Q: What is AWS Security Hub?
AWS Security Hub provides you with a comprehensive view of your security state within AWS and your compliance with security industry standards and best practices. Security Hub aggregates and prioritizes security data from across AWS accounts, services, and supported third-party partners to help you analyze your security trends and identify the highest priority security issues.
Q: What are the key benefits of AWS Security Hub?
AWS Security Hub eliminates the complexity and reduces the effort of managing and improving the security and compliance of your AWS accounts and workloads. AWS Security Hub is enabled within a particular region in minutes and the service helps you answer fundamental security and compliance questions you may have on a daily basis.
Save time with aggregated findings - Security Hub collects and aggregates findings from the security services enabled in your AWS environment, such as intrusion detection findings from Amazon GuardDuty, vulnerability scans from Amazon Inspector, and sensitive data identification findings from Amazon Macie. Security Hub also collects findings from integrated partner security findings providers using a standard format, eliminating the need for time-consuming data conversion efforts.
Improve compliance with automated checks - Security Hub generates its own findings by running continuous and automated account-level configuration checks against the rules in the supported industry best practices and standards (for example, the CIS AWS Foundations Benchmark).
Quickly take actions on findings - Security Hub aggregates findings into pre-built dashboards that provide bar graphs, line charts, and tables that show you the current security and compliance status of your environment as well as trends. Now you can easily identify potential issues, and take the necessary next steps. For example, you can send findings to ticketing, chat, email, or automated remediation systems using integration with Amazon CloudWatch Events.
Q: How much does AWS Security Hub cost?
AWS Security Hub is offered at no cost during the preview period. Pricing will be finalized when the service becomes generally available.
Please note that AWS Config is required to be enabled in the account(s) using Security Hub. AWS Security Hub compliance standards checks use the configuration items recorded by AWS Config. If you are not already using AWS Config, please see the Config pricing page for the latest information on the price per configuration item recorded. There is no additional charge for the Security Hub-related AWS Config rules.
Q: Is AWS Security Hub a regional or global service?
AWS Security Hub is a regional service. This ensures all findings data analyzed is regionally based and doesn’t cross AWS regional boundaries.
Q: What regions does AWS Security Hub support?
The regional availability of AWS Security Hub is listed here: AWS Region Table
Q: What partners work with AWS Security Hub?
There are many technology partners that support the standardized findings format and have integrated with AWS Security Hub. See AWS Security Hub partners.
Getting started with AWS Security Hub
Q: How do I enable AWS Security Hub?
When you open the Security Hub console for the first time, simply choose Get Started, and then choose Enable. AWS Security Hub uses a service-linked role that includes the permissions and trust policy that Security Hub requires to detect and aggregate findings, and to configure the requisite AWS Config infrastructure needed to run compliance checks. In order for Security Hub to run compliance checks, you must have AWS Config enabled.
Q: Does AWS Security Hub help manage security across multiple AWS accounts?
Yes, you can manage multiple accounts within a region by configuring the multi-account hierarchy within Security Hub or by importing an existing hierarchy from services like Amazon GuardDuty.
Q: What is a finding?
A finding is a potential security issue. Security Hub aggregates, organizes, and prioritizes security alerts, or findings, from AWS and third-party services, as well as generating its own findings as the result of running continuous and automated configuration checks.
Q: What is an insight?
An insight is a collection of related findings. Security Hub offers pre-defined insights formed using filters that you can further tailor for your unique environment. For example, insights help to identify EC2 instances that are missing security patches for important vulnerabilities and have other unusual behavior, or S3 buckets with public read or write permissions and that contain sensitive data. Built-in and custom Security Hub insights help you track security issues in your AWS environment.
Q: What is a standard?
A standard is a collection of rules based on the AWS and security industry best practices. For example, Security Hub supports the CIS AWS Foundations Benchmark standard. Once Security Hub is enabled, it immediately begins running continuous and automated checks on your environment's resources against the rules included in the CIS AWS Foundations standard.
Q: What findings sources does AWS Security Hub analyze?
AWS Security Hub analyzes your security alerts, or findings, from these AWS services: Amazon GuardDuty, Amazon Inspector, and Amazon Macie. In addition, see the list of AWS Security Hub Partner solutions that are integrated with Security Hub and support the standardized findings format.
Working in AWS Security Hub
Q: How can I see what are my most important security issues in AWS Security Hub?
There are multiple ways to see your most important security issues. The Security Hub dashboard shows a snapshot of your top security insights prioritized by severity and any spikes in high severity findings over time. Next, you can create a “my favorites” insights Group that contains your top insights from AWS and partners. Finally, you can create your own insights to track any specific concerns you may have.
Q: Can Security Hub tell me how I measure against security best practices or compliance standards?
Yes. Security Hub creates a score to show you how you're doing against the CIS AWS Foundations Benchmark and displays it on the main Security Hub dashboard. When you click through to the standard, you will see a summary of the controls that need attention. Security Hub shows how the control was evaluated and informational best practices on how to mitigate the issue.
Q: How can Security Hub prioritize the security data that I need the most?
Security Hub uses two mechanisms to help prioritize findings: insights and standards. Insights are grouped or correlated findings that help you identify higher priority findings faster. Examples of insights are “Show me all my EC2 instances potentially infected with malware and have a had a configuration issue” and “Show me any possible cases of data exfiltration on EC2 instances that also exhibited command and control behavior.”
Standards are compliance frameworks that are based on regulatory requirements or AWS best practices. AWS has defined specific evaluation checks (via Managed Config Rules) that align to the controls within standards. An example of a supported Security Hub standard is the CIS AWS Foundations Benchmark.
Q: How can Security Hub integrate with my existing security operations and remediation processes?
Security Hub supports workflow options by enabling the export of findings via CloudWatch Events. You can use CloudWatch events to setup integrations with chat systems such as Slack, automated remediation pipelines via Lambda or partner security orchestration tools, and ticketing systems such as ServiceNow.
Q: Will Security Hub replace the consoles of our other security services, such as Amazon GuardDuty, Amazon Inspector, or Amazon Macie?
No. Security Hub is complementary and additive to the AWS security services. In fact, Security Hub will link back into the other consoles to help you gain additional context. The service does not replicate the setup, configuration, or specialized features available within each service.
AWS Security Hub is currently in the preview and available at no additional cost during the preview period.
Instantly get access to the AWS Free Tier.
Get started with AWS Security Hub in the AWS Console.