hub dashboard, the finding workflow status is changed from NEW to RESOLVED. The security finding notes are updated to reflect the remediation performed.
Overview: Security Hub findings aggregated in the delegated administrator account initiate AWS Step Functions. The orchestrator invokes a remediation SSM automation document in the member account containing the resource that produced the AWS Security Hub finding.
1. Detect:Security Hub provides you with a comprehensive view of their AWS security state. It helps you to measure your environment against security industry standards and best practices. It works by collecting events and data from other AWS services, such as AWS Config, Amazon GuardDuty, and AWS Firewall Manager.
These events and data are analyzed against security standards, such as CIS AWS Foundations Benchmark. Exceptions are asserted as findings in the Security Hub console. New findings are sent as Amazon EventBridge.
2. Initiate: You can initiate events against findings using custom actions, which result in Amazon EventBridge Events. AWS Security Hub Custom Actions and Amazon EventBridge rules initiate Automated Security Response on AWS playbooks to address findings. One EventBridge rule is deployed to match the custom action event, and one EventBridge Event Rule is deployed for each supported control (deactivated by default) to match the real-time finding event.
You can use the Security Hub Custom Action menu to initiate automated remediation, or after careful testing in a non-production environment, you can activate automated remediations. This can be activated per remediation—it is not necessary to activate automatic initiations on all remediations.
3.Preparation: The orchestrator in the admin account processes the remediation event and prepares it to be scheduled.
4. Schedule: The Scheduling AWS Lambda function is invoked to place the remediation event in the Amazon DynamoDB State Table.
5. Orchestrate: Using cross-account AWS Identity and Access Management (IAM) roles,theorchestrator in the admin account invokes the remediation in the member account containing the resource that produced the security finding.
6. Remediate: An AWS Systems Manager Automation Document in the member account performs the action required to remediate the finding on the target resource, such as disabling Lambda public access.
You can enable the Action Log feature in the Member stacks, which will capture actions taken by the solution in your Member accounts and display them in this solution's Amazon CloudWatch dashboard.
7. (Optional) Ticketing: If you choose to enable ticketing in the Admin stack, this solution will invoke the provided Ticket GeneratorLambda function to create a ticket in your ticketing service of choice once the remediation has successfully executed in the Member account. We provide stacks for easy integration with Jira and ServiceNow.
On the Security Hub dashboard, the finding workflow status is changed from NEW to RESOLVED. The security finding notes are updated to reflect the remediation performed.
Overview: Security Hub findings aggregated in the delegated administrator account initiate AWS Step Functions. The orchestrator invokes a remediation SSM automation document in the member account containing the resource that produced the AWS Security Hub finding.
1. Detect:Security Hub provides you with a comprehensive view of their AWS security state. It helps you to measure your environment against security industry standards and best practices. It works by collecting events and data from other AWS services, such as AWS Config, Amazon GuardDuty, and AWS Firewall Manager.
These events and data are analyzed against security standards, such as CIS AWS Foundations Benchmark. Exceptions are asserted as findings in the Security Hub console. New findings are sent as Amazon EventBridge.
2. Initiate: You can initiate events against findings using custom actions, which result in Amazon EventBridge Events. AWS Security Hub Custom Actions and Amazon EventBridge rules initiate Automated Security Response on AWS playbooks to address findings. One EventBridge rule is deployed to match the custom action event, and one EventBridge Event Rule is deployed for each supported control (deactivated by default) to match the real-time finding event.
You can use the Security Hub Custom Action menu to initiate automated remediation, or after careful testing in a non-production environment, you can activate automated remediations. This can be activated per remediation—it is not necessary to activate automatic initiations on all remediations.
3.Preparation: The orchestrator in the admin account processes the remediation event and prepares it to be scheduled.
4. Schedule: The Scheduling AWS Lambda function is invoked to place the remediation event in the Amazon DynamoDB State Table.
AvalonBay Communities Inc. migrated to a serverless architecture on AWS, accelerating development by 75 percent while reducing costs by 40 percent and maintaining strong security.